Answer the following questions.
1. (15 pts.) Bonner Company has hired you as a senior software designer and you have been tasked to
solve a challenging problem for the company. The customer, Dr. See of Crypto Company wants you
to resolve an issue for his company; how can he secure his data at rest and in motion for his system
software security system. What is your plan to resolve this request?
2. (20 pts.) Bonner’s company has a new assignment for you; to develop a Test Evaluation Master Plan (TEMP) with assurance built into it for the four (4) phases of a lifecycle (Analyze/Select, Obtain, Implementation and Sustain) for a new secure software system. You have been directed to provide the following deliverables to the customer:
(good reference for this question is: http://www.acqnotes.com/acqnote/careerfields/test-and-evaluation-master-plan-temp )
a) The TEMP must provide the ____________________ required for _______, _______, and ___________. (4 pts.)
b) The TEMP should be completed before the start of what lifecycle phase? (4 pts.)
c) Secure Assurance should be part of what two (2) most important tests in the product lifecycle and discuss why?(4 pts)
d) Using the answer to question c), discuss in detail which additional tests/or process would support your choice of the two (2) tests? (8 pts.)
3. (15 pts.)You just been hired by Bonner Company as the new Program Manager for their development of a new secure phone for an unnamed customer. You have been requested to perform the following functions as the new Program Manager:
a) Control what two (2) areas of the program? ______and ________ (2 pts.)
b) Develop a secure process as part of the Software Program Management Plan Outline (10 pts.)
c) Develop a Secure Software Configuration Plan Outline (3 pts.)
4. (20 pts.) Essay Question: Secure software certification. Your present company (fictional company-make-up one) is at EAL4. You are the new program manager on this effort and your job is to bring your present software secure package to EAL7. Explain to me your management plan on upgrading your present software package from EAL4 to EAL7. Your management plan should include discussing your past documentation (how did you get to EAL4), the difference between EAL4 and EAL7, what additional paperwork will be needed to reach EAL7 certification, and finally, define your risk based on reusing software code for this migration from EAL4 to EAL7 certification.