Concepts Flashcards
When should security requirements be addressed in systems development?
- From the very beginning
- When budget and business priorities permit
- When the risk assessment effort is completed
- At the time of implementation
From the very beginning
Which term is often associated with the precision of data?
- Integrity
- Availability
- Non-disclosure
- Confidentiality
Integrity
What is the primary method of enforcing security concepts?
- Through strict firewall rules
- Through risk management
- Through the use of controls
- By regular or continuous audit
Through the use of controls
A security concept that protects against repudiation threats?
- Confidentiality
- Authentication
- Availability
- Accountability
Accountability
A security concept that addresses the logging of transactions so that at a later time a history of transactions can be built, if needed.
- Authorization
- Availability
- Non-repudiation
- Auditing
Auditing
A security concept that verifies and validates identity information that is supplied.
- Confidentiality
- Non-repudiation
- Authentication
- Authorization
Authentication
A security concept that has to do with the checking of a subject’s rights and privileges before granting access to the objects that the subject requests.
- Non-repudiation
- Authentication
- Authorization
- Availability
Authorization
A security concept that assures protection against destruction of the data or system or denial of service. It addresses the accessibility of the software and/or the data it handles. - Availability - Confidentiality - Accountability - Authorization
Availability
A security concept that assures the protection of data against unauthorized disclosure. It ensures the secrecy and privacy of data.
- Non-repudiation
- Confidentiality
- Availability
- Authentication
Confidentiality
The act of permanently and completely removing personal identifiers from data, such as converting personally identifiable information (PII) into aggregated data.
- Separation of Duties
- Defense in Depth
- Data anonymization
- Complete Mediation
Data anonymization
A security concept that addresses the deniability of actions taken by the software or the user. It ensures that the actions taken by the software on behalf of the user (intentionally or unintentionally) cannot be refuted or denied.
- Confidentiality
- Authentication
- Authorization
- Non-repudiation
Non-repudiation
The secure disposal of software and the data the software processes, transmits, and stores.
- Disposition
- Integrity
- Authorization
- Open Design
Disposition
A security concept that assures protection against unauthorized alterations (or modifications).
- Integrity
- Authorization
- Confidentiality
- Accountability
Integrity
Which type of control will proactively stop a threat from successfully attacking a system?
- Preventative
- Compensating
- Detective
- Corrective
Preventative
In addition to restricting a user to the minimum level of access they require to perform their job, least privilege may also restrict access based on which factor?
- Hashing
- Encryption
- Authentication
- Time
Time