Portfolio Your Midterm Project Was To Provide A Security Ass ✓ Solved

Portfolioyour Midterm Project Was To Provide A Security Assessment For

Portfolio your midterm project was to provide a security assessment for [X], an online software company that specializes in selling ad spaces in their parent company’s magazine. [X] manages an online database that allows their customers to upload and pay for their business ads for magazine placement. Because [X]‘s database needs to connect to the parent company’s database, the parent company has requested that [X] system be assessed and verified as secure. Now that you have provided your security assessment, the next step is to provide [X] with your Security Portfolio. Using this week's reading on the NIST framework that includes the 5-step process for creating a balanced portfolio of security products, your assignment will be to create a Security Portfolio with the following sections:

(Note: [X] can be any company and any line of business)

1. Cover Page (i.e., APA title page)
2. Background (provide a synopsis of your midterm security assessment on Vestige)
3. For each security need identified (or needs to be identified) from your Midterm Assignment, find the products that will deliver the needed capabilities for the right price, and tell why you chose that product. This assignment should be about the security needs only. Do NOT discuss how the client can achieve more business (that is not your job). Answer the questions with an APA-formatted paper (Title page, body, and references only).

Your response should have a minimum of 500 words. Count the words only in the body of your response, not the references. A table of contents and abstract are not required. A minimum of two references are required. One reference for the book is acceptable but multiple references are allowed.

There should be multiple citations within the body of the paper. Note that an in-text citation includes author’s name, year of publication, and the page number where the paraphrased material is located. Your paper must be submitted to SafeAssign. Resulting score should not exceed 35%.

Sample Paper For Above instruction

Title: Security Portfolio Development for [X] Based on the NIST Framework

Introduction

The rapid evolution of cybersecurity threats necessitates a structured approach to selecting security products that align with organizational needs. This paper develops a security portfolio for [X], an online ad sales company, based on the NIST Cybersecurity Framework (CSF). The framework’s five core functions — Identify, Protect, Detect, Respond, and Recover — guide the selection of security controls that are cost-effective and tailored to address specific security vulnerabilities identified during the midterm assessment.

Background and Security Assessment of Vestige

In the midterm security assessment of Vestige, a fictional company, vulnerabilities were identified primarily around inadequate data encryption, weak authentication mechanisms, and insufficient monitoring of network traffic. These vulnerabilities posed significant risks such as data breaches and unauthorized access, especially because Vestige’s database connects to external systems, including its parent company's database. The assessment highlighted the necessity of implementing robust controls for data protection, user authentication, and real-time intrusion detection, which serve as the foundation for developing a targeted security portfolio.

Identified Security Needs and Product Selection

Based on the vulnerabilities identified, the security needs can be categorized into specific security functions: ensuring data confidentiality, strengthening authentication processes, and enhancing monitoring capabilities. For each security need, appropriate security products were selected following the NIST framework's guidance on balancing effectiveness, cost, and ease of integration.

Data Encryption and Confidentiality

One of the primary needs was to safeguard sensitive customer data stored and transmitted within Vestige’s systems. For this purpose, implementing advanced encryption solutions was paramount. I selected [Product A], an enterprise-grade encryption platform, due to its compliance with industry standards such as AES-256 encryption and its seamless integration with existing database systems (Author, 2021, p. 45). The choice was justified by its proven track record, scalability, and cost-effectiveness in protecting data at rest and in transit.

Authentication and Access Control

Weak authentication was identified as a critical vulnerability. To address this, multi-factor authentication (MFA) solutions were recommended. I chose [Product B], a trusted MFA provider, for its support for diverse authentication methods, user-friendly interface, and compatibility with Vestige’s existing infrastructure (Author, 2020, p. 78). This product enhances security by preventing unauthorized access, especially in remote login scenarios.

Network Monitoring and Intrusion Detection

To improve real-time monitoring, the selection of a Security Information and Event Management (SIEM) system became necessary. I selected [Product C], due to its advanced anomaly detection capabilities, scalability, and support for integrating with Vestige’s existing security tools (Author, 2019, p. 102). This system provides continuous oversight, facilitating early detection and response to potential threats.

Conclusion

The security portfolio developed aligns with the NIST framework and addresses the specific needs identified during the security assessment. The selected products—encryption solutions, MFA, and SIEM—are cost-effective, scalable, and compatible with Vestige’s requirements. Implementing these controls effectively mitigates the vulnerabilities, enhancing the overall security posture of the organization and safeguarding customer data against evolving cyber threats.

References

• Author. (2021). Title of the Book. Publisher.
• Author. (2020). Title of the Book. Publisher.
• Author. (2019). Title of the Book. Publisher.
• Other credible sources relevant to cybersecurity and product evaluation.