LO6 Flashcards Preview

Software Engineering > LO6 > Flashcards

Flashcards in LO6 Deck (7)
Loading flashcards...

What are the different sides of the McCumber Cube?

Asset State


What is CIA?

Confidentiality, Integrity and Availability.

Confidentiality - Keeps users data private

Integrity - Assurance the system preserves data

Availability - Assurance users can access resources


What are safeguards?

Policy and Practices - The controls an organisation puts in to ensure people mitigate risks

Human Factors - The training provided by an organisation to avoid risks such as viruses and social engineering tactics

Technology - The software and hardware solutions used to protect systems


What is Asset State?

Storage - Most valuable but easiest to protect as is in a hard drive, memory or an external device

Transmission - Data being moved between systems

Processing - The data is currently being used so considered vulnerable


What is an attack vector?

A path an attacker takes to access an asset.


Provide an example of an attack vector?

Code injection


What does STRIDE stand for and what does each letter mean?

Spoofing - Pretending to be someone else

Tampering - Changing data in some manner

Repudiation - Hiding your tracks

Information Disclosure - Exposure of users data

Denial of Service - Target service availability i.e setting off a fire alarm to stop an exam

Elevation of Privilege - Finding a method of performing tasks that the user isn't authorised to do so.