member is a security software architect in a cloud service provider company, assigned to a project to provide the client with data integrity and confidentiality protections for data in transit that will be using applications in the cloud. Your client is an HR company that is moving HR applications and HR data into a community cloud, sharing tenancy with other clients. Your company has set up a software as a service, SAS, offering for its client base.
The data that the HR company will be pushing to and from the cloud will contain sensitive employee information, such as personally identifiable information, PII. You will have to address sensitive data and transit issues of the client data using the HR applications stored in the cloud, and provide a life cycle management report that includes solutions to the cloud computing architect of your company.
Software Development Life Cycle
Technology development and implementation usually follow a software development life cycle (SDLC) methodology. This approach ensures accuracy of information for analysis and decision making, as well as appropriate resources for effective technology management.
You and your team members will use components of the SDLC methodology to develop a
life cycle management report
for the cloud computing architect of a company. This is a group exercise, representing the kind of collaboration often required in the cybersecurity technology community.
There are 11 steps to lead you through this project. Similar steps are typically used in organizational SDLC projects. Most steps should take no more than two hours to complete, and the entire project should take no more than three weeks to complete. Begin with the workplace scenario, and then continue with Step 1: “Initiating the Project.”
Life Cycle Management Report:
A 10- to 15-page double-spaced Word document on data protection techniques for a cloud-based service with citations in APA format. The page count does not include figures or tables. There is no penalty for using additional pages if you need them. Include a minimum of six references. Include a reference list with the report.
As the cloud security architect, you must understand the security development life cycle process. Review the following resources to learn about the security development life cycle process:
security development life cycle
software development methodologies
Click the following links to learn more about critical infrastructure sectors:
Critical Infrastructure Sectors
. Read their descriptions and consider which sector you support in your role.
Process Control Systems: Cybersecurity and Defense
To be completed by a designated team member:
You will begin your Life Cycle Management Report now.
Choose a fictional or actual organization. Describe the mission of the organization and the business need to move to a cloud environment.
Identify the scope of the security architecture and include a topology. To narrow your scope, focus on is.
member is a security software architect in a cloud service provider .docx
1. member is a security software architect in a cloud service
provider company, assigned to a project to provide the client
with data integrity and confidentiality protections for data in
transit that will be using applications in the cloud. Your client
is an HR company that is moving HR applications and HR data
into a community cloud, sharing tenancy with other clients.
Your company has set up a software as a service, SAS, offering
for its client base.
The data that the HR company will be pushing to and from the
cloud will contain sensitive employee information, such as
personally identifiable information, PII. You will have to
address sensitive data and transit issues of the client data using
the HR applications stored in the cloud, and provide a life cycle
management report that includes solutions to the cloud
computing architect of your company.
Software Development Life Cycle
Technology development and implementation usually follow a
software development life cycle (SDLC) methodology. This
approach ensures accuracy of information for analysis and
decision making, as well as appropriate resources for effective
technology management.
You and your team members will use components of the SDLC
methodology to develop a
life cycle management report
for the cloud computing architect of a company. This is a group
exercise, representing the kind of collaboration often required
in the cybersecurity technology community.
There are 11 steps to lead you through this project. Similar
steps are typically used in organizational SDLC projects. Most
steps should take no more than two hours to complete, and the
2. entire project should take no more than three weeks to
complete. Begin with the workplace scenario, and then continue
with Step 1: “Initiating the Project.”
Life Cycle Management Report:
A 10- to 15-page double-spaced Word document on data
protection techniques for a cloud-based service with citations in
APA format. The page count does not include figures or tables.
There is no penalty for using additional pages if you need them.
Include a minimum of six references. Include a reference list
with the report.
As the cloud security architect, you must understand the
security development life cycle process. Review the following
resources to learn about the security development life cycle
process:
security development life cycle
software development methodologies
Click the following links to learn more about critical
infrastructure sectors:
Critical Infrastructure Sectors
. Read their descriptions and consider which sector you support
in your role.
Process Control Systems: Cybersecurity and Defense
To be completed by a designated team member:
3. You will begin your Life Cycle Management Report now.
Choose a fictional or actual organization. Describe the mission
of the organization and the business need to move to a cloud
environment.
Identify the scope of the security architecture and include a
topology. To narrow your scope, focus on issues that
application security engineers can control. Avoid discussing
resilience and business continuity issues, physical security
issues, traditional best practices for software development, or
underlying infrastructure security. Examples of topology
include Amazon Web Services, Generic Hadoop, Map-r,
Cloudera, or Microsoft Azure.
In your report, you will combine security development life
cycle and software development life cycle methodologies. When
you are considering the software development life cycle
approach, consider what model you are following. SDLC
examples include Waterfall, Spiral, Agile, and Extreme
Programming.
Address confidentiality, integrity, and availability requirements
for data at rest and data in transit.
Think like an attacker exploiting software vulnerabilities and
the likelihood of those vulnerabilities being exploited.
Think about data in use in the memory of the processing
systems. Where in the system are the data most vulnerable?
Describe the concepts and products you chose and explain why
4. these were chosen.
Include in your descriptions possible software and hardware
components as well as an operating system and the security
protections needed for those components.
Include a discussion of interoperability among the solutions you
choose.
Provide your rationale for your strat nctional Analysis and
Design—Use SQUARE for Requirements Information Gathering
In the previous step, the team initiated the project. In this step,
team members will focus on the functional design of the project.
To be completed by a designated team member:
Click the following link to learn more about
software quality requirements engineering (SQUARE)
. Then, identify the SQUARE process and provide an overview
of how to collect requirements for the security technology
and/or techniques that are being proposed.
This information will be added to the group report.
Step 4: Provide Analysis and Planning for Evaluating
Technologies
Once the team members have understood various ways to secure
data in the cloud, the team will analyze and develop a plan to
use technologies and/or techniques to meet the functional
requirements developed earlier for protecting client data
protection in transit.
To prepare, click the following links and learn more about
5. virtualization and cloud computing:
Server Virtualization
Benefits and Features of Cloud Computing
Mobile Cloud Computing
To be completed by a designated team member:
Compare different technologies and techniques, including
encryption,
access control
, and other techniques. Consider their efficiency, effectiveness,
and other factors that may affect the security of the data in the
cloud. Include your reasoning and conclusions in your
evaluation. Conclude which is generally a better, stronger
technique and why.
You will include this summary in your report.
Step 5: Create System Design Specifications
In the last step, the team completed an analysis of technologies
and techniques. In this step, the team will provide system
design specifications for a data-in-transit protection model.
To be completed by a designated team member:
Conduct independent research on system design specifications
and propose a set of design specifications that meet the design
requirements.
You will include these system design specifications in your
6. report.
For the next step, the team will explain the software
development plan.
Step 6: Explain the Software Development Plan
Now that the team has identified system specifications, provide
an explanation of the software development need and the plan
for software development, if any.
To be completed by a designated team member:
Identify different design and development considerations for the
system.
Include this explanation in the final report.
In the next step, the team will outline plans for testing and
integration.
Step 7: Provide a Plan for Testing and Integration
In the previous step, the team explained the software
development plan. In this step, the team will develop a plan for
testing and integration.
To be completed by a designated team member:
Include test plans for the various devices that will be used to
access the system. The following should be included in the plan:
Include testing for software functions as well as compatibility
with other software that may exist on those devices.
7. Include cloud data transactions as well as data transactions
outside the cloud.
Provide research and justification for applying data
confidentiality and data integrity protections.
Consider examples of technologies and/or techniques that can
be used to protect the data in transit.
Provide the expected results from implementing these
technologies and/or techniques.
Include the plan in the final report.
In the next step, the team will discuss how to adapt and deploy
the technology appropriate for software as a service (SaaS) in
the cloud.
Step 8: Adapt and Deploy Software as a Service
Once the team has successfully developed a testing and
integration plan, it is time to adapt and deploy software as a
service (SaaS) in the cloud model.
To be completed by a designated team member:
Provide a description of the SaaS adaptation and deployment
strategy in the final report. Include a deployment strategy for
the SaaS cloud infrastructure.
Include the following in the deployment strategy:
Cloud topology where these techniques are employed.
8. Various techniques used by various components.
Include this description in the final report.
Step 9: Provide a Plan for Operations and Maintenance
In the previous step, the team adapted SaaS. In this step, the
team will plan for operations and maintenance.
To be completed by a designated team member:
Prepare a plan for operations and maintenance of the system.
The plan should also include:
An auditing plan to assess the strength of the security controls
for the data in transit.
A process for continuous monitoring of the data in transit.
Include this plan in the final report.
In the next step, the team will create a disposal plan.
Step 10: Create a Disposal Plan
In the previous step, the team developed a plan for operations
and maintenance. In this step, the team will create a disposal
plan.
To be completed by a designated team member:
Prepare a disposal plan for the system including tools and
techniques used for disposal.