Threat Modelling, Secure Design and Threat Detection Flashcards
What is a cyber threat?
“any circumstance or event with the potential to adversely impact an asset through unauthorised access, destruction, disclosure, modification of data, and/or denial of service” (ENISA)
What is a short description of a threat?
A set of circumstances that has the potential to cause loss or harm
What are 3 non-human threats?
- natural disasters
- loss of electrical power
- failure of a component
why use threat models?
to put yourself into the shoes of the attacker so you can better protect your systems
What are the 2 types of models?
Attack Models and Adversarial Models
what are the 3 goals of computer security?
confidentiality, integrity, availability
what 3 things must an attacker have to ensure access?
method, opportunity and motive
what are the 7 stages of an attack?
- reconnaissance
- weaponization
- delivery
- exploitation
- installation
- command and control
- act on objectives
What does STIX stand for?
Structured Threat Information Expression
What is STIX?
a graph based representation of attackers, campaigns and victims.
What is STRIDE?
a system developed my Microsoft for thinking about computer security threats.
What is spoofing?
an agent pretends to be somebody else
What does tampering do?
violates the integrity of an asset
What is repudiation?
an agent denies having performed an action to escape responsibility
What does information disclosure do?
violates the confidentiality of an asset
What does denial of service do?
violates the availability of an asset
What is elevation of privileges?
an agent gains more privileges beyond its entitlement
what are the components of DREAD?
Damage Reproducibility Exploitability Affected users Discovery
What is the DREAD equation?
Risk_DREAD = (D + R + E + A +D) /5
What are the 7 stages of the security development lifecycle?
- training
- requirements
- design
- implementation
- verification
- release
- response
what is a methodology?
a body of practices, procedures, and rules used by those who work in a discipline or engage in an inquiry; a set of working methods.
What is coupling?
how independent each module is
What is cohesion?
How well do the modules work together
What is the ideal coupling/cohesion state?
loosely couples, highly cohesive.