WGU, Information Security and Assurance (C725), SET II | 100 Questions with 100% Correct Answers

After determining the potential attack concepts, the next step in threat modeling is to perform ______________ analysis. ______________ analysis is also known as decomposing the application, system, or environment. The purpose of this task is to gain a greater understanding of the logic of the product as well as its interactions with external elements.Also known as decomposing the application - Reduction analysis Whether an application, a system, or an entire environment, it needs to be divided into smaller containers or compartments. Those might be subroutines, modules, or objects if you're focusing on software, computers, or operating systems; they might be protocols if you're focusing on systems or networks; or they might be departments, tasks, and networks if you're focusing on an entire business infrastructure. Each identified subelement should be evaluated in order to understand inputs, processing, security, data management, storage, and outputs. Trust Boundaries, Data Flow Paths, Input Points, Privileged Operations, Details about Security Stance and Approach - The Five Key Concepts in the Decomposition process. In the decomposition process, any location where the level of trust or security changes. - Trust Boundaries In the decomposition process, the movement of data between locations - Data Flow Paths In the decomposition process, locations where external input is received - Input Points In the decomposition process, any activity that requires greater privileges than of a standard user account or process, typically required to make system changes or alter security - Privileged Operations In the decomposition process, the declaration of the security policy, security foundations, and security assumptions - Details about Security Stance and Approach The concept that most computers, devices, networks, and systems are not built by a single entity. - supply chain