DoD 8500.2 establishes IA controls for information systems according to the Mission Assurance Categories (MAC) and confidentiality levels. Which of the following MAC levels requires high integrity and medium availability?
DoD 8500.2 establishes IA controls for information systems according to the Mission Assurance Categories (MAC) and confidentiality levels. Which of the following MAC levels requires high integrity and medium availability?
The DoD 8500.2 establishes IA controls depending on the Mission Assurance Categories (MAC) and confidentiality levels. MAC I requires high integrity and high availability. MAC II requires high integrity and medium availability, which fits the requirement stated in the question. MAC III requires basic integrity and availability.
Microsoft software security expert Michael Howard defines some heuristics for determining code review in "A Process for Performing Security Code Reviews".
Which of the following heuristics increase the application's attack surface? Each correct answer represents a complete solution. Choose all that apply.
Code listening on a globally accessible network interface increases the attack surface because it is exposed to potential attackers connected to the network. Anonymously accessible code poses a risk as it can be accessed without authentication, making it a potential target. Code that runs by default increases the attack surface because it is always active, providing more opportunities for exploitation. Finally, code that runs in elevated context poses a higher risk as it has more privileges, which can be leveraged by attackers if compromised.
Which of the following cryptographic system services ensures that information will not be disclosed to any unauthorized person on a local network?
The confidentiality service of a cryptographic system ensures that information will not be disclosed to any unauthorized person on a local network. Confidentiality protects data from being accessed by unauthorized parties, thereby maintaining privacy and secrecy.
What are the various activities performed in the planning phase of the Software Assurance Acquisition process? Each correct answer represents a complete solution. Choose all that apply.
In the planning phase of the Software Assurance Acquisition process, several vital activities are undertaken to ensure that software requirements, strategies, and evaluation criteria are adequately prepared. First, developing software requirements is crucial as it ensures the acquired software meets all functional and security specifications. Second, creating an acquisition strategy is essential as it outlines the approach for procuring software and addresses potential risks. Lastly, developing evaluation criteria and an evaluation plan allows stakeholders to establish a clear framework for assessing the proposals and capabilities of potential vendors. Implementing change control procedures is not part of the planning phase but rather associated with the monitoring and acceptance phase to handle deviations during and after deployment.
You work as a project manager for BlueWell Inc. You are working on a project and the management wants a rapid and cost-effective means for establishing priorities for planning risk responses in your project. Which risk management process can satisfy management's objective for your project?
To establish priorities for planning risk responses in a rapid and cost-effective manner, the most suitable process is Qualitative Risk Analysis. This process assesses the likelihood and impact of identified risks quickly and at a lower cost compared to Quantitative Analysis. It focuses on evaluating risks using subjective measures and expert judgment, thereby enabling the project manager to prioritize risks that need immediate attention or further analysis. Unlike quantitative methods, it does not require extensive data or complex modeling, making it ideal for quick decision-making and resource allocation within project constraints.