The purpose of this final assignment is for you to demonstrate your in-depth understanding of the security concepts covered thus far in this course. This assignment is a paper that both answers the listed questions and ties together concepts from different chapters.
The final is a formal academic paper in APA style. Include headings and subheadings to make it easy to follow the sections of your paper. There is no required length for this final paper. However, each answer needs to thoroughly address each aspect listed in the question.
Summary of Part III:
Chapters 12 and 13 explore some areas to help create and maintain a program for Architecture Risk Assessment (ARA) and threat modeling. Upper management needs to support the security standards. There are inevitable tradeoffs in business between rigorous security and delivering products to customers, so there needs to be a balance between the security standards and the time lag they can create on innovation and product delivery.
Content of Final Paper:
Respond to each question below. Remember to cover all aspects of the question.
Successful security architecture needs upper management to support for effective security standards and protocols. However, there are possible disadvantages to upper management involvement. List and describe the tradeoffs in business between rigorous security and delivering products to customers. Go beyond merely the automated solutions, or the technical checks that can be done without much human support.
Examine how capturing, standardizing, applying patterns, and standard solutions help to increase efficiency and maintain delivery teams’ velocity. Provide at least 3 real-world examples which describe and examine how they provide the velocity. Do not simply provide a list of things teams can do but for each idea, define the idea and explain its relevance.
Schoenfield lists several components of a successful security architecture practice, such as broad support across the organization, recruitment and training of security architects with the right kind of aptitude and interest, effective security requirements that enhance but do not slow down the innovation process, and finally, indicators that the security architecture team is being well utilized and adding value to project development. Describe what each of these components are and explain how each is relevant to security development. Include detail and examples.