SSE Fundamentals
Balancing the investment in security controls commensurate with the associated risk
Adequate Security
During which SDLC phase should security be integrated?
Each phase
What is the most important factor to consider when selecting an SDLC model?
Organizational needs
Which technical management process is most helpful in making a choice when many options are available?
Decision Management
Which contract type presents the least risk due to underestimation of installation and configurations costs?
Fixed Price
An attack vector where an aggressor intercepts communications, examining the message
Confidentiality
What is the best approach for identifying organizational security authorities?
Identification and integration of both internal and external security authorities.
What is the purpose of assurance methods in SSE?
Providing confidence that security requirements are being met.
What is not an intended outcome of the quality assurance process?
Completely free of flaws
As an ISSE how should you contribute to the acquisition process?
Providing cybersecurity input
Examining legacy code and removing code that is no longer applicable
Reduced complexity
What is the best approach to ensure an effective system security governance framework?
Adopting a governance framework which integrates the appropriate standards with organizational policy.
What is the role of models in SSE?
Structured approach
Which technical management process confirms alignment?
Project Assessment and Control
SSE contributes to the overall design by achieving what outcome?
Adequate security
The role primarily responsible for helping the organization understand the needs to design a secure trustworthy system
System Engineer
What is utilizing a well-known interface in SDLC?
Open Design
Integrating security considerations early and continuously throughout SDLC is what approach?
DevSecOps
Which technical management process involves asset identification, threat enumeration, vulnerability assessment, likelihood and impact
Risk Management
What design concept best protects company developed data analysis algorithms?
Proprietary
The document that captures how information flows, is used, and is protected by the system
Information Management Model
Restricting access to application source code is what type of software design?
Proprietary Design
Which SDLC methodology is characterized by iterative development cycles that are fielded rapidly?
Agile
Which technical management process ensures compliance with defined requirements?
Quality Assurance
Which agreement process is responsible for identifying system security requirements?
Acquisition