Test deck2

Question 2

ISO 15288:2015

Answer 2

systems engineering standard covering processes and life cycle stages.

Question 3

ISO 15288:2015 processes that are divide into four categories

Answer 3

1. Agreement 2. Organization project-enabling 3. Technical Management 4. Technical

Question 4

The left side of the V (V-Model) represents

Answer 4

concept development and the decomposition of requirements into functions and physical entities that can be architected, designed, and developed.

Question 5

The right side of the V represents

Answer 5

integegration of these entities and their ultimate transition into the field, where they are operated and maintained.

Question 6

Defense in Depth

Answer 6

The use of overlapping layers of controls/countermeasures to create a series of defensive layers of physical, administrative, technical types to secure assets.

Question 7

Common Criteria (ISO 15408)

Answer 7

Provides a structure methodology for documenting security requirements, documenting and validating security capabilities, and promoting international cooperation in the are of IT security. Use of the common criteria “protection profiles” and “security targets” greatly aids in the development of products and systems that have IT security functions.

Question 8

What is ISO/IEC 21827:2008

Answer 8

System Security Engineering - capability Maturity Model (SSE-CMM), describes the essential characteristics of an organization’s security engineering process that must exist to ensure good security engineering. It does NOT prescribe a particular process or sequence, but captures practices generally observed in industry.

Question 9

ISO 21827 covers the following standard security metric for security engineering practices

Answer 9

1. The entire life cycle, including development, operation, maintenance, and decommission activities. (DOM, D) 2. The whole organization, including management, organizational, and engineering activities. 3. Concurrent interactions with other disciplines, such as system, software, hardware, human factors, test engineering, system management, operation, and maintenance. 4. Interactions with other organizations, including acquisition, system management, certification, accreditation, and evaluation.

Question 10

Subjects Objects

Answer 10

Users Data

Question 11

Closed Open Systems

Answer 11

Vendor Specific Industry Standard

Question 12

Confinement (sandboxing)

Answer 12

Ability to control read/write activity as software executes in a system and accesses memory

Question 13

Bounds

Answer 13

limits set on the memory addresses and resources a process can access in a system

Question 14

Isolation

Answer 14

the ability to use bounds and confinement to control the impact process behavior has on a system

Question 15

Controls (in the context of access)

Answer 15

use of access rules to limit subject / object interaction

Question 16

Trusted System

Answer 16

one where all protection mechanisms work together to process sensitive data for many types of users while maintaining a stable, secure environment

Question 17

Assurance

Answer 17

the degree of confidence or certainty in a system’s ability to satisfy the defined security requirements

Question 18

Security Model

Answer 18

provides a way for the designer(s) of a system to correlate abstract statements into a security policy that will define an explicit set of rules allowing a computer to implement the fundamental concepts of the policy.