COMP 3521: Software Engineering > Security Engineering > Flashcards

Security Engineering Flashcards

(19 cards)

Study These Flashcards
1
Q

Application security

A
  • The application is designed to resist attacks.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Infrastructure security

A
  • The software is configured to resist attacks.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Security dimensions

A
  • Confidentiality
  • Integrity
  • Availability
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Three controls to enhance system security

A
  • Vulnerability avoidance
  • Attack detection and neutralization
  • Exposure limitation and recovery
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Stages of preliminary risk assessment

A
  • Asset value assessment/exposure assessment
  • Threat identification/attack assessment
  • Control identification
  • Security requirements definition
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Operational security

A
  • Primarily a human and social issue
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Security trade off

A
  • More secure system, less usable
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Protection issues in system design

A
  • How should the system be organized so that critical assets can be protected against an external attack?
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Distribution issues in system design

A
  • How should system assets be distributed so that the effects of a successful attack are minimized?
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Design guidelines for secure systems engineering:

A
  • Base security decisions on an explicit security policy.
  • Avoid a single point of failure.
  • Use redundancy and diversity to reduce risk.
  • Validate all inputs.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Experience-based testing

A
  • The system is analyzed against known types of attack.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Penetration testing

A
  • An external team is contracted to discover security flaws in a system.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Tool-based testing

A
  • Tools are used to exhaustively test some features of a system, such as the strength of passwords.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Formal verification

A
  • A system is formally verified against a formal security specification.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Interception threats

A
  • Allows attacker to gain access to an asset
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Interruption threats

Study These Flashcards
A
  • Make part or all of a system unavailable
17
Q

Modification threats

Study These Flashcards
A
  • Attacker tampers with a system asset
18
Q

Fabrication threats

Study These Flashcards
A
  • Insert false information in the system
19
Q

Security specification

Study These Flashcards
A
  • Avoid something bad happening
COMP 3521: Software Engineering
flashcards
Decks in class (14)
# Cards
Brainscape helps you reach your goals faster, through stronger study habits.
© 2026 Bold Learning Solutions. Terms and Conditions