Assurance Flashcards

1
Q

What is the point of assurance techniques for system security?

A

Assurance models allow us to assess the trustworthiness of a system. These models give us confidence (level of certainty) that a given system meets the security requirements, i.e., the security policies.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Why do we need assurance?

A

There are several reasons for why assurance is needed since there are many ways in which a system can be unsafe. Some examples are:

  • Mistakes in the systems requirements definitions
  • System design flaws
  • Hardware of software implementation flaws
  • Operation errors and mistakes during use
  • Deliberate system misuse and exploitation.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What types of assurances are used for systems?

A

There are four main types of assurances and they address the two main aspects of the security of a given system, namely:

  • Policy assurance
  • Design assurance
  • Implementation assurance
  • Operational assurance
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is policy assurance

A

Policy assurance is the evidence after a thorough analysis of the requirements verifying their correctness, consistency, and completeness. This evidence can be used for later evaluations of the systems level of security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is Design assurance?

A

Design assurance is the evidence that the design is sufficient to meet the requirements in the policy and free of flaws.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is Implementation assurance

A

Implementation assurance is the evidence concerning hardware and software implementation errors and bugs an establishes whether the current implementation is consistent with the design and security requirements.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is operational assurance

A

Operational assurance is the evidence that the system sustains the security requirements during installation, configuration, and daily use.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Should systems be built with security in mind from the very beginning? Name some software development models,

A

Yes, security should be an integral part of any product from the very beginning .
Two very different software developments models where security will be handles differently are:

  • The waterfall life cycle model where all requirements are defines in advance,
  • Extreme programming which is based on rapid prototyping and reviews using best practices.

These two models tackles assurance in different ways.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly