LAB #7: Security Controls (100 pts)
Using the security controls reviewed last week (STIG documents, the OWASP-10, and CIS), select five (5) security controls from at least two of those security control frameworks. Perform an assessment of their compliance and make as much progress as is practical to implement the control, recognizing that many of the follow-on steps are beyond the scope of our environments; in these cases, make sure to describe what you did to evaluate, what you did to mitigate, and what would still require action to fully comply. Use the Security Controls Synopsis template for each control. Each control should get 1-2 pages of attention, resulting in a single PDF that contains 5-10 pages. Address meaningful controls applicable to your target environment, which for most of you will be your LAMP stack, but if you’re feeling adventurous, you can choose to use a real-world system or a pet project as the target, so long as it is applicable to the type of security controls we’re focusing on within Data & Application Security. Do not include work done as part of your job, do not include repeats (same topic from two control frameworks), and don’t use more than one control that is mostly “Not Applicable”. Treat this as a work deliverable: use critical thinking and check your writing/spelling for completeness.
•Do not include work done as part of your job,
•Do not include repeats (same topic from two control frameworks),
•Don’t use more than one control that is mostly “Not Applicable”.
•Treat this as a work deliverable: use critical thinking and check your writing/spelling for completeness. This synthesizes all we’ve studied in this course as well as your prior knowledge and coursework.