Escrito por estudiantes que aprobaron Inmediatamente disponible después del pago Leer en línea o como PDF ¿Documento equivocado? Cámbialo gratis 4,6 TrustPilot
logo-home
Examen

CISSP - DOMAIN 8 WITH COMPLETE SOLUTIONS 100%

Puntuación
-
Vendido
-
Páginas
27
Grado
A+
Subido en
25-10-2023
Escrito en
2023/2024

CISSP - DOMAIN 8 WITH COMPLETE SOLUTIONS 100% Defining Good Code - Quality - ANSWER * How fit for a purpose something is * When developing software: It's usually thought of after the fact * Keys to ensuring quality: - Code Reviews - Interface Testing - Misuse cases Defining Good Code - Software Controls - ANSWER To address input, output, encryption, logical flow, methods for performing calculations, interprocess communication, access, and interaction with other software Defining Good Code - Security Controls - ANSWER * Usually technical * Will depend on: - Application's purpose - Environment in which it will run - Sensitivity of the data it will process - Functionality it will execute - Security policy attached to it * Example: If software will only be run behind 3 firewalls and accessible only by an administrator, it will have fewer security requirements. If it is a publicly-accessible web application it will be subject to quite a few very restrictive security controls Where Do We Place Security? - Introduction - ANSWER * Software is responsible for the vast majority of vulnerabilities * The importance of implementing proper security in software is a relatively new focus * It is very uncommon to find a software developer who is also a security professional * Software vendors are trying to get products to market as soon as possible and do not make security a priority * Customers have become accustomed to receiving software with security flaws that are then patched * Customers cannot fix the security flaws in software they purchase, so they resort to perimeter solutions Where Do We Place Security? - Environment vs. Application - ANSWER * Environment (At the OS) - Great to ensure a consistent approach, but the OS has no visibility or control of access activities within an application - Perimeter devices are more reactive in nature: they protect best against known vulnerabilities that are discovered over time * Application - Provides very granular control, but does nothing for security outside of the application, including any external resource the application requires - The more functionality that is packed into an application, the more difficult it becomes to achieve a good level of security hygiene Where Do We Place Security? - Implementation and Default Issues - ANSWER * Software should default to 'No Access' after installation * Security patches: Often not installed because the administrator: - Does not keep up to date on security vulnerabilities - May not realize the importance of applying patches - Might fear the patches will cause other problems Software Development Life Cycle - Introduction - ANSWER SDLC: Concerned with creating a repeatable and predictable process that development teams will follow - Desired results * Higher level of product quality * Fewer missed deadlines * Lower cost * Acceptable level of functionality Software Development Life Cycle - Phases - ANSWER * Requirements gathering: Figure out what the product will do when completed * Design: Plan how the product will be put together * Development: Put the product together * Testing/validation: Make sure the product does what the requirements said it should do * Release/maintenance: Ship the product and update as-needed Software Development Life Cycle - Phases with a Security Perspective - ANSWER * Requirements gathering - Security risk assessment - Privacy risk assessment - Risk-level acceptance - Informational, functional and behavioral requirements * Design - Attack surface analysis - Threat modeling * Development - Automated CASE tools - Static analysis * Testing/validation - Dynamic analysis - Fuzzing - Manual testing - Unit, integration, acceptance and regression testing * Release/maintenance - Final security review Software Development Life Cycle - Project Management - Introduction - ANSWER * Ties together all of the pieces required to deliver a product * Specifically ensures that each phase is addressed properly Software Development Life Cycle - Project Management - Security management - ANSWER * Part of PM in which a security plan is created from the beginning * It must be able to stand alone and have its own lifetime * Will be referenced after the project has been completed during audits and as a way to validate the product meets specific security objectives Software Development Life Cycle - Project Management - Statement of work (SOW) - ANSWER * Drives software projects being developed for specific customers * Helps clarify customer requirements Software Development Life Cycle - Project Management - Scope Creep - ANSWER * Addition of new requirements not originally envisioned * Project management must ensure that it adheres to the SOW closely to avoid it Software Development Life Cycle - Project Management - Work Breakdown Structure (WBS) - ANSWER * Defines the tasks and subtasks that are required to meet the stated requirements * The SDLC depends on it to be accurate Software Development Life Cycle - Requirements Gathering Phase - Focus - ANSWER * What the finished product should be capable of * What it should look like * How it should behave Software Development Life Cycle - Requirements Gathering Phase - Security related tasks - ANSWER * Security requirements * Security risk assessment * Privacy risk assessment - After completing it, we assign a privacy impact rating to each data element - Privacy Impact Ratings * P1: High Privacy Risk: PII is routinely handled and stored * P2: Moderate Privacy Risk: PII is handled in a one-time, user-initiated data transfer * P3: Low Privacy Risk: No PII is handled or stored * Risk-level acceptance: All possible risks will probably not be addressed, so the team should address the most important ones first Software Development Life Cycle - Requirements Gathering Phase - Models for Software Requirements - ANSWER * Informational model: Lists the type of information to be processed and how they are processed * Functional model: Lists the tasks and functions an application needs to provide

Mostrar más Leer menos
Institución
CISSP - Certified Information Systems Security Professional
Grado
CISSP - Certified Information Systems Security Professional










Ups! No podemos cargar tu documento ahora. Inténtalo de nuevo o contacta con soporte.

Escuela, estudio y materia

Institución
CISSP - Certified Information Systems Security Professional
Grado
CISSP - Certified Information Systems Security Professional

Información del documento

Subido en
25 de octubre de 2023
Número de páginas
27
Escrito en
2023/2024
Tipo
Examen
Contiene
Preguntas y respuestas

Temas

$14.39
Accede al documento completo:

¿Documento equivocado? Cámbialo gratis Dentro de los 14 días posteriores a la compra y antes de descargarlo, puedes elegir otro documento. Puedes gastar el importe de nuevo.
Escrito por estudiantes que aprobaron
Inmediatamente disponible después del pago
Leer en línea o como PDF


Documento también disponible en un lote

Conoce al vendedor

Seller avatar
Los indicadores de reputación están sujetos a la cantidad de artículos vendidos por una tarifa y las reseñas que ha recibido por esos documentos. Hay tres niveles: Bronce, Plata y Oro. Cuanto mayor reputación, más podrás confiar en la calidad del trabajo del vendedor.
NURS3RD Sprott Shaw College
Seguir Necesitas iniciar sesión para seguir a otros usuarios o asignaturas
Vendido
24
Miembro desde
3 año
Número de seguidores
18
Documentos
110
Última venta
1 año hace
NURS3RD

For students who want to achieve the best grades, I have quality reading materials for you , there are assignments, case studies, research, essay questions and answers, discussions and all topics 100% verified. quality guaranteed,feel free to contat me if you need assistance. Kindly rate the document after purchase to help me serve you better.

4.0

2 reseñas

5
1
4
0
3
1
2
0
1
0

Por qué los estudiantes eligen Stuvia

Creado por compañeros estudiantes, verificado por reseñas

Calidad en la que puedes confiar: escrito por estudiantes que aprobaron y evaluado por otros que han usado estos resúmenes.

¿No estás satisfecho? Elige otro documento

¡No te preocupes! Puedes elegir directamente otro documento que se ajuste mejor a lo que buscas.

Paga como quieras, empieza a estudiar al instante

Sin suscripción, sin compromisos. Paga como estés acostumbrado con tarjeta de crédito y descarga tu documento PDF inmediatamente.

Student with book image

“Comprado, descargado y aprobado. Así de fácil puede ser.”

Alisha Student

Preguntas frecuentes