Security Engineering Flashcards
1
Q
Application security
A
- The application is designed to resist attacks.
2
Q
Infrastructure security
A
- The software is configured to resist attacks.
3
Q
Security dimensions
A
- Confidentiality
- Integrity
- Availability
4
Q
Three controls to enhance system security
A
- Vulnerability avoidance
- Attack detection and neutralization
- Exposure limitation and recovery
5
Q
Stages of preliminary risk assessment
A
- Asset value assessment/exposure assessment
- Threat identification/attack assessment
- Control identification
- Security requirements definition
6
Q
Operational security
A
- Primarily a human and social issue
7
Q
Security trade off
A
- More secure system, less usable
8
Q
Protection issues in system design
A
- How should the system be organized so that critical assets can be protected against an external attack?
9
Q
Distribution issues in system design
A
- How should system assets be distributed so that the effects of a successful attack are minimized?
10
Q
Design guidelines for secure systems engineering:
A
- Base security decisions on an explicit security policy.
- Avoid a single point of failure.
- Use redundancy and diversity to reduce risk.
- Validate all inputs.
11
Q
Experience-based testing
A
- The system is analyzed against known types of attack.
12
Q
Penetration testing
A
- An external team is contracted to discover security flaws in a system.
13
Q
Tool-based testing
A
- Tools are used to exhaustively test some features of a system, such as the strength of passwords.
14
Q
Formal verification
A
- A system is formally verified against a formal security specification.
15
Q
Interception threats
A
- Allows attacker to gain access to an asset
