You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The client has identified that it will also be required to track software being used on the company
network. Once again it must be possible to add, view, edit, or delete this asset data.
As before, a unique identifier should be automatically generated for each asset. For now, it would be
sufficient to store data about the operating system name, version, and manufacturer. The client
would like your software to get this data automatically from the system on which it is running. It
should also be possible to link hardware assets with software assets, allowing the client to
determine where software is installed. The current date should be automatically associated with the
link.
For both hardware and software assets, it would be useful if errors in data could be prevented, or
identified and corrected, at the point of entry. Because of security concerns access to the system
must be controlled and any user must be authenticated with an email address and password. Pre-
configured credentials may be used but must be stored securely. Reasonable precautions should be
implemented to ensure the system functions reliably and securely.
The client envisions that asset data will assist in identifying vulnerable assets, which will allow the
information technology department to act. Because it is difficult for the client to track when assets
become vulnerable to new exploits, the system must provide a feature to search for vulnerabilities
to assets in an online database. The security consultant has advised that the NIST National
Vulnerability Database (NVD)1 would be suitable for this purpose. The system should allow checking
a software asset (i.e., operating system) version against the NVD and listing relevant information if a
high or critical severity vulnerability is found.
The client has identified that it will also be required to track software being used on the company
network. Once again it must be possible to add, view, edit, or delete this asset data.
As before, a unique identifier should be automatically generated for each asset. For now, it would be
sufficient to store data about the operating system name, version, and manufacturer. The client
would like your software to get this data automatically from the system on which it is running. It
should also be possible to link hardware assets with software assets, allowing the client to
determine where software is installed. The current date should be automatically associated with the
link.
For both hardware and software assets, it would be useful if errors in data could be prevented, or
identified and corrected, at the point of entry. Because of security concerns access to the system
must be controlled and any user must be authenticated with an email address and password. Pre-
configured credentials may be used but must be stored securely. Reasonable precautions should be
implemented to ensure the system functions reliably and securely.
The client envisions that asset data will assist in identifying vulnerable assets, which will allow the
information technology department to act. Because it is difficult for the client to track when assets
become vulnerable to new exploits, the system must provide a feature to search for vulnerabilities
to assets in an online database. The security consultant has advised that the NIST National
Vulnerability Database (NVD)1 would be suitable for this purpose. The system should allow checking
a software asset (i.e., operating system) version against the NVD and listing relevant information if a
high or critical severity vulnerability is found.
Software Assets
Error Checking
Adding Employee Login
NIST Vulnerability Database
The client also wants to link the project in with the NIST NVD.
The text was updated successfully, but these errors were encountered: