Engineering Secure Software > Chapter 4 > Flashcards

Chapter 4 Flashcards

(19 cards)

Study These Flashcards
1
Q

What is Poor Elicitation?

A

Vague/Weak Requirements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Why do few Developers Know how to Develop Secure Software?

A
  • Not in most school curriculums
  • Programming books/courses dont teach it
  • Most developers dont think like an attacker
  • Developers dont learn from others
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Why is Most Software Insecure?

A
  • Few developers know how to develop secure software
  • Customers cant easily evaluate software security
  • Managers dont always resource/train adequately
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the Risk Management Process?

A
  1. Communication & Consultation
  2. Establish Context
  3. Risk Assessment
  4. Risk Treatment
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are the Steps in Risk Assessment?

A
  1. Identification
  2. Analysis
  3. Evaluation
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is Communication and Consultation in Risk Management?

A
  • Ensure risks are understood, considered and communicated
  • Aimed at IT Staff, Management, Users, Regulators
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is Establishing Context in the Risk Management Process?

A

Setting the playing field and understanding the current situation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is Risk Assessment in the Risk Management Process?

A
  • Recognizing and rating risks to determine priorities
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are the Steps of Risk Assessment?

A
  1. Identify potential risks
  2. Analyze likelihood and impact
  3. Prioritise risks based on severity
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is a Risk Identification in the Risk Management Process?

A

Working out the risks to your business

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What should be Considered when Identifying Risks?

A
  • Past events and risks
  • Possible future changes to your business environment
  • Social and community issues that can impact the business
  • Market research
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is Risk Analysis in the Risk Management Process?

A

Assessing likelihood + impact of the risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What Should be Considered in a Risk Analysis?

A
  • Existing Controls
  • Vulnerabilities
  • Exposures
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is Likelihood?

A
  • Chance of a hazardous event to occur
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is a Consequence?

A

Outcome of the hazardous event

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Formula for Risk?

Study These Flashcards
A

Risk = Likelihood * Impact

17
Q

What is Risk Evaluation in the Risk Management Process?

Study These Flashcards
A

Comparing and prioritizing risks and deciding which risks need treatment, monitoring, or acceptance?

18
Q

What is Risk Treatment in the Risk Management Process?

Study These Flashcards
A

Selecting actions to manage risk

19
Q

What are the Potential Actions Against Risk?

Study These Flashcards
A
  • Avoid/Eliminate
  • Control/Mitigate
  • Detect/Recover
  • Transfer/Share
  • Accept/Retain
Engineering Secure Software
flashcards
Decks in class (11)
# Cards
Brainscape helps you reach your goals faster, through stronger study habits.
© 2026 Bold Learning Solutions. Terms and Conditions