Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
19 Cards in this Set
- Front
- Back
what is information security? |
- subset of information assurance - measures to preserve the CIA triad - includes physical and IT security |
|
What is administrative security? |
- uses of rules, routines, and policies in support of information security - includes incident handling, division of roles and responsibilities among employees |
|
what is information assurance? |
- superset of information security that enables CIA and non-repudiation through interdisciplanary measures |
|
List and describe threat vectors |
- sources of exploitation of vulnerabilities - includes natural (disasters, physical location), intentional (inside and external threats), unintentional (user misuse, malfunctions) |
|
what is risk? |
- uncertainty of the occurrence of an adverse event. |
|
what is risk management? |
- minimization of risk using the risk management process - goal is to minimize annualized loss expectancy
|
|
Types of risk according to COSO |
- strategic - tactical - operations - reporting - compliance |
|
what is the risk assessment process? |
- id - analyze - plan - track - control |
|
compare the risks in the waterfall and iterative models. |
waterfall: create too many features or build the wrong thing the right way
iterative: assume too much risk up front; time to finish |
|
compare the costs of change the waterfall and iterative models. |
waterfall model has a higher cost of change, since changes are not identified until the management phase and the project must return to the first phase to fix. |
|
why are there a lot of wasted features in software developed according the the waterfall model? |
- tendency to overstate requirements for fear of missing one due to high cost of change |
|
what are the IT Service Management Building Blocks? |
- strategic (establish company and market) - tactical (service deployment) - operational (service support) - physical (ICT infrastructure) |
|
what are the IT Services Delivery Processes? |
- services management - continual IT services management - availability management - capacity management - financial management |
|
what are the IT Services Support Processes? |
- configuration management - release management - change management - problem management - incident management |
|
Compare ITILv2 and ITILv3 |
- v3 replaced the IT Service Processes model with the IT Services Lifecycle |
|
Compare ITILv3 and ITILv2011 |
- v2011 added Business Relationship Management and IT Strategy Management sections |
|
Describe the secure software development lifecycle. |
- requirements and use cases - design - test the design - code - test the results - field feedback |
|
what are evil user stories? |
- use cases that help secure software developers establish security requirements |
|
what is the IT Services Lifecycle |
- service strategy - service design - service transition - service operations - continual service employment |