Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Computer Security > Threat Modelling > Flashcards

Threat Modelling Flashcards

1
Q

When is Thread Modelling conducted?

A

In the early stages of the development lifecycle.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Are security measures implemented to the same level in all systems? Explain answer…

A

No. Some systems are less likely to be targetted, hold less valuable information, or are smaller. Thus they do
not need as extensive threat modelling and security systems implemented into them.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the 4 questions asked when threat modelling?

A

What do we want to protect?
Who are we protecting against?
What countermeasures should be put in place?
What are the weak points of the system?

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

From what perspective are security measures implemented? Why is this so?

A

Security is implemented from the attacking perspective rather than defence minded. This means developers can
implement countermeasures in a more specific and preventative way, with better defined countermeasures to
security breaches.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Define the STRIDE acronym…

A

Spoofing identity : Illegally accessing user authentication information.
Tampering with data : Data integrity, confidentially or availability being compromised.
Repudiation : The denial of something that can’t be disproved.
Information Disclosure : Unauthorised disclosure of confidential information.
Denial of Service : System requesting to compromise availability.
Elevation of privileges : User accessing higher privileges that their roles is entitled to.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Define Vulnerability Disclosure?

A

The way in which parties who find vulnerabilities report it back to the System Owner.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

When a vulnerability is found, what are the 4 main locations they can be reported to?

A

Black Market, National Security Market, Internet, Vendor of system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

If the vulnerability researcher opts for Full Disclosure, who do they report the bug to? What about Responsible Disclosure?

A

The internet, for all to see.
The vendor of the analysed software. This means the vendor can patch and release back to the public.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the difference between Security Experts and Vendors perspective on vulnerability disclosure?

A

Security Expert : Felt full disclosure is important to bring awareness and advance knowledge of vulnerabilities.
Vendors : Spectrum of didn’t care, or wanted no disclosure due to highly confidential information or reputation damage.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Define Full Disclosure…

A

Immediate and public posting of vulnerabilities found. This puts pressure on vendors to fix.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Define Responsible Disclosure…

A

Given vendors a mitigation period to fix bug, after that, release to public if not fixed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Computer Security (19 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions