Suppose that you are currently employed as an Information Security Manager for a medium-sized software development and outsourcing services company. The Software Development Director has asked you to provide a detailed analytical report for her department regarding the most common web application threats and the manner in which their products could compromise customer financial data.
She wants your recommendations on which threats and/or vulnerabilities the company should focus on and your recommendation for mitigation. The products in question use Microsoft SQL Server databases and IIS Web servers.
Write a paper with no less than five pages in which you:
- Analyze the common threats/vulnerabilities to data systems such as web applications and data servers. Speculate on the greatest area of vulnerability and potential for damage and/or data loss of such data systems.
- Devise at least one attack scenario, as an example, where a hacker could use the area of vulnerability that you chose above in order to gain access to a network or sensitive data. Examine the primary ways in which the hacker could execute such an attack, and suggest the strategic manner in which a security professional could prevent the attack.
- Explore the primary role that the human element could play in adding to the attack scenario, if appropriate. You may wish to decide if the human component is critical in protection from that type of attack.
- Draw specific lessons and recommendations as part of the conclusion, and have a strong concluding paragraph. Be sure to revise your introduction to reflect what the paper accomplished once you finish your first draft.