Mitigating Common Vulnerabilities and Attacks Impacting Enterprise Web Applications. You are the Information Security manager in a medium-sized retail organization based in the capital of Saudi Arabia (Riyadh ) . Organizational success is based on your customers being able to purchase items securely through the companyís website. Employees habitually make purchases without following company procedures.
You have been asked to assess if there are any company vulnerabilities that may impact purchases and come up with security recommendations that may minimize any website risks, threats, and vulnerabilities.
Mitigating Common Vulnerabilities and Attacks Directions
Write a paper that includes the following:
- A description of 3 major risks, 3 threats, and 3 vulnerabilities that are of concern for any security professional.
- Compare and contrast best practices you would recommend to mitigate these risks, threats, and vulnerabilities.
Keep in mind; your assessment is being graded based on your ability to describe current risks, threats, and vulnerabilities in the retail industry in accordance with security goals. Use diagrams, where appropriate.
- Your paper should be 4 pages in length, not including the title and reference pages.
- You must include a minimum of two credible sources in addition to information from your course textbook to support your writing.
- The course textbook is : Harwood, M. (2016). Internet security: How to defend against attackers on the web (2nd ed.). Burlington, MA: Jones & Bartlett Learning. 9781284090550
- the chapter 5 in the textbook talks about the risk, vulnerabilities, and threats that organization website face, in addition, it shows the” The Open Web Application Security Project Top 10 Threats” (OWASP).Furthermore, this chapter provides some of the best practice that organization has to take in consideration when it needs to make its business websites become secure against any attack such as :
*Harden the network with the right tools and technologies.
*Document network security procedures and maintain them for updates and accuracy.
*Deploy the latest encryption strategies.
*Provide security training and education to users.
*Use preventive mitigation tools.