Software Security Maturity Models: A Source Review Building Security in Maturity Model (BSIMM) The Building Security in Maturity Model (BSIMM), is a guideline that outlines 113 activities organized into 12 different sections which assist in the software security framework. The document is broken into two parts. The …

Comparing BSIMM and SAMM Software Security Models The role of the information assurance security program as described by Sadiku, Alam, & Musa (2017) is the practice of protecting and defending information systems by ensuring their availability, confidentiality, integrity, authentication, and non-repudiation. …

Applying the ISA-CMM: A Cloud E-Store Case Study Company A (CA) is a major supplier of satellite imagery to commercial, federal and defense vertical markets. The organization launched an e-commerce website on the Internet or an estore enabling customers to navigate, review and purchase satellite imagery. This applied …

Security Risk Assessment: Essential Reference Sources Measuring and Managing Information Risk: A FAIR Approach This book assists the reader in understanding how to put to use the Factor Analysis of Information Risk (FAIR) methodology. The book consists of topics on measuring and managing information risk and provides …

Social Engineering Tactics Behind a $24,000 Heist Reflecting on the readings and video few actions stuck with me. The first is social engineering is an critical skill to gain access to information in organizations. I have received many cold calls over the years with interest in collecting information about the …

Full Content Data in Network Security Monitoring Security is the method of keeping an acceptable level of risk. The security process revolves around four steps: assessment, protection, detection, and response as described by Bejtlich (2004). The step of the process, assessment, is a groundwork needed for the other …

Security Risk Assessment: Planning and Key Metrics The security assessment considerations as described by Landoll (2016), at a high level, includes six phases. The phases are the project definition, the project preparation, gathering the data, analyzing the risk, mitigation of risks and the recommendations or …

Security Awareness Training and ISA Capability Maturity Technology is constantly changing. Security technology is getting better and making jobs easier as described by Peltier (2013). Bad actors continue to cause issues no matter what new security is introduced. It is a constant cycle. Security awareness includes many …

Alert Data and NSM Tools for Intrusion Detection Network Security Monitoring (NSM) data that has been previously discussed are full content data (FCD), session data and statistical data. The result of an NSM specific data is to identify decisions based on views of network traffic. The NSM tool assists the analyst(s) …

Planning an Affiliate E-Commerce Catalog Business Katalogs Plus is a new business planning to launch in the next year. The company mission is to build e-commerce mobile applications and websites that sell merchants products and services. Affiliate marketing product and service data feeds will be used to generate …