CISSP Flashcards
what is Verification?
The verification process is similar to the certification process in that it validates security controls. Verification may go a step further by involving a third-party testing service and compiling results that may be trusted by many different organizations.
The process of evaluating software to determine whether the products of a given development phase satisfy the conditions imposed at the start of that phase.
Verification is a static practice of verifying documents, design, code and program. It includes all the activities associated with producing high quality software: inspection, design analysis and specification analysis. It is a relatively objective process.
Verification will help to determine whether the software is of high quality, but it will not ensure that the system is useful. Verification is concerned with whether the system is well-engineered and error-free.
Methods of Verification : Static Testing
Walkthrough
Inspection
Review
Verification is the process of checking that the software meets the specification.
“Did I build what I need?”
What is Validation?
The process of evaluating software during or at the end of the development process to determine whether it satisfies specified requirements.
Validation is the process of evaluating the final product to check whether the software meets the customer expectations and requirements. It is a dynamic mechanism of validating and testing the actual product.
Methods of Validation : Dynamic Testing
Testing End Users
Validation is the process of checking whether the specification captures the customer’s needs.
Accreditation
is the act of management formally accepting an evaluating system, not evaluating the system itself.
management evaluates the capacity of a system to meet the needs of the organization. If management determines that the needs of the system satisfy the needs of the organization, they will formally accept the evaluated system, usually for a defined period of time or set of conditions. If the configuration is changed or the accreditation expires, the new configuration must be certified. Recertification must normally be performed either when the time period elapses or when significant configuration changes are made.
Assurance
Assurance is the degree of confidence that an organization has that its security controls are correctly implemented. It must be continually monitored and reverified.
Certification
Certification - product or system is tested to see whether it meets the documented requirements (including any security requirements). It considers the system in context, including the other systems around it, the network it is running on, and its intended use.
process of evaluating the security architecture of the software or system against a predetermined set of security standards or policies. Certification also examines how well the system performs its intended functional requirements.
The term certification indicates. A technical review of security mechanism of the product. Or (a technical evaluation of a product)
Transposition
Transposition ciphers use an encryption algorithm to rearrange the letters of a plaintext message, forming the ciphertext message. The decryption algorithm simply reverses the encryption transformation to retrieve the original message.
a simple transposition cipher was used to reverse the letters of the message so that apple became
elppa.
Rearranges the position of the characters of the plaintext.
Transposition ciphers provide diffusion (obscures the relationship between message units)
Transposition ciphers use an encryption algorithm to rearrange the letters of the plain text message to form a cipher text message.
Substitution
Substitution ciphers use the encryption algorithm to replace each character or bit of the
plaintext message with a different character.
Replaces the plaintext characters with other characters, numbers and symbols.
Substitution ciphers provide confusion (obscures the identity of the message unit)
Multitasking
In computing, multitasking means handling two or more tasks simultaneously.
handles multiple processes on a single processor by switching between them using the operating system.
Multiprocessing
uses multiple processors to perform multiple processes simultaneously.
Multithreading
runs multiple threads within a single process
Multithreading permits multiple concurrent tasks to be performed within a single process
Due Dilligence
The due diligence principle is a more specific component of due care that states an individual assigned a responsibility should exercise due care to complete it accurately and in a timely manner.
Investigate, learn, research
What I need to ensure the issue never happens again
Due Care
The due care principle states that an individual should react in a situation using the same level of care that would be expected from any reasonable person. It is a very broad standard.
Do it, Make it happen
What I need to do right now to fix an issue
***Auditing is an aspect of due care.
Confinement
confinement allows a process to read from and write to only certain memory locations and resources.
Also called sandboxing
Bounds
The bounds of a process consist of limits set on the memory addresses and resources it can access.
The bounds state the area within which a process is
confined or contained.
In most systems, these bounds segment logical areas of memory for each process to use.
Isolation
Process isolation ensures that any behavior will affect only the memory and resources associated with the isolated process.
Isolation is used to protect the operating environment, the kernel of the operating system (OS), and other independent applications.