Chapter 3 Flashcards
Systems engineering activities intended to deter and/or delay exploitation of critical technologies in a system in order to impede countermeasure development, unintended technology transfer, or alteration of a system.
Anti-tamper (AT)
A chronological record of system activities, which includes records of system accesses and operations performed in a given period.
Audit Log
An individual entry in an audit log related to an audited event.
Audit Record
A chronological record that reconstructs and examines the sequence of activities surrounding or leading to a specific operation, procedure, or event in a security-relevant transaction from inception to final result.
Audit Trail
A record showing who has accessed an information technology (IT) system and what operations the user has performed during a given period.
Audit Trail
To confirm the identity of an entity when that identity is presented.
Authenticate
Verifying the identity of a user, process, or device, often as a prerequisite to allowing access to resources in an information system.
Authentication
A security measure designed to protect a communication system against acceptance of fraudulent transmission or simulation by establishing the validity of a transmission, message, originator, or a means of verifying an individual’s eligibility to receive specific categories of information.
Authentication
A copy of files and programs made to facilitate recovery, if necessary.
Backup
A software and/or hardware product that is commercially ready-made and available for sale, lease, or license to the general public.
Commercial-off-the-shelf (COTS)
Establishment of and charter for a group of qualified people with responsibility for the process of controlling and approving changes throughout the development and operational lifecycle of products and systems; may also be referred to as a change control board.
Configuration Control Board
An aggregation of information system components that is designated for configuration management and treated as a single entity in the configuration management process.
Configuration Item
Item or aggregation of hardware, software, or both, which is designated for configuration management and treated as a single entity in the configuration management process.
Configuration Item
A collection of activities focused on establishing and maintaining the integrity of information technology products and information systems, through control of processes for initializing, changing, and monitoring the configurations of those products and systems throughout the system development life cycle.
Configuration Management
The set of parameters that can be changed in hardware, software, or firmware that affect the security posture and/or functionality of the information system.
Configuration Settings
Management policy and procedures used to guide an enterprise response to a perceived loss of mission capability.
Contingency Plan
Information security strategy integrating people, technology, and operation capabilities to establish variable barriers across multiple layers and missions of the organization.
Defense-in-depth
The cryptographic transformation of data to produce ciphertext.
Encryption
Communications encryption in which data is encrypted when being passed through a network, but routing information remains visible.
End-to-end Encryption
Safeguarding information in an information system from point of origin to point of destination.
End-to-end Security
The principle that a security architecture should be designed so that each entity is granted the minimum system resources and authorizations that the entity needs to perform its function.
Least Privilege
A determination within the executive branch in accordance with directives issued pursuant to this order that a prospective recipient requires access to a specific classified information in order to perform or assist in a lawful and authorized governmental function.
Need-to-know
Protection against an individual falsely denying having performed a particular action.
Non-repudiation
Provides the capability to determine whether a given individual took a particular action such as creating information, sending a message, approving information, and receiving a message.
Non-repudiation
A security-focused description of an information system, its operational policies, classes of users, interactions between the system and its users, and the system’s contribution to the operational mission.
Security Concept of Operations
A suite of specifications that standardize the format and nomenclature by which software flaw and security configuration information is communicated, both to machines and humans.
Security Content Automation Protocol (SCAP)
An occurrence (e.g., and auditable event or flag) considered to have potential security implications to the system or its environment that may require further action (such as noting, investigating, or reacting).
Security-relevant Event
Based on Department of Defense policy and security controls, an implementation guide geared to a specific product and version.
Security Technical Implementation Guide (STIG)
Contains all requirements that have been flagged as applicable for the product which have been selected on a DoD baseline.
Security Technical Implementation Guide (STIG)
Always keep the problem and solution spaces separate.
Security Engineering Principle to Avoid Inefficiency
The problem space is defined by the customer’s mission or business needs.
Security Engineering Principle to Avoid Inefficiency
The systems engineer and information systems security engineer define the solution space, driven by the problem space.
Security Engineering Principle to Avoid Inefficiency
Review web pages, operational procedures and documents, annual reports, and CONOPS and mission needs statement (MNS).
ISSE Methods for Analyzing Organizational and Operational Environments
Includes: (i) stakeholder perspective, (ii) system perspective, and (iii) trades perspective.
Protection Needs Perspectives
Focuses on what is of value to the stakeholder.
Stakeholder Perspective
Based on those assets that are deemed necessary for the system to execute correctly and securely to manage its execution, and to provide for its own protection.
System Perspective
Considers protection need aspects associated with all feasible alternatives, as well as those related to a specific decision.
Trades Perspective
Specify security capability, performance, effectiveness, and the associated verification and validation measures, and also express constraints on system requirements.
Security Requirements
Describe the stakeholder-oriented view of desired capability; include operational, protection, safety, and other needs and expectations of stakeholders, including legal, policy, regulatory, statutory, certification, policy, and other constraints for solutions that support the mission or business.
Stakeholder Requirements
Intended to achieve adequate security and help the system meet security objectives set forth for the system.
Design Constraints
Allows the team to move forward in the systems engineering process and continue with requirements; must be validated before the design is finalized.
Design Assumption
Develop an understanding of the customer’s mission or business.
Determine System Protection Needs Task
Help the customer determine what information management is needed to support the mission or business.
Determine System Protection Needs Task
Create a model of that information management, with customer concurrence.
Determine System Protection Needs Task
Document the results as the basis for defining information systems that will satisfy the customer’s needs.
Determine System Protection Needs Task
Contains information types often aggregated together into information domains, and these domains contain the following elements: (i) users or members of the information domain; (ii) rules, privileges, roles, and responsibilities that apply to the users in managing all the information; (iii) and information objects being managed, including processes.
Information Management Model (IMM)
Formal documents that cover the official plan for testing a system, subsystem, or component.
Security Test Plan (STP)
References the “objective” or “requirement” to be met, the assessment method, and the “object” to be tested.
Security Test Plan (STP)
Executed by a security control assessor (SCA); should be an independent third party.
Security Test Plan (STP)
Includes: (i) security architecture and design, (ii) security capability and intrinsic behaviors, and (iii) life cycle security.
Security Design Principles
Application of these principles is intended to permit a demonstration of system trustworthiness through assurance based on reasoning about relevant and credible evidence.
Security Design Principles
Describes the layers of security mechanisms and security architectures that delay, prevent, or deter attacks against the system.
Defense in Depth
Involves policies and procedures, training and awareness, physical security, personnel security, system security administration, and facilities countermeasures.
People
Involves information assurance, architecture framework areas, IA criteria such as security, PKI, acquisition integration of evaluated products, and system risk assessments.
Technology
Principles are centered around people, technology, and operations.
Defense in Depth Principles
Involves security policy, assessment and authorization, readiness assessments, security management, key management, attack sensing and warning response, and recovery and reconstitution.
Operations
Includes: (i) passive, (ii) active, (iii) close-in, (iv) insider, and (v) distribution.
Classes of Attacks
Include traffic analysis, monitoring of unprotected communications, decrypting weakly encrypted traffic, and capture of authentication information.
Passive Attack
Can give adversaries indications and warnings of impending actions.
Passive Attack
Can result in disclosure of information or data files to an attacker without the consent or knowledge of the user.
Passive Attack
Consists of a regular type individual’s attaining close physical proximity to networks, systems, or facilities for the purpose of modifying, gathering, or denying access to information.
Close-in Attack
Can be malicious or non-malicious; malicious result from intentional acts and non-malicious result from carelessness, lack of knowledge, or intentional circumvention.
Insider Attack
Focus on the malicious modification of hardware or software at the factory or during distribution.
Distribution Attack
Include attempts to circumvent or break protection features, introduce malicious code, or steal or modify information.
Active Attack
The concept that should a system fail, it fails in a safe state (e.g., anti-tamper encryption measures).
Fail-safe Default
Occur when a network converges to a single point.
Single Point of Failure (SPoF)
Tasks include: (i) define the system boundaries and interfaces, (ii) document security allocations to the target system and external systems, and (iii) identify data flows between the target system and external systems and the protection needs associated with those data flows.
Define System Security Requirements
A high-level diagram in which the boundary of the entire system and the composite protection needs for the target system are reflected.
Initial System Security Context Diagram
Describes how the system will work, including connectivity and information flows through the systems and remote sites.
Security CONOPS
Covers all of the functionality, missions, or business needs and addresses the inherent risk in operating the system.
Security CONOPS
Should be clear, concise, and verifiable.
System Security Requirements
Allows a better understanding of what the system has to do; the ways in which it can do it; and to some extent, the priorities and conflicts associated with lower-level functions. It provides information essential to optimizing physical solutions.
Functional Analysis and Allocation
Includes: (i) functional flow block diagram, (ii) timeline analysis, and (iii) requirements allocation sheet.
Functional Analysis Key Tools
A system engineering document that shows the flow of data between functions and the decisions made by the system.
Functional Flow Block Diagram
Informs the team of the duration of various functions over time.
Timeline Analysis Sheet (TLS)
Traces functions to the associated detailed specifications; includes: (i) function name, (ii) functional performance and design requirements, and (iii) configuration items.
Requirements Allocation Sheet (RAS) / Requirements Matrix
Ensure compliance with a security architecture, design constraints, perform trad-off studies, and define system security design elements.
Develop System Security Design Components Tasks