Description

There are five sections listed below with the revisions that need to be made. Please let me know if you need further clarification, thanks!

B. Goals, Objectives, and Rationale for New System
The response identifies 7 objectives and a rationale of the proposed new system. An accurate outline of the purpose, goals, objectives and rationale for the proposed new system recorded in Section 3 of the “Business Systems Design Report Document” is not clearly evident.

C. Factors Influencing Technical Design
The response identifies the ISO 27000 as a standard, several assumption and dependencies based on the proposed system. An accurate explanation of an additional standard and responses to the factors influencing technical design aspect in section 4 of the “Business Systems Design Report Document” are not clearly evident.

D. Proposed System
The response discusses 5 design phases of the proposed system. An accurate representation of the systems requirements (not design phases) and associated architectural design documentation (not a common criteria flow diagram), that reflects the proposed design and addresses requirements represented in the case study and the security assessment report in Section 5 of the “Business Systems Design Report Document” is not clearly evident.

E. DREAD Analysis
The response contains a DREAD analysis of 5 non-prioritized threats. A completed “DREAD Workbook” that includes an accurate prioritized list of a minimum of ten threats or risks to both hardware and applications is not clearly evident.

F. Analysis of Proposed System
The response includes a list of 5 risks and a list of 4 possible mitigation strategies. A prioritized list of the top 5 risks represented in the DREAD analysis with a description of each risk, and the associated risk mitigation or acceptance for “each risk” recorded in Section 6 of the “Business Systems Design Report Document” is not clearly evident.