CLASS DISCUSSION: Information Systems Security and Assurance
1. What phase of designing an IT system should security be addressed? What security technologies should be built into a system?
2. Do you think SIEM tools should be mandatory for IT systems rated moderate or above?
3. On page 105, in your own words, explain how you would use the Risk Calculation: “Credible Attack Vector *Impact=Risk Rating.”
4. Explain the flow of ATASM (page 133) in detail and provide examples.
5. Compare and contrast the different architectural layers: Presentation, Application, and Data
6. Explain the importance of enterprise component flows and provide of examples of when these types of diagrams would be utilized.
7. Explain the architecture for mobile security. Provide a detailed example.
8. Explain the different cloud services and provide examples when each would be utilized.
REQUIRED READING
Title: Securing Systems Applied Security Architecture and Threat Models
Author: Brook S.E. Schoenfield
Edition/Copyright: 1st, 2015
ISBN: 9781482233971
https://books.google.com/books/about/Securing_Systems.html?id=Ud0_CQAAQBAJ&printsec=frontcover&source=kp_read_button#v=onepage&q&f=false
https://iase.disa.mil/stigs/Pages/index.aspx
https://csrc.nist.gov/publications/sp
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-37r1.pdf
https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-18r1.pdf