WEEK 4 VLAB 2 SCREEN SHOTS
Once an organization has identified a known vulnerability, what recourse does the
a. There are 3 options No disclosure ( keep all details a secret) Partial disclosure (
give enough information for end users and bus
WEEK 3 VLAB 2 ASSESSEMENT
1. With what section of SOX would the IT professional deal the most, and why?
SECTION 404, it ideal with internal control
Under HIPAA, when is a health care provider required to notify all patients and the
Department of Health
WEEK 4 VLAB 1 ASSESSEMENTS
1. How does skip fish categorize findings in the scan report?
As high risk flaws, medium risk flaws, and low issue scans.
2. Which tool used in the lab is considered a static analysis tool? Explain
what is referred to
Class IS 3445
1. Identify the four recognized business functions and each security practice of OpenSAMM.
Governance, construction, verification, and deployment.
2. Identify and describe the four maturity levels for security practices in SAMM.
0 implicit s
WEEK 5 VLAB 2 ASSESSEMENT
1. List and briefly describe the training phase of the Security Development
Everyone involved in the project should understand secure programming
principles and attend atleast one security focused training course
WEEK 4 VLAB 2 ASSESSMENTS
1. Based on your research, what are the first steps that an organization
should follow after it
has identified a known vulnerability?
a.Once a vulnerability is discovered in a production system, the company
should notify all user