Physical and Software security controls
Uses a username and password to allow authorised access to a system
What is User Authenication?
Boundaries and parameters of a solution
What is scope
Related to security and not functionality, making sure the code is secure and stored responsibly.
what is Software Auditing
Deleting a third party software
What is managing risks of a third party software
When personal information is accessed, disclosed without authorisation, or is lost.
What is Data Breaches
Improving performance as well as adding new functionality
What is software updates
Limitations deriving from economical, technical, or social issues.
What is Constraints
Data loss (crashing bugs), Unauthorised access (lack of security), Third party service goes offline, Compliance with tech standards, Privacy issues (is data protected?), Legal issues (Copyright, Privacy), Licencing (all parts licensed appropriately)
What are Risks?
What is happening with the data input into a system
What are privacy issues
Emails used for phishing scams
Breaches of Privacy Law (fines)
What is Consequences
confirming that a user is allowed to access a resource via username and password
Cover page
TOC
Headings / Subheadings
Page numbers
Consistent formatting (font, size, colour)
What is the SRS format
a simulated cyber attack against your computer system to check for exploitable vulnerabilities
What is penetration testing?
Software that was not produced by the original developer but is used in the system
What is a third party
An attacker ‘spoofs’ an unsecured wifi network that a client connects too
What is Man-in-the-middle attacks
A value used to decrypt and encrypt a text or piece of information
What is a key
A formal piece of documentation detailing the foundational requirements of a software
What is Software Requirements Specifications (SRS)
A review process that ensures all software components and libraries used are compliant with licenses
What is a software license audit
Prevents malware from being installed
what is Antivirus software
Manipulation of the weakest link in a computer system (you nerd)
Social Engineering
Creating a public key and sending it to another party, after which using your private key to decrypt it
What is asymmetric encryption?
A drawn visualisation of how a systems complexity- how information is stored and sent throughout all the processes.
What is Data Flow Diagram
A deep dive analysis to detect whether sensitive data is properly encrypted and secured
What is a data security audit?
Detect packets of data leaving a network
Firewall
This protocol is the foundation of data communication for the World Wide Web, enabling the transfer of hypertext between clients and servers
What is HTTP