Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

SSE > Risk Management & Risk Driven Test Planning > Flashcards

Risk Management & Risk Driven Test Planning Flashcards

1
Q

Risk(incident) =

A

p(occurrence) * impact

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

p(occurrence) vs. p(vulnerability) ratio

A

We assume they are proportional

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Naïve Security Risk Assessment

A

Write down your worst fears for the system
Try to avoid those things

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Naïve Security Risk Assessment Cons

A

Requires a big “bag of tricks”
Easily overwhelming for security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Protection Poker

A

Uses story points
Assets have value
Security risk = Ease of attack (1 - 100) * asset value

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Risk-Driven Test Planning Goals

A

Mitigate negative impact on the customer
Create the mitigation strategies early
Allow a “disruption-free” usage of the product

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Top-Down Test Planning

A

Start with the broad analysis of the domain
Goals → Risks → Indicators → Tests

Benefit: tied to specific goals
Drawback: incomplete within the categories

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Bottom-Up Security Test Planning

A

Step 1: Write down a lot of tests
Step 2: Group those tests into various categories
Step 3: Revise the categories as a group
Step 4: Add more tests to each category

Benefit: gives you freedom to write your best tests immediately
Drawbacks: easy to miss stuff

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

SSE (9 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions