What is data protection?
Safe from unauthorized access, manipulation, or theft
Data protection ensures the confidentiality, integrity, and availability of data.
What does encryption do?
Encrypts data at rest and in transit
Ensures that intercepted data cannot be read without the encryption key.
Define confidentiality in data security.
Ensures sensitive user data is encrypted before storage
Protects data even if the database is compromised.
What is integrity in the context of data?
Prevents unauthorized modifications or tampering
Ensured by conducting data validation and integrity checks.
List common types of cyber attacks.
- Malware infections
- Ransomware incidents
- Phishing scams
- Denial of Service (DoS)
- SQL injections
- Cross-site scripting (XSS)
- Distributed denial of service (DDoS)
These attacks disrupt operations and compromise data integrity.
What is the GDPR requirement regarding data breaches?
Notify users within 72 hours of a data breach
GDPR stands for General Data Protection Regulation.
What are the stages of the software development process?
- Requirements definition
- Determining specifications
- Design
- Development
- Integration
- Testing and debugging
- Installation
- Maintenance
Each stage is crucial for successful software deployment.
How do end users’ capabilities influence secure software design?
- Low technical knowledge users need automatic security features
- Advanced users prefer customizable security settings
User experience shapes the implementation of security features.
True or false: Clueless users prioritize convenience over safety.
TRUE
They are more likely to fall for phishing or social engineering attacks.
What is the balance between usability and security?
Too much security can frustrate users; too little increases risk
A banking app should use MFA for security but also provide biometric authentication for ease of use.
Define availability in data security.
Ensures software and data are accessible when needed
Protects against DoS attacks, system failures, and data loss.
What is authorization in software security?
Controls what actions users can perform based on their roles
Uses role-based access control (RBAC) and least privilege principles.
What does accountability ensure in a system?
Actions can be traced back to a responsible party
Implemented through audit logs and tracking changes.
What is the role of cryptography?
Protects sensitive data using encryption algorithms
Ensures data integrity and authenticity with digital signatures.
What is sandboxing?
Restricts applications from accessing system resources beyond their scope
Prevents malware from affecting the rest of the system.
What is Privacy By Design?
Secure authentication is implemented before software deployment
Ensures data encryption and strong access controls are standard.
What is the purpose of code review?
Peer review of code to detect security issues before deployment
Helps identify logic errors and security flaws.
What is SAST?
Static Application Security Testing
Analyzes source code to find security vulnerabilities without executing the program.
What is DAST?
Dynamic Application Security Testing
Identifies application vulnerabilities by attacking a running application.
What is penetration testing?
Simulated cyberattack by ethical hackers to exploit vulnerabilities
Helps prevent unauthorized access and data breaches.
What is a vulnerability assessment?
Process of identifying, analyzing, and prioritizing security weaknesses
Aims to address weaknesses before they can be exploited.
What does input validation prevent?
Prevents SQL injection, XSS, and buffer overflow attacks
Ensures data integrity and security.
What is the purpose of error handling?
Prevents leakage of sensitive system information
Uses generic error messages instead of exposing system details.
