Lecture 1 Flashcards
The information in lecture 1; Penetrate and patch model, security, reliability, functionality. Top down method. Harm analysis, security goals and requirements. Types of harm.
What is a Penetrate and patch model?
Wait for vulnerabilities in a system to be found before creating an update to security. Development on security continues as product is used.
What are a few issues with a Penetrate and Patch model?
The bug can be exploited before the patch is released.
The patch may not be executed for a time.
The expense.
Which is better? Top down or bottom up?
Neither, it depends on the system model. Both is best because it gives a greater number of insights.
What is a top down approach to design?
Is the breakdown, from the highest or broadest level into smaller categories, quite like reverse engineering.
It starts with the big picture. Goes from general to specific.
What is the bottom up approach to design?
In a bottom up approach the base elements of a system are defined first in greater detail and then linked to form higher level elements. It goes from specific to general.
Define in a security setting Confidentiality.
Confidentiality is a set of rules that govern access to information.
Define in a security setting Integrity.
Integrity is assurance that information is trustworthy and accurate.
Define in a security setting Availability.
Availability is a guarantee that information will be able to be accessed by authorised systems.
What is privacy in a security setting?
Privacy is the rights held by entities to control and use their own information.
What is non-repudiation?
It is the assurance that a party is who they say they are. They cannot deny the authenticity of information that originated from them.
What is Anonymity in the context of security?
Anonymity is the guarantee that information will not be linked to your identity.
What is Harm analysis?
Thinking about what harms may come to assets within a system.
What is the difference between security goals and security requirements?
Security goals are broad behaviours of a system, whereas requirements are specifics of which a system must fulfill.
What does it mean for a requirement to be testable?
It must be clear, have a measurable outcome and be complete without any ambiguity.
