Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
19 Cards in this Set
- Front
- Back
Trst |
Test |
|
Test |
Test |
|
Test |
Test |
|
Adding security here gets you the biggest bang for the buck. |
Weakest link |
|
What is it called when any aspect of the system fails causes the entire system to fail? Secure systems do not have any of these. |
Single point of failure |
|
What is the level of confidence that the SW is free from vulnerabilities? |
SW Assurance |
|
What is a use case, structured like a legal case, that demonstrates the claim of SW Assurance? |
Assurance Case |
|
Using the principle of keeping things simple is related to what type of mechanism? |
Economy of mechanism |
|
What is the formula for SLE? |
SLE = asset value * exposure factor |
|
What information flow model preserves confidentiality and seeks to avoid conflict of interest by creating security domains? |
Brewer-Nash model (Chinese Wall) |
|
What key element of Trusted Computing can hold an encryption key that is only accessible via a special chip? |
TPM (Trusted Platform Module) |
|
The primary reason for incorporating security into the SW development lifecycle is to protect what? |
The corporate brand and reputation |
|
What authentication type is using something one knows? |
Knowledge based |
|
What authentication type is using something one has? |
Ownership based |
|
What authentication type is using something one is? |
Character based |
|
What framework can be used to develop a risk based security architecture by determining security requirements after analyzing the business initiatives? |
SABSA (Sherwood Applied Business Security Architecture) |
|
Implementing IPSec to assure the confidentiality of data when it is transmitted is an example of which, risk mitigation or risk avoidance? |
Risk mitigation |
|
The process of removing private information from sensitive data sets is referred to as what? |
Anonymization |
|
What is the time period to get the interrupted service running again and what is the time to recover before the business fails? |
MTD (max tolerable downtime) is time before business fails and RTO (recovery point objective) is the time by which operations need restored |