Those that address protection against disclosure of data or information that are personal or sensitive to unauthorized individuals.
10
New cards
What are the two broad data classifications?
Public and non-public
11
New cards
What is another name for public data?
Directory information
12
New cards
What are the most common forms of covert secret writing?
Steganography and digital watermarking.
13
New cards
What is masking?
A weak form of confidentiality protection in which original information is asterisked or Xed out.
14
New cards
What are the three methods for which confidentiality requirements need to be developed?
In transit, In processing, In storage
15
New cards
What are integrity requirements?
Requirements that address reliability assurance and prevention of unauthorized modification.
16
New cards
What do integrity controls assure?
Reliability (the software does what it should), accuracy, completeness, and consistency.
17
New cards
What is even parity?
Addition of a parity bit to data such that there is an even number of 1 bits in the data.
18
New cards
What is odd parity?
Addition of a parity bit to data such that there is an odd number of 1 bits in the data.
19
New cards
What is the strongest form of data integrity?
Hashing.
20
New cards
What are availability requirements?
Those software requirements that ensure the protection against destruction of the software system and/or data, thereby assisting in the prevention against DoS to authorized users.
21
New cards
What are availability requirements?
Those software requirements that ensure the protection against destruction of the software system and/or data, thereby assisting in the prevention against DoS to authorized users.
22
New cards
What is MTD?
Maximum Tolerable Downtime
23
New cards
What is RTO?
Recovery Time Objective. RTO is the amount of time by which the system or software needs to be restored back to the expected state of business operations for authorized business users when it goes down.
24
New cards
Where should MTD and RTO be stated?
The SLA (Service Level Agreement)
25
New cards
What is BIA?
Business Impact Analysis. A qualitative or quantitative analysis of the cost of failure of the software to operate. This can include loss of credibility, confidence, or brand reputation.
26
New cards
What is a single point of failure?
Having no redundancy capabilities
27
New cards
What is replication?
Master/slave or primary/secondary scheme in which there is one master or primary node and updates are propagated to the slaves or secondary node either actively or passively.
28
New cards
What is active/active replication?
Active/active replication implies that updates are made to both the master and slave systems at the same time.
29
New cards
What is active/passive replication?
The updates are made to the master node first and then the replicas are pushed the changes subsequently.
30
New cards
What is authentication?
Validating an entity's claim. Typically identity claims or credentials are validated against a trusted source.
No prompting for credentials. Implies unlinkability (no way to link a user or system to their actions). Generally avoid unless there's a reason to have it.
33
New cards
What is Basic Authentication?
HTTP BasicAuth. Credentials are transmitted in base 64. Avoid, because easily decoded.
34
New cards
What is Digest Authentication?
Challenge/response. Does not send credentials in clear text, but sends a hash of the original credential. Can't be easily spoofed.
35
New cards
What is Integrated Authentication?
NTLM authentication, or NT challenge/response.
36
New cards
What is Client Certificate based authentication?
X509 client certificates.
37
New cards
What is Forms authentication?
Web forms. Back end can be anything.
38
New cards
What is token-based authentication?
Issue a token upon verification. Particularly useful in SSO.
39
New cards
What is smart card based authentication?
Smart cards provide ownership-based (something you have) authentication.
40
New cards
What is biometric authentication?
This form of authentication uses biological characteristics (something you are) for providing the identity's credentials. Biological features such as retinal blood vessel patterns, facial features, and fingerprints are used for identity verification purposes.
41
New cards
What is a Type I error?
False rejection. A legitimate user/enrollee is denied access.
42
New cards
What is a Type II error?
False acceptance. Someone who isn't a legitimate user is granted access.
43
New cards
What is CER?
Crossover Error Rate. The point where the false rejection rate equals the false acceptance rate (FRR == FAR).
44
New cards
What is a subject?
An entity requesting access to an object.
45
New cards
What is an object?
Something that will be acted upon by a subject.
46
New cards
What is CRUD?
Create, Read, Update, Delete. Common actions subjects take upon objects.
47
New cards
What are the types of access control models?
DAC, NDAC, MAC, RBAC, Resource Based Access Control
48
New cards
What is DAC?
Discretionary Access Control. The owner of the object decides who gets access.
49
New cards
What is NDAC?
Like DAC, in that access to objects is based on the subject, but it is unavoidably imposed on all subjects. Doesn't rely on the subject complying with security policies.
50
New cards
What is MAC?
Restricted access to objects based on the security classification of the object. Sensitivity is represented by a label. AKA the clearance model. Commonly implemented as "Rule based access control".
51
New cards
What is RoleBAC?
Role Based Access Control. Access to objects by job function. Permissions are never assigned to users, only to roles.
52
New cards
What is a Role Hierarchy?
Roles organized in a parent-child relationship.
53
New cards
What is the difference between a role and a group?
A group is a collection of users, not a collection of permissions. A role is a common job where everybody gets the same permissions.
54
New cards
What is ResourceBAC?
Resource Based Access Control. Works when users may not be known in advance. Delegation. Kerberos works this way. Successful authentication gets you a ticket that is delegated the privileges and rights to invoke downstream services. Trusted Subsystem Model.
55
New cards
What is the Trusted Subsystem Model?
Access request decisions are granted based on the identity of a resource that is trusted instead of user identities. Primarily Web applications. User logs into a web application, which may have permission to access a database.
56
New cards
What are the minimum requirements for auditing?
Identity of the subject, Action (what they did), Object on which the action was performed, Timestamp
57
New cards
What does session management do for us?
Relieves the obligation to authenticate upon each access request.
58
New cards
What risk does session management pose?
Session hijacking.
59
New cards
What is the problem with verbose error messages?
Information disclosure.
60
New cards
What is a TOC/TOU attack?
Race conditions, basically. TOC = Time of Check. TOU = Time Of Use.
61
New cards
What properties need to be fulfilled for a race condition to occur?
Concurrency, shared object, and a change of state.
62
New cards
What is the concurrency property?
At least two threads must be executing concurrently.
63
New cards
What is the shared object property?
Two concurrent threads must be accessing the same object.
64
New cards
What is the change of state property?
At least one of the two threads accessing the same object must alter the state of the object.
The window of opportunity when two concurrent threads race against one another trying to alter the same object.
67
New cards
What are atomic operations?
The entire process is completed using a single flow of control and concurrent threads or control flow against the same object is disallowed.
68
New cards
What are mutual exclusions?
Object locking to prevent multiple threads from accessing the same resource.
69
New cards
What should you determine during the requirements gathering phase for archive information?
Location, duration, format.
70
New cards
What is Canonicalization?
The process of converting data that has more than one possible representation into a standard canonical form.
71
New cards
What is PNE?
Protection Needs Elicitation. Determination of security requirements.
72
New cards
What are the steps in PNE?
1. Engage the customer. 2. Information management modeling. 3. Identify least privilege applications. 4. Conduct threat modeling and analysis. 5. Prioritize based on customer needs. 6. Develop information protection policy. 7. Seek customer acceptance.
73
New cards
What methods can be used for PNE?
Brainstorming, Surveys and Questionnaires, Policy decomposition, Data classification, Subject-object matrix, Use and misuse case modelling.
74
New cards
What is brainstorming?
An unstructured, quick method to glean security requirements. Characterized by just recording ideas, not challenging them.
75
New cards
What is policy decomposition?
Breaking high level mandates into detailed security requirements.
76
New cards
What are the steps in the policy decomposition process?
The conscious effort to assign a level of sensitivity to data assets based on potential impact upon disclosure, alteration, or destruction.
78
New cards
What is the objective of data classification?
To lower the cost of data protection and maximize the return on investment where data are protected.
79
New cards
In data classification, what tasks is the business or data owner responsible for?
Ensure information assets are appropriately classified. Validate security controls are implemented by reviewing classification periodically. Define authorized lists of users and access criteria. Ensure appropriate backup and recovery mechanisms are in place. Delegate classification responsibility, access approval, backup, and recovery to a data custodian as needed.
80
New cards
In data classification, what tasks is the business or data custodian responsible for?
Perform the information classification exercise. Perform backup and recovery. Ensure records retention is in place.
81
New cards
What is ILM?
Information Lifecycle Management.
82
New cards
What is ILM?
Information Lifecycle Management.
83
New cards
What is a Subject-Object Matrix?
Used to identify allowable actions between subjects and objects based on use cases. A two-dimensional representation of roles and components: subjects/roles across the columns, objects/components down the rows. Effective tool to generate misuse cases; inversing the allowable actions can determine threats, which can be used to determine security requirements.
84
New cards
What is SQUARE?
Security Quality Requirements Engineering methodology. 9 steps that generate a final deliverable of categorized and prioritized security requirements.
85
New cards
What is a RTM?
Requirements Traceability Matrix. Final deliverable of categorized and prioritized security requirements.
86
New cards
What are the benefits of a RTM?
Avoid scope creep. Assure design satisfies the specified security requirements. Ensures implementation doesn't deviate from secure design. Provides a basis for defining test cases.