Related Essays

  • Assignment 1: Why Security Is Important To A Business

    Security Security Overview Security is a growing problem in our technological advanced society, and it is a very important issue in the survival of any bus...

  • Security Life Cycle

    Microsoft adopted the security development lifecycle to help to fight against malicious attacks. The SDL entail and include changing a software development o...

  • The Importance Of Detractors In The Security Industry

    Every industry is plagued with detractors and the security industry is no exception. When you think of this industry you think of extra measures being taken...

  • Information Security: The Three Pillars Of Security

    The Three Pillars of Security When it comes to security of information there are three distinct levels involved in the protection of corporate information....

  • Ba501 Week 1 Assignment

    II Abstract Security is a need that is increasing at a rapid rate especially with a large organization and constant changes seem to be the norm.

  • Constructor And Destructor In Secure System Design

    When cost reduction and business needs are greater for a company, the time and extra cost it takes to consider security during the early stages may out weigh...

  • Steps Of A Security Risk Assessment

    As a large Fortune 500 company, it is extremely important that all measures against threats are managed properly. With the advancement in Information Technol...

  • M1 Unit 3 Risk Analysis

    The requirements will give the businesses what they want to uphold their security. The controls in the security process are measures that are taken in advanc...

  • Information Security Threats

    Creating and maintaining an effective information security apparatus has always been a challenging task for security experts. This is particularly true withi...

  • Home Area Network Case Study

    The goal of most security programs is to reduce risk. Risk mitigation is accomplished by decreasing the threat level by eliminating or intercepting the advis...

  • Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

Card Range To Study

through

image

Play button

image

Play button

image

Progress

1/19

Click to flip

Use LEFT and RIGHT arrow keys to navigate between flashcards;

Use UP and DOWN arrow keys to flip the card;

H to show hint;

A reads text to speech;

19 Cards in this Set

  • Front
  • Back

Trst

Test

Test

Test

Test

Test

Adding security here gets you the biggest bang for the buck.

Weakest link

What is it called when any aspect of the system fails causes the entire system to fail? Secure systems do not have any of these.

Single point of failure

What is the level of confidence that the SW is free from vulnerabilities?

SW Assurance

What is a use case, structured like a legal case, that demonstrates the claim of SW Assurance?

Assurance Case

Using the principle of keeping things simple is related to what type of mechanism?

Economy of mechanism

What is the formula for SLE?

SLE = asset value * exposure factor

What information flow model preserves confidentiality and seeks to avoid conflict of interest by creating security domains?

Brewer-Nash model (Chinese Wall)

What key element of Trusted Computing can hold an encryption key that is only accessible via a special chip?

TPM (Trusted Platform Module)

The primary reason for incorporating security into the SW development lifecycle is to protect what?

The corporate brand and reputation

What authentication type is using something one knows?

Knowledge based

What authentication type is using something one has?

Ownership based

What authentication type is using something one is?

Character based

What framework can be used to develop a risk based security architecture by determining security requirements after analyzing the business initiatives?

SABSA (Sherwood Applied Business Security Architecture)

Implementing IPSec to assure the confidentiality of data when it is transmitted is an example of which, risk mitigation or risk avoidance?

Risk mitigation

The process of removing private information from sensitive data sets is referred to as what?

Anonymization

What is the time period to get the interrupted service running again and what is the time to recover before the business fails?

MTD (max tolerable downtime) is time before business fails and RTO (recovery point objective) is the time by which operations need restored