You assessed the security vulnerabilities of a business application and how to address them. In last week’s lab, you determined and configured the roles that are needed for application development and deployment. In this assignment, you apply what you have learned by assessing security aspects related to the implementation of your chosen application.
Preparation
Research security-related issues for implementing your chosen software including policies regarding implementation and management as well as integration with an existing system.
Instructions
Do the following:
Describe the human resources (roles and skills) required to both implement and manage your chosen software effectively. Include the permissions/access configurations for which each role should be provisioned.
Explain the importance of 3 security policy considerations for integrating the app with existing internal systems.
Assess how well the application addresses the following areas. Provide specific examples for support.
Access Control
Data & personnel isolation
Zero trust
This course requires the use of Strayer Writing Standards (SWS). The library is your home for SWS assistance, including citations and formatting. Please refer to the Library site for all support. Check with your professor for any additional instructions.
The specific course learning outcomes associated with this assignment are:
Evaluate application technologies and the security issues associated with them.
Define processes for ensuring web application security.
Sample Answer
This is a comprehensive security assessment focused on the implementation, management, and integration of a business application. Since the specific application is not named, I will use a common scenario: implementing a new Customer Relationship Management (CRM) application (e.g., Salesforce, Dynamics 365) within an existing corporate network.
🔒 Human Resources, Roles, and Access Control
Effective implementation and management of a new CRM application require a dedicated team with overlapping technical and security skills. The following table describes the necessary roles and their corresponding access configurations, adhering to the principle of least privilege.
Security Policy Considerations for Integration
Integrating the new CRM application with existing internal systems (e.g., an Enterprise Resource Planning (ERP) system or a financial database) introduces significant security risks at the connection points (APIs, middleware). Three critical security policy considerations must be defined:
Strict API Authentication and Authorization Policy:
Importance: Integrations often use APIs or service accounts, which, if compromised, can grant wide access to both systems simultaneously. This policy mandates that all integration endpoints use modern, strong authentication (e.g., OAuth 2.0 or mutual TLS). Authorization must enforce least privilege, ensuring the CRM's integration account can only read customer names from the ERP but cannot modify inventory or access HR data, even if the API technically allows it. This limits the blast radius of a credential compromise.