As a Cyber Security Risk Analyst, you have been tasked with a new project. You are to conduct a qualitative cyber security risk assessment for a cloud based software service. In addition, you will outline mitigation strategies for all of the risks you have identified for the existing version of the service. Finally, you will propose a process for integrating risk assessment into a software development life cycle. After the project is completed, your hope is to publish a case study to be used as a model for academia and/or for organizations by submitting the case study to a peer-reviewed cyber security or information security journal.

For Assignment purposes, select a multi-layered (presentation layer, business layer and database layer) Web-based open source project. Assume that the presentation layer resides on a dedicated server in the company’s DMZ. The other two layers of the software are behind the corporate firewall and can reside on one or two dedicated servers. The Web application is accessible from the Internet and is browser based. Firefox, Chrome, Internet Explorer, and Safari are the supported browsers, or you have the option to use a multi-layered application that you have access to. However, notify your instructor if this is the case and explain the situation.

Conduct a qualitative cyber security risk assessment on the software product/service. This can include internal and external risks. Do not forget to consider what programming languages are used and some of the inherent risks for the particular programming language(s). The same goes for the database, Web server used, etc. You must identify at least five cyber risks. In addition, outline mitigation strategies for all the cyber risks you have identified. Finally, describe a software development life cycle type and explain how to integrate risk assessment into every phase of it.

Your Assignment should be at least 5–6 pages of content (exclusive of cover sheet etc.), using Times New Roman font style, 12pt, double-spaced, using correct APA formatting, and include a cover sheet, table of contents, abstract, and reference page(s). If applicable, be sure to document your content with proper APA in text citations that match your reference list. You can have more than one table and more than one figure; however, they must be fully explained.

You must support your research and assertions with at least three credible sources. You may use peer-reviewed articles, trade magazine articles, or IT research company (Gartner, Forrester, etc.) reports to support your research