You have been hired as a security professional for your company. You are to crea

Question

You have been hired as a security professional for your company. You are to create and implement a white box informal database security testing schedule for the organization. Create a paper that addresses the following:
1. Create a table that includes a rotating schedule for the 12 months of security testing. Include columns that identify time estimations for each test listed.
2. Create a planning and preparation checklist common to all security tests as a whole.
3. Identify any special planning and preparation needed for each test.
4. Identify the scope for each test and identify any special considerations that need to be addressed.
5. Create a list of at least five testing activities for each audit.
6. Provide recommendations for securing the database that is the unique oracle.
7. Provide recommendations for securing the database that is unique to MySQL.
8. Provide recommendations for securing the database that is unique to SQL Server.

Explanation / Answer

To create and implement a white box informal database security testing schedule for the organization.
We should maintain the security planning in an organisation as follows:

Rotating schedule for 12 months is as follows:

Jan

Feb

March

April

May

Total 99 day

25

20

24

15

15

It determines how many lines of code are being tested.

Statement coverage

Function Coverage

Functioncal coverage

Branch coverage

Decision Coverage

Create a planning and preparation checklist common to all security tests as a whole.

- Developing a security team mission statement that will be used in an company or in an organizational with there goals
- In order to make the security team more successful we should try to Learn to identify, understand, and manage customers.
- In order to have better understand business goals we should Identify market forces that drive the business in present days.
- we always make sure of business and there Understanding on doing business and how business leaders develop strategy
- Make more informed purchase decisions to Apply analysis on security vendors
- Understand the hackers and attacker motivations and techniques in all aspects
- Understand assets and process of business that are most valuable to the business.
- Learn the strategic planning of kill chain and threat intelligence.

The purpose of security and the Roadmap Development are.

- In order to align security with the corporate culture we should Understand the values and culture of your organization
- Understand the current Strengths and the Weaknesses, and Opportunities, and Threats in the business.
- Identifying what needs to be done in the company or in an organisation.
- Identifying what should be done first in business.
- Approaches to obtaining funding
- Promoting the work of the security team
- Developing effective metrics and Dashboards in the business
- Learning to innovate with the business so that it will be useful to business development

Identify any special planning and preparation needed for each test

- we must know the Security managers we must understand how to review, write, assess, and support security policy and procedures.
- we must know the understand the Role of policy
- we must know the how to Establishing acceptable bounds for behavior in the company.
- we must know the Leading the employees to do the right thing
- we must know How policy protects people, organizations, and information
- we must know the Relationship of mission statement to policy
- we must know the Policy versus procedure
- we must know the Policy needs assessment
- we must know the Governing policy
- we must know the Issue-specific policy
- we must know the Positive and negative tone
- we must know be Using the SMART approach
- Policy review and assessment process
- we must know the Role of psychology in implementing policy
- we must know the Organizational culture

Identify the scope for each test and identify any special considerations that need to be addressed.

- We all must know about the Leadership of developing the organisation.
- we should Creating and Developing the entire working team.
- we should give them better Coaching and Mentoring the team
- we always maintain the Customer Service Focus
- we should rectify the Conflict Resolution
- We should maintain the Effective Communication
- Leading through Change
- There must be a Relationship Building within the team.
- Motivation and Self-direction
- There must be a effective Teamwork
- There must be Leadership Development

Create a list of at least five testing activities for each audit

- we should Create the Security Plan for the CEO
- we should Understanding Business Priorities
- we must Enable Business Innovation
- we should Work with the BYODs
- we should maintaint the Effective Communication
- we should know all the Stakeholder Management

The recommendations for securing the database that are unique to Oracle are:

- Oracle Database leads the industry in security.
- In any business environment or a company or a big organisation, it is very informative and secure that the database itself be well protected.
- Oracle Database Minimizing the costs of equipment, personnel, and training
- Oracle Database Minimizing delays and errors
- Oracle Database Maximizing rapid and thorough accountability.

The recommendations for securing the database that are unique to MySQL are:

- MySQL is very secure database and it is used for Securing the servers in an company or organisation.
- MySQL can Disable or restrict remote access of end users.
- MySQL can prevent unauthorized reading from local files.
- MySQL can Lower database privileges
- The default administrator username on the MySQL server is “root”. So it can Change root username and password
- MySQL comes with a test database intended as a test space. It can be accessed by the anonymous user, and is therefore used by numerous attacks.
- MySQL can Remove Anonymous and obsolete accounts
- MySQL can Lower system privileges and it can increase database security with Role Based Access Control.

The recommendations for securing the database that are unique to SQL Server.

- With help of SQL server we can encrypte the database backups.
- Using the SQL Server we can Secure the database backup folder by removing unwanted users.
- Using the SQL Server security best practice everyone should use Windows Authentication to connect to SQL Server for better security.
- Make the system administrator account's password complicated.
- By Using the SQL Server we can audit failed logins to SQL Server.
- By Using the SQL Server we can Turn off the SQL Server browser service
- By Using the SQL Server we can Disable features such as XP_CMDSHELL, OLE AUTOMATION, OPENROWSET and OPENDATASET
- By Using the SQL Server we can Decrease privileges for the SQL Server service account
-

S. No Testing Type Month Time estimation(in days) Description 1 Code Average Testing

Jan

Feb

March

April

May

Total 99 day

25

20

24

15

15

It determines how many lines of code are being tested.

Statement coverage

Function Coverage

Functioncal coverage

Branch coverage

Decision Coverage

2 Security misconfiguration testing June and Iuly 50 This is done when safeguard for the application is assembled incorrectly. This is done due to the unauthorized access occurs on default account 3 XSSS testing August and September 56 This test is perform to find whether the attacker uses the application to send malicious code which is stored in the server 4 Insecure direct object testing October 18 This is done when direct object reference occurs when a developer leaks a reference to an interior implementationobjects like database key without authentication 5 Penetration testing November and December 45 This is the testing of computer network, system and application to find vulnerabilities

Related Questions

Navigate

• Browse (All)
• Browse Y
• Subjects

---

---

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.