Requirements Pt.1 Flashcards
Which term is used to describe the minimum acceptable configuration for a system or component?
- Guideline
- Policy
- Baseline
- Procedure
Baseline
What is the primary purpose of doing data classification?
- To protect against legal liability for a breach
- To ensure the secure operation of systems by users
- To protect sensitive data from disclosure
- To ensure that all data is protected appropriately
To ensure that all data is protected appropriately
What is a common mistake made in requirements gathering?
- To overstate skill of developers
- To focus on use and not security
- To fix requirements so that they cannot be changed
- To underestimate time for testing
To focus on use and not security
What two terms are commonly used to classify data?
- Age and usefulness
- Archival and creation
- Impact and likelihood
- Sensitivity and criticality
Sensitivity and criticality
Which document is used to track all requirements in one central place?
- Configuration Management Database (CMDB)
- Requirements Tracking System (RTS)
- Requirements Traceability Matrix (RTM)
- Change Control Board (CCB)
Requirements Traceability Matrix (RTM)
What does “protection of IP” refer to?
- Trade secrets
- Intelligence policy
- Improvement processes
- Internet procedures
Trade secrets
What can help ensure that requirements are gathered correctly?
- To develop a customized solution for each software project
- To interview managers and system architects
- To follow external standards and regulations
- To seek to discover business needs
To seek to discover business needs
What is a characteristic of a “good” overarching security policy?
- Complex/detailed
- Technical
- Comprehensive
- Understandable
Understandable
What is the main purpose of gathering security requirements?
- To develop a control framework
- To develop software that meets business requirements
- To ensure development of a comprehensive test plan
- To ensure adequate budget and management support
To develop a control framework
What forms of data must be protected during the data lifecycle?
- Unclassified
- Public
- Deleted
- Paper
Paper
WTF does that even mean
Which term is used to describe the way a new user is registered on the system in a consistent manner?
- Standard
- Baseline
- Recommendation
- Procedure
Procedure
What does the term “Big Data” often refer to?
- Reporting on external data compliance
- Analysis of unstructured data
- Protection of highly sensitive data
- Massive storage of archived data
Analysis of unstructured data
What is a common problem with software requirements?
- Inflexible to changing business requirements
- Too technical and product-oriented
- Focused on both long and short term needs
- Insufficient detail and depth
Inflexible to changing business requirements
In addition to a recognition of a security requirement, what other effect may a policy have on the organization?
- Additional regulations
- Increased liability
- Prioritization of threats
- Ignorance of risk
Increased liability
Policy is an admission of knowledge of actions to be taken… was action taken?
What is the responsibility of the data or information owner?
- To monitor and audit for data usage and compliance
- To limit access to authorized users of a specific system
- To ensure protection of sensitive data on all systems or procedures
- To follow data access procedures mandated by the system owner
To ensure protection of sensitive data on all systems or procedures