Week 2 - Basic Notations and Methods

0.0(0)
studied byStudied by 1 person
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/26

encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

27 Terms

1
New cards

What is an asset in cybersecurity?

An object of value that needs to be protected.

2
New cards

What is a threat?

A potential violation of a security property.

An action which causes harm.

3
New cards

What is a vulnerability?

Weaknesses in a system that can be exploited by threats to cause harm.

4
New cards

What are security controls?

Measures put in place to mitigate risk.

5
New cards

What is a risk?

Likelihood of a threat exploiting a vulnerability.

6
New cards

Value

Importance of the asset

7
New cards

What is a security requirement?

A formal statement defining how a system should be protected.

Standards of security that need to be adhered to.

8
New cards

what are security measures?

Measures/actions taken to protect against threats

9
New cards

what are the core security properties?

  1. confidentiality

  2. privacy

  3. integrity

  4. availability

  5. access control

  6. authentication

  7. authorization

10
New cards

Confidentiality

preventing unauthorised disclosure of info

11
New cards

Privacy

protection of personal data

12
New cards

integrity

preventing unauthorised modification of data or services

13
New cards

availability

prevent unorthorised withholding of info

14
New cards

Access control

preventing unauthorised users from accessing resources

15
New cards

authentication

verifying the identity of a user

16
New cards

authorization

prevent users violating their privileges

17
New cards

what is the V-Model?

a development model showing progression from specification to validation and verification

18
New cards

describe the 5 phases in V model

<p></p>
19
New cards

What does CyBoK say about modern cybercrime?

it is a commoditized ecosystem with specialized actors.

quote

20
New cards

what is an attack tree

  • a structured diagram used to model how a system can be attacked.

  • Root node: The attacker’s main goal (e.g., "Steal user data").

  • Branches and leaf nodes: Steps or sub-goals needed to achieve the main goal.

  • Logic: Uses AND/OR relationships to show how combinations of actions lead to the attack.

  • It helps identify potential vulnerabilities and guide security testing or threat mitigation.

21
New cards

security through the development cycle

  • requirements and use cases

  • design

  • test plans

  • code

  • test results

  • field feedback

22
New cards

how is security tested at the ‘requirements and use cases’ stage

  • abuse cases

  • security requirements

  • risk analysis

23
New cards

how is security tested at the ‘design’ stage

  • risk analysis

  • external review

24
New cards

how is security tested at the ‘test plan’ stage

  • risk-based security tests

25
New cards

how is security tested at the ‘code’ stage

  • static analysis

26
New cards

how is security tested at the ‘test results’ stage

  • risk analysis

  • penetration testing

27
New cards

how is security tested at the ‘field feedback’ stage

  • security breaks

Explore top notes

Explore top flashcards