Software Development Security Domain Flashcards
The collection of all of the hardware, software and firmware within a computer system that contains all elements of the system responsible for supporting the security policy and the isolation of objects
Trusted Computing Bases (TCB)
Takes advantage of the dependency on the timing of events that takes place in a multitasking operating system
Time of Check / Time of User (TOC/TOU) Attacks
Allows the operating system to provide well-defined and structured access to processes that need to use resources according to a controlled and tightly managed schedule
Time Multiplexing
The level of confidence that software is free from vulnerabilities, either intentionally designed into the software or accidentally inserted at any time during its life cycle, and that it functions in the intended manner
Software Assurance (SwA)
A form of rapid prototyping that requires strict time limits on each phase and relies on tools that enable quick development
Rapid Application Development (RAD)
Information about the data
Metadata
A mathematical, statistical, and visualization method of identifying valid and useful patterns in data
Knowledge Discovery in Databases (KDD)
Development models that allow for successive refinements of requirements, design and coding
Iterative Models
A record of the events occuring within an organization’s systems and networks
Log
Decribes the relationship between the data elements and provides a framework for organizing the data
Database Model
A suite of application programs that typically manages large, structured sets of persistent data
Database Management Systems (DBMS)
The practice of examining large databases in order to generate new information
Data Mining
The conversion of electronic data into another form, called ciphertext, which cannot be easily understood by anyone except authorized parties
Encryption
An information flow that is not controlled by a security control
Covert Channel
Monitoring and managing changes to a program or documentation
Configuration Manegement (CM)
A program written with functions and intent to copy and disperse itself without the knowledge and cooperation of the owner or user of the computer
Computer Virus
A set of standards that addresses the need for interoperability between hardware and software products
Common Object Request Broker Architecture (CORBA)
A Microsoft high-level interface for all kinds of data
ActiveX Data Objects (ADO)
A management technique that simultaneously integrate all essential acquisition activities through the use of multidisciplinary teams to optimize the design, manufacturing, and supportability processes
Integrated Product and Process Development (IPPD)
An approach based on lean and agile principles in which business owners and the development, operations, and quality assurance departments collaborate
DevOPS
A development model in which each phase contains a list of activities that must be performed and documented before the next phase begins
Waterfall Development Model
Maturity model focused on quality management processes and has five maturity levels that contain several key practices within each maturity level
Capability Maturity Model for Software (CMM or SW-CMM)
