Security for Software and Data

Question 1

What is the NCSC?

Answer 1

Threat intelligence is the accumulation of data that is analysed and refined to help against cyber threats. They are usually the threats or risks that could pose a problem, sometimes including the threat actors (see section 4 for definition) if it helps

Question 2

What 4 Types of intelligence does the NCSC Group?

Answer 2

Tactical – different types of methods and tools used by attackers

Technical – details of the malware used in an attack
Operational – general details of an attack that can be used to combat future attacks

Strategic – changes in threats and risks as the environment is always dynamic with security and attackers adapting

Question 3

What is Polyinstantiation?

Answer 3

the process used to prevent unauthorised access from users attempting determine changes made in databases. Records are stored using the same key

Question 4

What does Polyinstantiation protect against?

Answer 4

interference attacks - an attack on databases that works by datamining confidential information which is like database aggregation. Both techniques use some form of SQL query to request information from the database.

Question 5

What does CWE stand for?

Answer 5

Common Weakness Enumeration