The document provides instructions for an assignment on computer software security. Students are asked to write a 1-2 page paper in APA format discussing key elements of computer software security. The paper must include citations from sources published within the last 5 years, with the exception of one source and one source without a date. Wikipedia is not considered a valid source. All cited sources must be properly cited within the paper.

1. Instructions
Assignment #6:
Write a 1 to 2 page essay paper that discusses the topic below.
Your paper should be in APA format with viable sources to
solidify your thoughts presented. Your references must not be
more than 5 years old and no more than one entity source and
no more than one N.D source. Wikipedia is not considered a
valid source. All references listed on the reference page must
have a valid in text citation in the body of the paper. This essay
must be consistent with graduate level work. You are strongly
encouraged view the tips in the writing center to ensure your
papers are properly formatted.
Topic: Provide a basic discussion outlining the critical elements
of Computer Software Security.
2
Elements of a Security System Design

2. Elements of a Security System Design
Asset Protection and Threat Identification
One of the key elements to consider when designing a security
system is to identify the assets that need to be protected and the
threats that could potentially compromise those assets. Jacobs
(2016) illustrates that once the assets and threats have been
identified, it is important to select the appropriate security
controls to mitigate the identified risks. The security controls
should be designed in a way that they work together to create a
comprehensive security solution. For example, if the asset is a
computer system, the security controls could include physical
security measures to prevent unauthorized access to the system,
as well as logical security measures such as password protection
and data encryption. If the threat is a malicious software attack,
the security controls could include installing and updating anti-
virus software and creating firewalls to block unauthorized
access to the system.
The Cost of Security Measures
It is also important to consider the costs of the security
measures when designing a security system. The security
measures should be proportional to the value of the assets they
are protecting. In other words, the costs of the security
measures should not outweigh the benefits they provide. When
designing a security system, it is important to strike a balance
between security and cost (Jacobs, 2016). Therefore, a security
system should be designed in a way that it is effective at
mitigating the risks while also being cost-effective.
A Flexible and Adaptable Security System
The security system should also be designed to be flexible and
adaptable to changing needs. In order to make sure that the
security measures are still effective in reducing the threats

3. identified, they should be constantly assessed and modified as
necessary. (Jacobs, 2016). The security system should also be
tested periodically to ensure that it is functioning as intended.
When changes are made to the system, it is important to retest
the system to ensure that the changes do not introduce new
security vulnerabilities. An example of this is when a new
security measure is introduced, such as data encryption. The
system should be tested to ensure that the data is still accessible
to authorized users and that unauthorized users are unable to
access the data.
References
Jacobs, S. (2016). Engineering information security: The
application of systems engineering concepts to achieve
information assurance. 2nd Edition. Wiley-IEEE Press.
https://books.google.com/books?hl=en&lr=&id=dfxoPL11PwYC
&oi=fnd&pg=PR23&dq=Engineering+Information+Security:+T
he+Application+of+Systems+Engineering+Concepts+to+Achiev
e+Information+Assurance,+2nd+Edition&ots=qigkPEZVWJ&sig
=bSRDEAGNGmu2Iq37APm8i_m59IA
4

4. Week 2 Proposal
Information Assurance
Information Assurance (IA) is the practice of protecting
information and information systems from unauthorized access
or use. In the context of the above scenario, HME would need to
put in place measures to protect its data assets from
unauthorized access or use. This could include, for example,
implementing access control measures to restrict access to data
to authorized personnel only, and encrypting data to prevent
unauthorized individuals from being able to read it (Yan et al.,
2022). It is important to note that IA is not just about protecting
data from external threats, but also from internal ones. For
example, HME would need to ensure that its employees are
aware of and adhere to data security policies and procedures,
and that data is backed up in case of accidental loss or
destruction.
Strategy for AI Implementation
There are a few frameworks that could be used for IA

5. implementation, such as the NIST Cybersecurity Framework or
the ISO 27001 standard. The choice of framework will depend
on several factors, such as the specific needs of the organization
and the resources available (Shopina et al., 2020). In general,
the IA implementation process will involve conducting a risk
assessment to identify vulnerabilities and threats and putting in
place controls to mitigate these risks. These controls could
include, for example, access control measures, data encryption,
and employee training.
Risk Mitigation Strategy
The first step in mitigating risks is to identify them. In the
context of the above scenario, HME would need to identify the
risks associated with its data assets, such as unauthorized access
or use, data breaches, and data loss. Once risks have been
identified, controls can be put in place to mitigate them. As
mentioned above, these controls could include access control
measures, data encryption, and employee training. For example,
HME would need to have an incident response plan in place in
case of a data breach. This plan would outline the steps to be
taken in such an event, such as notifying affected individuals
and authorities, and conducting a forensic investigation.
Accrediting Body
There are several accrediting bodies that could be used to
ensure that IA is embedded into organizational culture, such as
the International Organization for Standardization (ISO) or the
National Cyber Security Centre (NCSC). The choice of
accrediting body will depend on several factors, such as the
specific needs of the organization and the resources available.
Response and Disaster Recovery Plan
In the event of an intrusion or disaster, it is imperative for the
company to ensure that a plan is in place on how to deal with
the intrusion or disaster. This plan should outline the steps to be
taken in such an event, such as notifying affected individuals
and authorities, and conducting a forensic investigation. It is
also important to have a disaster recovery plan in place in case
of data loss. This plan would outline the steps to be taken in

6. such an event, such as restoring data from backups, and would
be tested on a regular basis to ensure that it is effective.
References
Shopina, I., Khomiakov, D., Khrystynchenko, N., Zhukov, S., &
Shpenov, D. (2020). CYBERSECURITY: LEGAL AND
ORGANIZATIONAL SUPPORT IN LEADING COUNTRIES,
NATO AND EU STANDARDS.
Journal of Security & Sustainability Issues,
9(3).
https://jssidoi.org/jssi/papers/journals/pdownload/36#page=249
Yan, A., Hu, Y., Cui, J., Chen, Z., Huang, Z., Ni, T., ... & Wen,
X. (2020). Information assurance through redundant design: A
novel TNU error-resilient latch for harsh radiation
environment.
IEEE Transactions on Computers,
69(6), 789-799.
https://ieeexplore.ieee.org/abstract/document/8960475/