Security Assessment
- Expected duration
- 1 hour per team member
- Deadline
- 2359 on Lesson 40
- Points
- 20 points
Learning Objectives
- Employ software project management principles to mitigate risks
Help Policy
- Authorized Resources
- Any, except classmates working on other teams
- Notes
- Never copy another person’s work and submit it as your own
-
You must document all help received from all sources, including the instructor and instructor-provided course materials (such as the textbook)
Assignment
Your project team must develop a security risk assessment for your project. Specifically, you shall conduct a security risk analysis using the preliminary risk assessment process for security requirements in Figure 13.5 (Sommerville 2016). Report the following results from that analysis using lists for the following:
- assets with value and exposure descriptions,
- threats,
- controls with feasibility assessment, and
- specific security requirements.
Use the template in the project repository for the security assessment.
Submission
Create a pull request in GitHub for your security assessment. In Canvas, submit the URL for the pull request and include your documentation statement as part of your submission.
Only one person on each team should submit this assignment.
Grading
The following grading rubric will be used for this assignment:
- Superb (100%)
- Assets, threats, and controls articulated clearly without omissions; security requirements are complete
- Proficient (90%)
- Assets, threats, and controls articulated clearly, possibly with a minor omission; security requirements identified, but may be ambiguous or omit a minor requirement
- Competent (75%)
- Some assets, threats, and controls listed, but with minor omissions; security requirements are ambiguous or omit multiple minor requirements
- Marginal (50%)
- Some assets, threats, and controls listed, but with major omission; security requirements are ambiguous or omit major requirement
- Unsatisfactory (25%)
- Few assets, threats, and controls listed, but with major omissions; security requirements omit major requirements