security engineering 3rd edition

Question 1

What is the focus of Security Engineering?

Answer 1

the use of tools, processes, and methods with a cyber-security lens

Question 2

What are the 44 things necessary for a dependable system?

Answer 2

Policy
mechanis,
assurance
incentive

Question 3

What is the concept of “security theater”?

Answer 3

The implementation of security measures that are visible, but less performant than other solutions

Question 4

What is a subject?

Answer 4

a physical person in any role (operator, principal or victim)

Question 5

What is a person?

Answer 5

a physical person, or a legal person such as a company or government

Question 6

With regards to security systems, what is a principal?

Answer 6

an entity that participates in a security system. Could be a person, smartphone, laptop etc

Question 7

What is the distinction between groups and roles?

Answer 7

a group is a set of principals, and a role is a set of functions

Question 8

What is an example of someone who is trusted, but not trsutworthy?

Answer 8

An NSA agent selling information to a foreign agent. The NSA agent may be trusted with the secrets, but they are now trustworthy of the secrets

Question 9

What is secrecy?

Answer 9

the effect of mechanisms used to limit the number of principals access to information

Question 10

What is confidentiality?

Answer 10

An obligation to protect a persons secrets if they are known

Question 11

What is Privacy?

Answer 11

The ability to protect your personal information

Question 12

What is authenticity?

Answer 12

integrity plus freshness, so that a replay of previous messages does not have authenticity

Question 13

What is Bruce Schneier’s definition of a hack?

Answer 13

An activity that a system’s rules permit, but which has unanticipated and unwanted effects

Question 14

What is a vulnerability?

Answer 14

property of a system or environemnt which, in conjunction with an internal or external threat, can lead to a security failure