Bash, the Crucial Exams Chat Bot
AI Bot
Secure Requirements (CSSLP) Flashcards
ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Flashcards
| Front | Back |
| Give an example of a non-functional security requirement | All sensitive data transmitted over the network must be encrypted using TLS. |
| How can misuse cases aid in identifying security requirements? | Misuse cases describe how malicious users might exploit a system, helping to identify vulnerabilities and potential countermeasures. |
| How can stakeholders contribute to defining security requirements? | By providing input on security needs, compliance obligations, and acceptable levels of risk based on organizational goals. |
| How do adversary profiles influence security requirements? | They help predict potential attackers' capabilities, motives, and methods, guiding the creation of defenses. |
| How do security requirements address data integrity? | They ensure that data is protected against unauthorized modifications, maintaining its accuracy and trustworthiness. |
| How does compliance influence security requirements? | Requirements must align with regulations and standards, such as GDPR, HIPAA, or PCI DSS, to meet legal and industry obligations. |
| What are derived security requirements? | Requirements that are identified during the design process based on high-level requirements or constraints. |
| What are functional security requirements? | Specific actions the system must take to enforce security, such as user authentication or access controls. |
| What are security requirements in the software development lifecycle? | Specific conditions or capabilities that a software system must have to protect sensitive data and maintain integrity, confidentiality, and availability. |
| What does confidentiality mean in the context of security requirements? | Ensuring that sensitive information is only accessible by authorized individuals or systems. |
| What is secure authentication and why is it critical? | Secure authentication ensures that only verified users can access a system, protecting against attacks like credential theft or impersonation. |
| What is security testing and how does it validate requirements? | A process to verify that implemented controls meet the defined security requirements and effectively mitigate identified threats. |
| What is the first step in identifying security requirements? | Understanding the business and security goals of the software system being developed. |
| What is the impact of regulatory changes on security requirements? | Regulatory changes can introduce new compliance mandates, requiring updates to existing security requirements. |
| What is the principle of least privilege? | A security guideline where users and systems are given the minimal levels of access necessary to perform their tasks. |
| What is the purpose of access control requirements? | To restrict access to sensitive systems and data based on user roles and permissions, ensuring unauthorized users are kept out. |
| What is the relationship between risk assessment and security requirements? | Risk assessment identifies potential vulnerabilities and their impacts, informing the creation and prioritization of security requirements. |
| What is the role of encryption in meeting security requirements? | Encryption protects sensitive data from unauthorized access both at rest and in transit, ensuring confidentiality. |
| What is the role of secure design principles in defining security requirements? | Secure design principles, such as defense-in-depth and fail-secure defaults, guide the creation of robust and resilient security requirements. |
| What is threat modeling and how does it guide security requirements? | A process that identifies potential threats to a system, helping to determine necessary security controls to mitigate risks. |
| Why is input validation a critical security requirement? | It prevents malicious inputs like SQL injection or cross-site scripting by ensuring data is properly sanitized. |
| Why is it important to integrate security requirements early in development? | It reduces the cost of fixing vulnerabilities and ensures more robust and secure software design. |
| Why is ongoing stakeholder communication important for security requirements? | It ensures that evolving risks, compliance needs, and business goals are consistently reflected in the software’s security features. |
| Why should security requirements be measurable? | To ensure they can be tested, verified, and validated during development and deployment. |
| Why should security requirements include auditing and monitoring capabilities? | To enable detection and response to security incidents and ensure accountability through recorded system activity. |
This deck focuses on identifying and defining security requirements in the software development process while ensuring compliance with relevant standards and regulations.