lecture 7: security and controls

Question 1

system controls

Answer 1

mechanisms and procedures that are built into a system to safeguard the system and the information within

Question 2

integrity controls

Answer 2

a control that rejects invalid data, inputs, prevented unauthorized outputs, and protects data against accidental or malicious attacks

Question 3

security controls

Answer 3

are less application specific but its part of the operating system and network

Question 4

input controls

Answer 4

• value limit control
• completeness control
• data validation control
• field combination control

Question 5

output controls

Answer 5

• physical access to printers and display devices
• discarded data (shredding)
• labeling printed output to identify and verify source

Question 6

what is security controls

Answer 6

a control that protects the assets of an organization

Question 7

objective of security controls

Answer 7

• maintain a stable and functioning operating environment for users
• protect information and transactions during transmission on the internet and other insecure environments

Question 8

access control

Answer 8

• controlling who accesses the data and their position and level
• privileged: senior, manager, administrator
• registered: system developer, supplier
• unregistered: customers, employees
• unauthorized: people from competitor company, former employees, hackers

Question 9

symmetric key encryptions

Answer 9

• person 1 and person 2 share the same secret key which will encrypt and decrypt data

Question 10

asymmetric key encryptions

Answer 10

• person 1 and person 2 share different secret keys which will encrypt and decrypt data

Question 11

public key encryptions

Answer 11

• uses public key for ENCRYPTION and a secret key for DECRYPTION

Question 12

digital certificate

Answer 12

• authenticates web credentials and lets the recipient know that the data is from a trusted source
• it is issued by the certificate authority (CA)

Question 13

describe OOA

Answer 13

OOA helps in giving a better understanding in the problem we are trying to solve.
It deals with defining the problem, where the models used focus on the understanding of the objectives and defining the functions that will lead to the solution.
Through OOA, we can know the limits, tradeoffs and requirements when discussing how the problem can be overcome.

Question 14

describe OOD

Answer 14

OOD deals with how the solution is implemented and how it is maintained.
Through OOD we can understand how the solution will flow between the varying users.

Question 15

how to extend and integrate requirement models

Answer 15

• use case diagrams
• use case descriptions
• activity diagram
• system sequence diagram
• domain model class diagram
• ERD

Question 16

steps to SSD

Answer 16

1) identify input message
2) describe the message from the external actor to the system
(verb-noun e.g.: addItem)
3) identify any conditions for the input (loop, alternate, optional)
4) identify and add output message from system to actor
(dashed line)