Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CS-239 > Cyber Security at the University and its Impact on Software Developers > Flashcards

Cyber Security at the University and its Impact on Software Developers Flashcards

1
Q

Purpose of Cyber Security

A

Cyber Security is key to defending our information assets against a growing number of threat actors with varying levels of motivation, skill and resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Cyber Security challenges

A

the threats are increasing exponentially and likely to continue increase

  • Required skills are beginning less now it is possible to buy ready-made attacks from the dark web … “Hack-as-a-Service” and “Ransomware-as-a-Service”
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Risk Management approaches

A

basic steps:
* Identify
* Assess
* Treat
* Monitor and Report

There are different types of risk:
* Operational
* Financial
* Reputational
* Market – usually found in Financial Services

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Identifying Risks

A

How we identify potential risks
* Vulnerability scans
* IT operational teams
* IT projects

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Assessing Risks

A

A risk is a possible event which could cause harm or loss

the key objective is to assess the two factors that influence risk
* Likelihood – how likely is it that the event will actually happen
* Impact – the amount of harm or loss that the event will cause

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Treating Risks

A

There are different types of mitigating actions
* Acceptance – live with the risk because it is within the risk appetite
* Transference – move some or all of the risk to another party
* Avoidance – don’t to the activity in the first place so the event cannot happen
* Reduction – change something you are doing or add extra controls to reduce the likelihood, impact or both

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Monitoring and Reporting Risks

A

Need a way to report on risk especially to senior management
* Visual diagrams make great impression and are easier to consume
* Plotting Inherent Risk and also Residual Risk clearly shows the impact of the mitigating actions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Secure Software Development Lifecycle (SDLC)

A

should ensure that the resulting software is Secure by Design and by Default

SDLC needs to take into account:
* Inception
* Analysis including definition of requirements
* Design
* Coding
* Testing – from unit testing through to user acceptance testing
* Operations and maintenance
* Retirement and decommissioning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Open Worldwide Application Security (OWASP) Foundation

A

Works to improve the security of software through:
* Community-led open-source software projects
* Worldwide chapters and members
* Local and global conferences

Key Projects are:
* OSWAP Top Ten – 10 most critical web application security risks
* OSWAP SAMM – Software Assurance Maturity Model

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

CS-239 (9 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions