Your company is engineering an information system to support the new business of selling toys online. As a security professional, you are working with the development team to review the design for flaws in the threat modeling process. Which of the following will you LEAST use in the process of identifying potential threats or design flaws?
A. Misuse case
B. STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege)
C. DREAD (Damage, Reproducibility, Exploitability, Affected Users, and Discoverability)
D. CWE (Common Weakness Enumeration)
Your company is engineering an information system to support the new business of selling toys online. As a security professional, you recommend following the ISO/IEC/IEEE 15288 standard (Systems and software engineering – System life cycle processes) to ensure the use of secure information system development processes. You also emphasize that “Information Management” is one of the most critical processes. To which of the following process families does the “Information Management” belong?
A. Agreement Processes
B. Organizational Project-Enabling Processes
C. Technical Management Processes
D. Technical Processes
Your company is engineering an information system to support the new business of selling toys online. As a security professional, in which phase should you ensure the use of secure information system development processes according to the System Development Life Cycle (SDLC) from the National Institute of Standards and Technology (NIST)?
D. Operations and Maintenance
Your organization implements mandatory access control based on the Bell-LaPadula Model which doesn’t support the strong star property, an alternative to the star property. There is a printer, classified as Top Secret, in your organization. Bob is a middle officer with a security clearance of Secret. He is also assigned both the simple and star security property defined in the Bell-LaPadula Model. Can Bob print his report to the printer classified as Top Secret?
A. Yes, Bell-LaPadula Model does not prohibit this type of information flow.
B. Yes, Bell-LaPadula Model allows reading data from the upper level of sensitivity.
C. No. Bell-LaPadula Model prohibits reading data from the upper level of sensitivity.
D. No. Bell-LaPadula Model prohibits writing data to a lower level of sensitivity.
Your company is engineering an information system (the system) to support the new business of selling toys online. As a security professional, you are a member of the engineering project team and responsible for ensuring the security needs are addressed properly and the information system is compliant with the security policies in your company. The project was kicked off last week. Which of the following should be determined first?
A. Categorize the system based on the impact if it is compromised
B. Select appropriate security controls from certain control frameworks
C. Scope and tailor the security controls based on business requirements
D. Evaluate the value of the data processed by the system and the impact in case the data is breached
I am committed to being a professional instructor and coach, and that is the driver for me to pass six ISC2 certification exams (CISSP, CSSLP, CCSP, ISSEP, ISSMP, and ISSAP) in 99 days last year (2018), all at the first attempt.
After recovering from eye surgery recently, I started to promote my classroom-based CISSP courses in Taiwan. To demonstrate my efforts and achievement, I decided to hang those certificates on the office wall today, only to find out that I’ve forgotten I didn’t receive the ISSAP and ISSMP certificate packages yet.
OMG, it seems that I have to wait for another 3 months to receive my certificates.
I will keep posting to share my experience. If you have any question, please feel free to post in my Facebook group, the Effective CISSP. Thanks for your attention.
Generic Risk Model with Key Risk Factors (NIST SP 800-30 R1)
Key Risk Factors
Risk is a function of the likelihood of a threat event’s occurrence and potential adverse impact should the event occur.
In assessing likelihoods, organizations examine vulnerabilities that threat events could exploit and also the mission/business function susceptibility to events for which no security controls or viable implementations of security controls exist (e.g., due to functional dependencies, particularly external dependencies).
The level of impact from a threat event is the magnitude of harm that can be expected to result from the consequences of unauthorized disclosure of information, unauthorized modification of information, unauthorized destruction of information, or loss of information or information system availability.
Risk models differ in the degree of detail and complexity with which threat events are identified. When threat events are identified with great specificity, threat scenarios can be modeled, developed, and analyzed.
Any circumstance or event with the potential to adversely impactorganizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, or the Nation through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service.
Threat events are caused by threat sources.
The intent and method targeted at the intentional exploitation of a vulnerability or a situation and method that may accidentally trigger a vulnerability. Synonymous with threat agent.
An individual or a group posing a threat.
An event or situation that has the potential for causing undesirable consequences or impact.
A bug, flaw, weakness, or exposure of an application, system, device, or service that could lead to a failure of confidentiality, integrity, or availability
NIST Special Publication 800-39 provides guidance on vulnerabilities at all three tiers in the risk management hierarchy and the potential adverse impact that can occur if threats exploit such vulnerabilities.
In general, risks materialize as a result of a series of threat events, each of which takes advantage of one or more vulnerabilities. Organizations define threat scenarios to describe how the events caused by a threat source can contribute to or cause harm. Development of threat scenarios is analytically useful, since some vulnerabilities may not be exposed to exploitation unless and until other vulnerabilities have been exploited.
A threat scenario tells a story, and hence is useful for risk communication as well as for analysis.
A predisposing condition is a condition that exists within an organization, a mission or business process, enterprise architecture, information system, or environment of operation, which affects (i.e., increases or decreases) the likelihood that threat events, once initiated, result in adverse impacts to organizational operations and assets, individuals, other organizations, or the Nation.
The concept of predisposing condition is also related to the term susceptibility or exposure. Organizations are not susceptible to risk (or exposed to risk) if a threat cannot exploit a vulnerability to cause adverse impact. For example, organizations that do not employ database management systems are not vulnerable to the threat of SQL injections and therefore, are not susceptible to such risk.
I passed the four ISACA certification exams (CISM, CRISC, CISA, and CGEIT) with 61 days in total or 175 study hours in 2018.
I was happily surprised that the Taiwan chapter gives awards to the Top 3 exam takers by the scaled score in each testing window of the year, and I am the lucky one in the Top 3 for each ISACA certification exam.
It’s my pleasure to be invited to give a brief address and share my experience with the chapter members.