Ictnwk510 Develop Implement And Evaluate System And Application Security

Assessment Description

This is a practical task. You will be required to develop, implement and evaluate system and application security. Your assessor will observe your ability to undertake following tasks in a simulated environment. Ask your trainer for further guidance on your assessment task, submission procedure and timeline.

Part A – Develop system and application security

1. Identify enterprise ICT system or application security policies.
2. Identify security requirements for the ICT system or application.
3. Write an ICT system or application security plan according to the enterprise and ICT system or application security policies.
4. Identify standards that will apply to the ICT system or application.
5. Identify criteria for performing risk-based audits against the ICT system or application.
6. Develop processes and procedures to mitigate the introduction of vulnerabilities during the engineering process.
7. Integrate applicable information security requirements, controls, processes, and procedures into ICT system and application design specifications according to requirements already established in earlier steps.

Part B – Implement system and application security

1. Execute enterprise and ICT system or application security policies.
2. Apply and verify compliance with the standards against which to engineer the ICT system or application (identified in part A).
3. Perform processes and procedures (developed in earlier step) to mitigate the introduction of vulnerabilities during the engineering process.
4. Perform secure configuration management practices.
5. Validate (check) that the engineered ICT system and application security controls meet the specified requirements (identified in part A).
6. Re-engineer security controls to mitigate vulnerabilities identified during the operations phase.
7. Ensure integration of information security practices throughout the SDLC process.
8. Document ICT system or application security controls addressed within the system.
9. Explain or demonstrate how you would practise secure coding within the context of the security policies you have developed and implemented.

Part C – Evaluate system and application security

1. Review new and existing risk management technologies to achieve an optimal enterprise risk posture.
2. Review new and existing ICT security technologies to support secure engineering across the SDLC phases.
3. Explain or demonstrate how to continually assess the effectiveness of the information system controls based on risk management practices and procedures.
4. Assess and evaluate system compliance with corporate policies and architectures.
5. Assess system maturation and readiness for promotion to the production stage.
6. Collect lessons learned from integration of information security into the SDLC and use to identify improvement actions.
7. Collect, analyse and report performance measures.