Competency

In this project, you will demonstrate your mastery of the following competency:

• Use external testing methods to identify potential vulnerabilities

Scenario

You have been asked to present the Green Pace security policy guide and to provide implementation guidelines and recommendations for maintaining it in the future. The developers have been employing best practices and, as the team grows, it’s critical that everyone remains in sync with principles and best practices. Your job is to take the implicit policies that are applied daily in practice and explain how they have been standardized. You will explain your Green Pace security standards and policies, including the surface area of an attack and assumption of vulnerability. It is your job to demonstrate how the coding and architectural issues are organized using a set of 10 guiding security principles. You will demonstrate how you apply external testing methods to identify potential vulnerabilities by adding screenshots from your coding exercises and explaining how external testing methods will catch the vulnerabilities. You will be writing unit tests to check for the vulnerabilities using the unit testing framework for C++ in Visual Studio.

Your presentation will follow the format of the security policy. First, you will produce a matrix illustrating the threat levels for each of the vulnerabilities you covered in your policy document. Next, you will spend time going through each of the coding policy standards. Following the coding standards, you will cover the use of encryption and then explain how the Triple-A framework will be used and applied. Then you will discuss the risks and benefits of mitigating current issues, such as which ones should be addressed first and why? Finally, you will present a vision for the future of policy creation: Based on current gaps, where should the focus be in preventing threats? What are ways to get in front of potential threats? Your final presentation will represent principles and best practices for coding and systems architecture for Green Pace developers.

Directions

You have been tasked with presenting your brand-new security policy to the whole development team. Your presentation contains policies, standards, principles, and best practices that help prevent the threat of potential security vulnerabilities in both code development and systems architecture.

Specifically, you will need to use the PowerPoint template provided in Supporting Materials and follow the steps outlined below to create a presentation. Your presentation will follow the outline by documenting your policies and demonstrating that they are clear, repeatable, and ready to implement. The security policy ensures compliance and is part of an overarching defense-in-depth strategy.

Follow the template by populating each of the slides and completing the threat matrix. The threat matrix will be used to frame your policy because it shows all of the coding vulnerabilities you have identified and how you view them as potential threats to the system. You will complete the matrix by adding each of the 10 coding standards using their reference numbers. In addition to completing the slide deck, you will prepare a script that you will read to produce a narrated presentation. Use the script template in the Supporting Materials to produce a narrated PowerPoint presentation. You may use a screen-capture program or the internal recording feature in PowerPoint. The script will become a transcript, which is necessary for accessibility.

1. Title Page (1 slide)
   1. Add your name to the template.

1. Overview (2 slides)
   1. Introduce your security policy. Summarize why it was needed and how it will be used to support the defense-in-depth best practice. (The slide already contains the illustration.)
   2. Populate the Threats Matrix table and provide explanations to summarize all of your security risks.
   3. Demonstrate how you can use automation to detect these coding vulnerabilities.

1. Principles (1 slide)
   1. List the 10 principles, and list the coding standards that apply to each principle. This shows the alignment between principles and standards.

1. Coding Standards (1 slide)
   1. List the 10 coding standards in priority order, and then explain your system of prioritization.

1. Encryption Strategy (1 slide)
   1. Summarize the policies for encryption in flight, at rest, and in use.

1. Triple-A Framework (1 slide)
   1. Summarize the policies that support authentication, authorization, and accounting.

1. Unit Testing
   1. Add a slide for each of the unit tests, adding points on how to take it a step further.
      • Show how to apply the unit testing frameworks.

1. Automation Summary (1 slide)
   1. DevSecOps Diagram: Explain where the security tools reside in the flow of automation. State which stages will contain security automation. For instance, when will the compiler be used?

1. Risks and Benefits (1 or more slides)
   1. State the problems, solutions, and the risks or benefits involved if you act now or decide to wait.

1. Recommendations and Conclusion (2 slides)
   1. Moving forward, explain your gap analysis of the existing security policy and future potential gaps and improvements. You will be graded on the quality of the supporting details you provide. Do you offer real-world examples to support your claims? If the explanation is logical, it will be considered proficient. If you provide evidence (e.g., a real-world example, link, or citation), you will exceed expectations.
      • What current gaps in the security policy still need to be addressed?
      • What standards should be adopted to prevent future problems?

1. References (1 slide)
   1. Any sources you cite throughout your presentation must be referenced using APA style.

What to Submit

To complete this project, you must submit the following:

SCRIPT

Submit a written script, formatted as a Word document, that will serve as the transcript for the narrated presentation. Include the video link under your heading, which should include your name, the date, the assignment name (Project Two: Security Policy Presentation), and a link to your YouTube video.

NARRATED PRESENTATION

Submit a narrated presentation that has been saved as an MP4 and uploaded to YouTube so it may be shared. It is recommended to make your YouTube video unlisted (see article in Supporting Materials for guidance). Your presentation should demonstrate the use of external testing methods to identify coding vulnerabilities.