The Rest of the resources and instructions are provided in the screenshots below. You will need the Project overview to complete this assignment.
Project Overview
This project includes the following tasks:
- Gather product information
- Analyze and differentiate product vulnerabilities
- Recommendation based on empirical data collection
Objective: Product Selection Recommendation
Organizations depend on cybersecurity professionals to evaluate technologies and products. Organizations may use the analysis to make purchasing recommendations or to establish equipment and deployment standards. Product analysis is a workplace skill that is universal throughout the business community. Evaluating technologies and products helps to ensure that the workplace environment remains secure.
As stated in the NIST Special Publication 800-36, product selection involves people throughout various departments within the organization. Each person involved in the product selection process must understand the importance of security.
In evaluating various products and technologies, the organization analyzes identified threats and vulnerabilities as part of the selection process.
Common Vulnerabilities and Exposures (CVE) provides common names (also called CVE Identifiers) for publicly known cybersecurity vulnerabilities. CVE’s provide reference points so that information security products and services have a common baseline for evaluation. CVE makes it easier to share data about tools, repositories, and services.
The CVE Details website allows individuals to perform a deep analysis in comparing technologies.
When selecting products and technologies, the organization’s team needs to consider the threat environment and the security functions to lessen the risks to an acceptable level.
Website Links
NIST Guide to Selecting Information Technology Security Products