Term
|
Definition
| Took into account each stage but did not take into account any rework that may be required by later stages |
|
|
Term
|
Definition
-Allows developer to go back and work on the previous stage
-Limited to one stage back
-Fundamental problem:
-Assumes that a stage will finish at a specific time
-Usually not the case in the real world
-If an ending phase is forcibly tied to a milestone, the milestone can not be considered met until the rework is concluded
-In 1976 Barry Boehm, reworked waterfall model to have all phases end with a Milestone and the back references represents verification and validation against baselines |
|
|
Term
|
Definition
| Evaluates the product against the specification |
|
|
Term
|
Definition
| Evaluates the product against the real world requirements |
|
|
Term
|
Definition
1)System Requirements
2)Software Requirements
3)Analysis
4)Program Design
5)Coding
6)Testing
7)Operations & Maintenance |
|
|
Term
|
Definition
-Developed in 1988 by Barry Boehm
-Incorporates the various phases of software development
-Broken out into Quadrants
-Cost is on the radial dimension (Y – Axis) |
|
|
Term
|
Definition
1)Lower Left – Developing Plans
2)Upper Left – Defines Objectives
3)Upper Right – Prototyping to identify risks
4)Lower Right – Final Development
5)Left Horizontal Axis represents major review to complete each full cycle |
|
|
Term
|
Definition
-Unit testing should be addressed when modules are designed
-Personnel separate from the developers should test
-Should include out of range situations
-Test cases should be used with known expected values |
|
|
Term
|
Definition
| BS 7799 – The discipline of identifying components of a continually evolving system for the purposes of controlling changes to those components maintaining integrity and traceability throughout the lifecycle. |
|
|
Term
| Configuration Management components |
|
Definition
-Configuration Item – component which is to be changed
-Version – recorded state of the configuration item
-Configuration – collection of component configuration
-Building – process of assembling a version
-Build List – set of version used to build configuration item
-Software Library – controlled area |
|
|
Term
| Configuration Identification |
|
Definition
| Identify and document the functional characteristics of configuration item |
|
|
Term
|
Definition
| Control changes to configuration items from software library, issuing versions |
|
|
Term
| Configuration Status Accounting |
|
Definition
| Record the processing of changes |
|
|
Term
|
Definition
| Control of the quality of configuration management |
|
|
Term
| Software Capability Maturity Model (CMM) |
|
Definition
| Quality of finished product is a component of the quality of the development process. Developed by the Software Engineering Group (SEI) in 1986 |
|
|
Term
|
Definition
| Level 1 of the CMM –– competent people, processes are informal and ad hoc |
|
|
Term
|
Definition
| Level 2 of the CMM –– has project management processes |
|
|
Term
|
Definition
| Level 3 of the CMM –– technical practices are integrated with management practices |
|
|
Term
|
Definition
| Level 4 of the CMM –– product and processes are quantitatively controlled |
|
|
Term
|
Definition
| Level 5 of the CMM – Continuous process improvement |
|
|
Term
|
Definition
| 1st phase of the IDEA Model –– begin formal process improvement effort |
|
|
Term
|
Definition
| 2nd phase of the IDEA Model –– Perform Assessment |
|
|
Term
|
Definition
| 3rd phase of the IDEAL Model ––prioritized action plan |
|
|
Term
|
Definition
| 4th phase of the IDEAL Model –– implement process improvement |
|
|
Term
|
Definition
| 5th phase of the IDEAL Model –– reassess and continuously improve |
|
|
Term
| Benefits of the IDEAL Model |
|
Definition
-Improved Software Quality
-Reduced Lifecycle
-More accurate scheduling
-Management visibility
-Proactive Planning and tracking |
|
|
Term
| Software Development Life Cycle phases |
|
Definition
1)System Feasibility
2)Software Plans & Requirements
3)Product Design
4)Detailed Design
5)Coding
6)Integration Product
7)Implementation
8)Operations & Maintenance |
|
|
Term
| Operations & Maintenance - sub processes (SDLC) |
|
Definition
1)Revalidate Security controls
2)Deliver changes
3)Conduct Penetration testing and vulnerability analysis
4)Evaluate conformance to SLA and validations
5)Manage Request for Changes
6)Update documentation, recertification
Implement change control |
|
|
Term
| Implmenetation - sub processes (SDLC) |
|
Definition
1)Install Security Software
2)Test Security Software
3)Run Systems
4)Complete Documentation, certification, and accreditation
5)Conduct Acceptance Testing |
|
|
Term
| Integration Product - sub processes (SDLC) |
|
Definition
1)Integrate Security Components
2)Refine Documentation
3)Test Integrated Modules
4)Conduct Security Related product verification |
|
|
Term
| Coding - sub processes (SDLC) |
|
Definition
1)Develop information security-related code
2)Support business continuity plan
3)Implement unit testing
4)Develop documentation
5)Incorporate other modules or units |
|
|
Term
| Detailed Design - sub processes (SDLC) |
|
Definition
1)Design Security Controls Commensurate with legal requirements
2)Detailed Documentation Design
3)Design Access Controls
4)Consider Business Continuity Issues
5)Employ Encryption
6)Finalize User GUI
7)Adapt Security Test Plans
8)Verification |
|
|
Term
| Product Design - sub processes (SDLC) |
|
Definition
1)Incorporate Security Specifications
2)Design Documentation
3)Adjust Test Plans and Data
4)Evaluate Encryption Options
5)Determine Access Controls
6)Verification |
|
|
Term
| Software Plans & Requirements - sub processes (SDLC) |
|
Definition
1)Threats
2)Legal Liabilities
3)Vulnerabilities
4)Cost/Benefit Analysis
5)Security Requirements
6)Level of Protection Desired
7)Reasonable Care
8)Develop Test Plans
9)Due Diligence
10)Validation |
|
|
Term
| System Feasibility - sub processes (SDLC) |
|
Definition
1)Information Security Policy
2)Legal Issues
3)Standards
4)Early Validation of concepts |
|
|
Term
|
Definition
-Group of independent objects, cooperate to provide system’s functionality
-Objects are encapsulated – can be viewed as a black box
-According to Booch, each object has a State, Behaviour, and Identity |
|
|
Term
|
Definition
| Communication to an object to carry out an operation. Object Oriented System |
|
|
Term
|
Definition
| The code that defines the action of the object in response to a message. Object Oriented System |
|
|
Term
|
Definition
| Results exhibited by an object in response to a message. Object Oriented System |
|
|
Term
|
Definition
| Collection of common objects. Object Oriented Systems |
|
|
Term
|
Definition
| Objects are instances of classes that contain their methods. Object Oriented Systems |
|
|
Term
|
Definition
| Objects are instances of classes that contain their methods. Object Oriented Systems |
|
|
Term
|
Definition
| Forwarding a request by an object to another object, no method to service the request itself. Object Oriented Systems |
|
|
Term
|
Definition
| The development of a new version of an object from another object replacing variables with other values. |
|
|
Term
|
Definition
| Objects of many different classes that are related by some common superclass; thus any object denoted by this name is able to respond to some common set of operations in a different way |
|
|
Term
| Object Oriented Requirements Analysis (OORA) |
|
Definition
| 1st phase of Object Orientation, defines classes of objects and interaction |
|
|
Term
| Object Oriented Analysis (OOA) |
|
Definition
| 2nd phase of Object Orientation, understanding and modeling a problem |
|
|
Term
|
Definition
| 3rd phase of Object Orientation, identify objects and classes common to all application |
|
|
Term
| Object Oriented Design (OOD) |
|
Definition
| 4th phase of Object Orientation, object is the basic unit of modularity |
|
|
Term
| Object Oriented Programming (OOP) |
|
Definition
| 5th phase of Object Orientation, emphasizes employment of objects in programming |
|
|
Term
|
Definition
-Objects made available to users across networks.
-ORBs are middleware because they reside between two other entities
-Establishes client/server relationship between objects |
|
|
Term
| Common Object Request Broker (CORBA) Architecture |
|
Definition
-Developed by Object Management Group (OMG)
-Defines industry standard enabling different programs on different platforms to communicate |
|
|
Term
| Common Object Model (COM) |
|
Definition
-Formerly known as Object Linking and Embedding (OLE)
-Support exchange of objects between programs |
|
|
Term
| Distributed Common Object Model (DCOM) |
|
Definition
| Support exchange of objects across networks |
|
|
Term
| Object Oriented Languages |
|
Definition
- Simula 67 – first Object Oriented Language
- C++
- Smalltalk |
|
|
Term
| Artificial Intelligence Systems |
|
Definition
-Using software and hardware to solve problems
-Two Types of AI: (Expert Systems, and Neural Networks) |
|
|
Term
|
Definition
- Exhibits reasoning similar to that of a human
- Builds knowledge base (in the form of If-Then statements) of the domain to be addressed in the form of rules and an inference mechanism to determine if the rules have been satisfied by system input
- Contains an Inference engine and knowledge base
- Knowledge Base - contains facts and rules |
|
|
Term
|
Definition
| Compares information acquired to the knowledge base |
|
|
Term
| Fuzzy Logic (addresses uncertainties) |
|
Definition
-Degrees of uncertainty whether something is true or false
-Fuzzification – apply membership function to input variable to determine degree of truth
-Inference – truth value applied to conclusion of each rule
-Composition – all subsets combined
-Defuzzification – convert fuzzy subset to a number |
|
|
Term
|
Definition
-Can be used to build expert system
-Acquisition of Knowledge is key
-Is a meta-model that incorporates a number of the software development models.
-Verification and validation – concerned with inconsistencies and conflicting rules |
|
|
Term
|
Definition
1)Analysis
2)Specification
3)Development
4)Deployment |
|
|
Term
|
Definition
-Based on functioning of biological neurons
-Neurons, signals are exchanged among neurons through electrical pulses traveling along an axon
-Electrical pulse arrives at a neuron at points called synapses
-Output = Input1*Weight1 + Input2*Weight2
-Summation of inputs with dynamic weights assigned to them
-One summing node is called a single-layer network
-Multiple summing nodes is a multi-layer network
-Training develops the weights
-Neural networks can be trained to give the correct response for each input. |
|
|
Term
|
Definition
| Can be used to define, store and manipulate data without writing specific programs to perform these functions. |
|
|
Term
|
Definition
1)Hierarchical
2)Mesh
3)Object-Oriented
4)Relational |
|
|
Term
|
Definition
| Act of obtaining information of higher sensitivity by combining information from lower levels of sensitivity |
|
|
Term
|
Definition
| Ability of users to infer or deduce info about data at sensitivity levels for which they do not have access. A link that enables an inference to occur is called an inference channel. |
|
|
Term
| Open Database Connectivity (ODBC) |
|
Definition
| Developed by Microsoft must be controlled. |
|
|
Term
|
Definition
-Repository of information from heterogeneous databases that is available for users to make queries.
-Data is normalized and redundant data is removed.
-Can be applied to audit logs and other info to find system anomalies |
|
|
Term
|
Definition
| Objective is to find relationships that were unknown up until now among data in warehouse. Searching for correlations |
|
|
Term
|
Definition
| Correlations or data about data |
|
|
Term
|
Definition
| Metadata is not stored in data warehouse. Metadata usually stored in a separate system. |
|
|
Term
|
Definition
-Database system for developers
-Records all data structures used by an application |
|
|
Term
| Preventative Application Control Types |
|
Definition
1)Accuracy - Data Checks, custom screens, validity checks, contingency planning and backups
2)Security - Firewalls, reference monitors, sensitivity labels, traffic padding, encryption, data classification, one-time passwords, separate test and development environments
3)Data Dictionary, programming standards, DBMS |
|
|
Term
| Detective Application Control Types |
|
Definition
1)Cyclic redundancy checks, structured walk throughs, hash totals, reasonableness checks
2)IDS, and audit trails
3)Comparison tools, relationship tests, reconciliation controls |
|
|
Term
| Corrective Application Control Types |
|
Definition
1)Accuracy - Backups, control reports, before and after imaging reports, checkpoint restarts
2)Emergency response, and reference monitor
3)Programs comments, database controls |
|
|
Term
| Application Control Types |
|
Definition
1)Preventative
2)Detective
3)Corrective |
|
|
Term
|
Definition
| Guarantees the level and quality of service |
|
|
Term
|
Definition
-Turn around times
-Average response times
-Number of on-line users
-System utilization rates
-System up times
-Volume of transactions
-Production problems |
|
|
Term
|
Definition
-Pose special challenges to security
-Security for distributed systems should include:
1.Access control
2.Identification
3.Authentication
4.Intrusion detection
5.Emergency response
6.Logs
7.Audit trails |
|
|
Term
|
Definition
| Type of distributed system |
|
|
Term
|
Definition
| Surrogate program performs services on behalf of another |
|
|
Term
|
Definition
| Acts on behalf of principal but may hide the principal |
|
|
Term
|
Definition
-Small applications in Java or C++, mobile code
-Can be downloaded from the web into a web browser.
-Can execute in the network browser |
|
|
Term
|
Definition
-Designed to run on constrained space
-An object-oriented, distributed, interpreted (not compiled), architecture-neutral, multithreaded, general purpose programming language |
|
|
Term
|
Definition
|
|
Term
|
Definition
| Executes one line at a time, run-time biding |
|
|
Term
|
Definition
| Translated into machine code, binding at compile time |
|
|
Term
|
Definition
-Can download mobile code in BASIC and C++
-Establishes trust between client and server with digital certificates |
|
|
Term
|
Definition
| Observes the system external behavior. |
|
|
Term
|
Definition
| Detailed exam of a logical path, checking the possible conditions. |
|
|
Term
|
Definition
| Poses more risk than interpreted code because malicious code can be embedded in the compiled code and can be difficult to detect |
|
|
Term
|
Definition
| The verification that what is being installed does not affect any portion of the application system already installed. It generally requires the support of automated process to repeat |
|
|
Term
|
Definition
| Normally used to identify the parts of the source code that have changed. |
|
|
Term
|
Definition
| Aimed at finding bugs in the relationship and interfaces between pairs of components. It does not normally test all functions. |
|
|
Term
|
Definition
| The testing of a piece of code. It will only detect errors in the piece of code being tested. |
|
|
Term
| Malicious Mobile Code Defenses |
|
Definition
-Configure firewall to screen applets
-Configure Web Browser to restrict or prevent applets
-Configure Web Browser to restrict or prevent applets from trusted servers
-Provide user awareness training on mobile code threats |
|
|
Term
|
Definition
-Lightweight programming technique
-Very few processes
-Minimal documentation
-Iterative
-self-organizing
-incremental
-emergence |
|
|
