Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
15 Cards in this Set
- Front
- Back
|
In terms of a system, what is a subject? |
subject has an identity and some capabilities |
|
|
In terms of a system, what is a object? |
object has an identity and some properties |
|
|
In terms of a system, what is a system? |
system connects entities and has a purpose |
|
|
In terms of a system, what is an action? |
action is an interaction between subjects and objects |
|
|
What is risk modeling? |
describe the possible attacks and adversaries |
|
|
What is Identification/Authentication? |
is it to ensure the identity of entities |
|
|
what is security policy? |
is it to describe which actions are secure |
|
|
what do Access control and cryptography focus on? |
they focus on controlling storage and disclosure |
|
|
What is a threat? |
A treat is a way of causing damage to a system |
|
|
What is a vulnerability? |
A vulnerability is a flaw in the system that makes it possible for a threat to occur. |
|
|
Name some types of vulnerabilities? |
Can be hardware, software or human-based |
|
|
What is an attack? |
an attack on a system is the realisation of a threat through exploitation of one or more vulnerabilities |
|
|
what does the STRIDE acronym stand for? |
Spoofing Tampering Repudiation Information disclosure Denial of service Elevation of privilege |
|
|
What is STRIDE? |
STRIDE is a classification of threats |
|
|
What does Repudiation mean? |
denial of the truth or hiding the truth |
