Question

Using the two STIG documents, the OWASP-10, and CIS-20, select five (5) security controls from at least two of those security control frameworks. Perform an assessment of their compliance and make as much progress as is practical to implement the control, recognizing that many of the follow-on steps are beyond the scope of our environments; in these cases, make sure to describe what you did to evaluate, what you did to mitigate, and what would still require action to fully comply. Use the Security Controls Synopsis template for each control. Each control should get 1-2 pages of attention, resulting in a single PDF that contains 5-10 pages. Address meaningful controls applicable to your target environment, which could easily be your LAMP stack, but if you’re feeling spry, you can choose to use a real-world system or a pet project as the target, so long as it is applicable to the type of security controls we’re focusing on within Data & Application Security. Do not include repeats (same topic from two control frameworks) and don’t use more than one control that is mostly "Not Applicable". Treat this as a work deliverable: use critical thinking and check your writing/spelling for completeness.

Answer 1

The project entails selecting, assessing, and implementing five security controls from the STIG, OWASP-10, and CIS-20 frameworks, followed by a detailed synopsis including compliance checks and mitigation efforts. The document also includes a reflective summary and conclusion, capturing the overall approach, progress, and personal learning outcomes related to both technical security aspects and written communication skills.

Step-by-step explanation:

The task requires selecting and assessing five security controls from the STIG documents, OWASP-10, and CIS-20 frameworks and detailing the assessment and implementation stages within a Security Controls Synopsis template. This is part of a Data and Application Security project, which could involve a LAMP stack or a real-world system. The assessment should encompass compliance checks, mitigation efforts, and identification of further actions required for full compliance, all compiled into a substantial, professional document. The document will also contain a summary and conclusion section that outlines the overall scope, approach, and findings of the project, shedding light on the evaluation of the scholarly and non-scholarly information gathered during the research.

In drawing up the document, one would focus on critical thinking and maintaining a professional standard of writing, ensuring completeness and accuracy. This would involve a reflective process, pinpointing one's capabilities and areas for improvement, illustrated with specific examples from the assignment. When reviewing the benchmarks for 'Skillful' Critical Language Awareness, one should consider how well the assignment objectives have been met and how they have contributed to an understanding of both the technical subject matter and the writing process itself.