Section 2: Software Requirements and Risks Flashcards
What is the first phase of Security Development Lifecycle (SDL)
This phase (A1) is called a security assessment phase
Identifies the product risk profile and the needed SDL activities
What is the part of the kickoff that address the overlooked data privacy requirements
Privacy Impact Assessment
before developing a PIA you will need to evaluate what regulatory, legislative, or policies are applicable
What are the 4 C’s of Privacy Design
Comprehension
Consciousness
Control
Consent
What are the Security Assessment (A1) key success factors and metrics
as the first phase of the SDL it is discovery in nature
What is the deliverables for A1
Here is the list of key deliverables.
What should be measured in every phase of the SDL
Metrics such as:
Time in weeks when software security teams was looped in
Percent of stakeholder participation in SDL activities
Percent of security measures met
What are the Document Security Requirements
RTM - Requirements Traceability Matrix
Formal acceptance of risk by Management
what is the key tenant of the Zachman Framework
Understand Business mission and goals first and go top down
Other Top down planning models
TOGAF
SABSA Model - security focus vs business focus
What type of tests we can use to test a transactional database
ACID Test
One result at a time - Atomicity
Consistency with application
one record change at time - Isolation
Transaction needs to be committed - Durability
What are the 3 Compliance Requirements
Legal - Privacy, Secrecy, IP, Uptime, Accuracy
Regulatory - enforced by agencies (Fed, local, state)
Industry Standards - PCI-DSS and PA-DSS, OWASP,
What is the most complex and difficult part of the SDL
Threat Model and Architectural Security Analysis
What is the purpose of the software security policy
Define what needs to be protected and how.
What are the 5 steps of Threat Modeling
Identify security objectives
Survey the application
Decompose it
Identify Threats
Identify Vulnerabilities
For Threat Modeling what do you use to break down your product architecture and is the first step?
Data Flow Diagrams
What are STRIDE Threat Categories
Spoofing of identity
Tampering with data
Repudiation
Information disclosure
Denial of service
Elevation of privilege
this is a methodology of threat categorization and was popularized by Microsoft
What is a DREAD an acronym for?
Components:
Damage potential
Reproducibility
Exploitability
Affected users
Discoverability
Purpose: The DREAD model provides a systematic way to evaluate and prioritize risks based on these five factors. Each factor is scored, and the cumulative score helps in determining the severity of a particular risk.
The use of __________ is a traditional approach to threat assessment and can help you identify additional potential threats
Attack Trees and attack patterns
What is the Risk Model used by Microsoft for assessing vulnerabilities
DREAD
Damage
Reproducibility
Exploitability
Affected users
Discoverability
Name another Thread Modeling Methodology similar to STRIDE and DREAD
Trike
main difference is that it is a risk-based approach with a distinct implementation
It allows for a high level of automation
methodology as well as of a too
targeted towards auditing teams
asset-centric
What is a newer application threat modeling methodology that is seven step process and aligns with both business objective with technical requirements but also takes into account compliance requirements and
PASTA
Seven step process and platform agnostic
The threat-modeling tool called ThreatModeler supports this methodology
Targeted towards medium to large orgnizaitons, mature companies with security knowledge
Outcome is geared towards management
What is the industry standard for assessing the severity of computer system security vulnerabilities
Common Vulnerability Scoring System (CVSS)
typically used by an internal software security group to respond to a security researcher or other source that has notified you that your software has a vulnerability
What is a complex risk methodology that originated from Carnegie Mellon University
OCTAVE
Operationally Critical Threat, Asset, and Vulnerability Evaluation
Risk Analysis framework
Targeted towards large organizations
Largest and most complex
that is why OCTAVE-S was developed
OCTAVE Allegro - focus on information assets
Asset-Centrix approach
Not a pure threat modeling since riks are mitigated
Does not focus on technical risks
What is the key success factors for this second phase of the SDL