Study your flashcards anywhere!

Download the official Cram app for free >

  • Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

How to study your flashcards.

Right/Left arrow keys: Navigate between flashcards.right arrow keyleft arrow key

Up/Down arrow keys: Flip the card between the front and back.down keyup key

H key: Show hint (3rd side).h key

A key: Read text to speech.a key

image

Play button

image

Play button

image

Progress

1/50

Click to flip

50 Cards in this Set

  • Front
  • Back
What is the Take-Grant Model?
uses a directed graph to specify the rights that a subject can transfer to an object or that a subject can take from another object.
What is the Bell-LaPadula model?
developed to formalize the US DoD multi-level security policy. Deals only with the confidentially of classified material and does no address integrity or availability.
The basic tenets of Bell-LaPadula model can be summed up in which way?
no read up, no write-down
What is meant by the property Strong* Property
that reading or writing is permitted at a certain sensitivity level but not at either higher or lower sensitivity.
What is the Biba model
The first formal integrity model it is lattice based and uses the less than or equal to relation
The basic tenets of the Biba model can be summed up in which way?
no read-down, no write-up
What does the Clark Wilson model require to function?
Integrity models
What constitutes a triple in the Operational Security domain?
Threat, vulnerability and assets
What is the difference between a threat and a vulnerability?
A vulnerability is a weakness in a system whereas a threat is any potential event that could affect how the system functions
What are the major categories of operations security controls
preventative, detective and corrective
Give an example of a preventative control
High walls or dogs
Give an example of a detective control
Audit trails or access control lists
Give an example of a corrective control?
backup tapes, redundancy arrays or continuing operations facilities
What are administrative controls and what separates them from operational controls?
they are installed and manged by administrative personnel to help reduce the threat or impact of violations in a computer system. They are separated because they have more to do with human personnel.
What are the three basic levels of privilege?
Read, Read/Write, Change
What are some things that can destroy data media?
temperature liquids, magnetism, smoke and dust
What is the difference between auditing and monitoring?
auditing occurs at a fixed moment in time whereas monitoring is ongoing
What is a clipping level?
a baseline of user activity that is considered a routine level of user errors.
What is the goal of problem management?
reduce the failures to manageable level, prevent occurrence or reoccurrence of a problem, mitigate the negative impact of problems
What are three was to thwart traffic analysis attacks?
message padding, sending noise, cover channel anaylsis
What are two types of data scavenging attacks?
keyboard attacks, laboratory attacks
What are the phases of system development life cycle?
initiation, development/acquisition, implementation, operation/maintenance/disposal
What is the waterfall model?
a sequential model where inputs from previous phases are incorporated into the next phase
What is the spiral model
operates under the assumption that the same steps are taken at each phase of the product development lifecycle
In the spiral model what does the lower-left quadrant focus on?
developing plans that will be reviewed in the upper quadrants of the diagram prior to finalization of the plans.
In the detailed COCOMO Model what is the software development effort measured by?
external input types, external output types, logical internal file types, external interface file types, external inquiry types
Describe the following equation

MM= 2.4 (KDSI)^1.05
Man months = 2.4 times the number of thousands of delivered source instructions raised to the 1.05 power
Describe the following equation:

TDEV =2.5(MM)^.38
Development Schedule in months = 2.5 * man months raised to the power of .38
What are the five levels of the Software Capability Maturity Model
Initiation, Repeatable, Defined, Managed, Optimizing
What is the IDEAL model/
the SEI process Improvement model it is an organizational improvement model
In OOP what is a message?
the communication to an object to carryout some operation
In OOP what is a method?
the code that defines the actions an object performs i response to a message.
In OOP what is a behavior?
refers to the results exhibited by tan object upon receipt of a message
What is the common object model?
supports the exchange of objects between programs
What is an expert system?
a system that exhibits reasoning similar to that of a human expert to solve a problem.
What are four types of databases?
hierarchical, mesh, object-oriented, relational
What is ODBC
A M$ developed standard for supporting access to databases through different applications.
What is included in the Business Continuity Plan process
Scope and plan initiation, business impact assessment, business continuity plan development
What is included in the Disaster Recovery Plan process?
DRP processes, Testing the disaster recovery plan, disaster recovery procedures
What must always be the first element of a disaster recovery plan?
personnel evacuation and safety
In the BCP process who approves expenditures, liabilities, and service impacts?
policy group
In the BCP process who identifies and prioritizes time-critical systems
Senior Business Unit Management
What are the three goals of a business impact assessment?
Criticality prioritization, downtime estimation, resource requirements
What are the four steps of a business impact assessment?
Gather information, Perform vulnerability assessment, analyze the information, document
What is a disaster recovery plan?
a comprehensive statement of consistent actions to be taken before, during and after a disruptive event.
When speaking of recovery time frame requirements what does a category AAA asset mean?
Immediate
When speaking of recovery time frame requirements what does a category AA asset mean?
Full functional recovery require w/i four hours
When speaking of recovery time frame requirements what does a category A asset mean?
same day business recovery
When speaking of recovery time frame requirements what does a category B asset mean?
Max 24 hours downtime
When speaking of recovery time frame requirements what does a category C asset mean?
24 -72 hours downtime