SSCP : System Security Certified Practitioner (SSCP) : Part 52

SSCP : System Security Certified Practitioner (SSCP) : Part 52

  1. Which of the following should NOT be performed by an operator?

    • Implementing the initial program load
    • Monitoring execution of the system
    • Data entry
    • Controlling job flow

    Explanation:

    Under the principle of separation of duties, an operator should not be performing data entry. This should be left to data entry personnel.

    System operators represent a class of users typically found in data center environments where mainframe systems are used. They provide day-to-day operations of the mainframe environment, ensuring that scheduled jobs are running effectively and troubleshooting problems that may arise. They also act as the arms and legs of the mainframe environment, load and unloading tape and results of job print runs. Operators have elevated privileges, but less than those of system administrators. If misused, these privileges may be used to circumvent the system’s security policy. As such, use of these privileges should be monitored through audit logs.

    Some of the privileges and responsibilities assigned to operators include:

    Implementing the initial program load: This is used to start the operating system. The boot process or initial program load of a system is a critical time for ensuring system security. Interruptions to this process may reduce the integrity of the system or cause the system to crash, precluding its availability.

    Monitoring execution of the system: Operators respond to various events, to include errors, interruptions, and job completion messages.

    Volume mounting: This allows the desired application access to the system and its data.

    Controlling job flow: Operators can initiate, pause, or terminate programs. This may allow an operator to affect the scheduling of jobs. Controlling job flow involves the manipulation of configuration information needed by the system. Operators with the ability to control a job or application can cause output to be altered or diverted, which can threaten the confidentiality.

    Bypass label processing: This allows the operator to bypass security label information to run foreign tapes (foreign tapes are those from a different data center that would not be using the same label format that the system could run). This privilege should be strictly controlled to prevent unauthorized access.

    Renaming and relabeling resources: This is sometimes necessary in the mainframe environment to allow programs to properly execute. Use of this privilege should be monitored, as it can allow the unauthorized viewing of sensitive information.

    Reassignment of ports and lines: Operators are allowed to reassign ports or lines. If misused, reassignment can cause program errors, such as sending sensitive output to an unsecured location. Furthermore, an incidental port may be opened, subjecting the system to an attack through the creation of a new entry point into the system.

    Reference(s) used for this question:
    Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 19367-19395). Auerbach Publications. Kindle Edition.

    129
    Which of the following should be performed by an operator?

    A. Changing profiles
    B. Approving changes
    C. Adding and removal of users
    D. Installing system software

    Answer: D
    Of the listed tasks, installing system software is the only task that should normally be performed by an operator in a properly segregated environment.
    Source: MOSHER, Richard & ROTHKE, Ben, CISSP CBK Review presentation on domain 7.

  2. Which of the following is NOT a common integrity goal?

    • Prevent unauthorized users from making modifications.
    • Maintain internal and external consistency.
    • Prevent authorized users from making improper modifications.
    • Prevent paths that could lead to inappropriate disclosure.
    Explanation:

    Inappropriate disclosure is a confidentiality, not an integrity goal.
    All of the other choices above are integrity goals addressed by the Clark-Wilson integrity model.

    The Clark-Wilson model is an integrity model that addresses all three integrity goals:

    1. prevent unauthorized users from making modifications,
    2. prevent authorized users from making improper modifications, and
    3. maintain internal and external consistency through auditing.

    NOTE: Biba address only the first goal of integrity above

    Reference(s) used for this question:
    Harris, Shon (2012-10-18). CISSP All-in-One Exam Guide, 6th Edition (p. 1384). McGraw-Hill. Kindle Edition.

  3. When it comes to magnetic media sanitization, what difference can be made between clearing and purging information?

    • Clearing completely erases the media whereas purging only removes file headers, allowing the recovery of files.
    • Clearing renders information unrecoverable by a keyboard attack and purging renders information unrecoverable against laboratory attack.
    • They both involve rewriting the media.
    • Clearing renders information unrecoverable against a laboratory attack and purging renders information unrecoverable to a keyboard attack.
    Explanation:

    The removal of information from a storage medium is called sanitization. Different kinds of sanitization provide different levels of protection. A distinction can be made between clearing information (rendering it unrecoverable by a keyboard attack) and purging (rendering it unrecoverable against laboratory attack).

    There are three general methods of purging media: overwriting, degaussing, and destruction.

    There should be continuous assurance that sensitive information is protected and not allowed to be placed in a circumstance wherein a possible compromise can occur. There are two primary levels of threat that the protector of information must guard against: keyboard attack (information scavenging through system software capabilities) and laboratory attack (information scavenging through laboratory means). Procedures should be implemented to address these threats before the Automated Information System (AIS) is procured, and the procedures should be continued throughout the life cycle of the AIS.

    Reference(s) use for this question:
    SWANSON, Marianne & GUTTMAN, Barbara, National Institute of Standards and Technology (NIST), NIST Special Publication 800-14, Generally Accepted Principles and Practices for Securing Information Technology Systems, September 1996 (page 26).

    and
    A guide to understanding Data Remanence in Automated Information Systems

  4. Which of the following statements pertaining to a security policy is incorrect?

    • Its main purpose is to inform the users, administrators and managers of their obligatory requirements for protecting technology and information assets.
    • It specifies how hardware and software should be used throughout the organization.
    • It needs to have the acceptance and support of all levels of employees within the organization in order for it to be appropriate and effective.
    • It must be flexible to the changing environment.
    Explanation:

    A security policy would NOT define how hardware and software should be used throughout the organization. A standard or a procedure would provide such details but not a policy.
    A security policy is a formal statement of the rules that people who are given access to anorganization’s technology and information assets must abide. The policy communicates the security goals to all of the users, the administrators, and the managers. The goals will be largely determined by the following key tradeoffs: services offered versus security provided, ease of use versus security, and cost of security versus risk of loss.

    The main purpose of a security policy is to inform the users, the administrators and the managers of their obligatory requirements for protecting technology and information assets.

    The policy should specify the mechanisms through which these requirements can be met. Another purpose is to provide a baseline from which to acquire, configure and audit computer systems and networks for compliance with the policy. In order for a security policy to be appropriate and effective, it needs to have the acceptance and support of all levels of employees within the organization. A good security policy must:

    • Be able to be implemented through system administration procedures, publishing of acceptable use guidelines, or other appropriate methods
    • Be able to be enforced with security tools, where appropriate, and with sanctions, where actual prevention is not technically feasible
    • Clearly define the areas of responsibility for the users, the administrators, and the managers
    • Be communicated to all once it is established
    • Be flexible to the changing environment of a computer network since it is a living document

    Reference(s) used for this question:

    National Security Agency, Systems and Network Attack Center (SNAC),The 60 Minute Network Security Guide, February 2002, page 7.
    or
    A local copy is kept at:
    https://www.freepracticetests.org/documents/The%2060%20Minute%20Network%20Security%20Guide.pdf

  5. Which software development model is actually a meta-model that incorporates a number of the software development models?

    • The Waterfall model
    • The modified Waterfall model
    • The Spiral model
    • The Critical Path Model (CPM)
    Explanation:
    The spiral model is actually a meta-model that incorporates a number of the software development models. This model depicts a spiral that incorporates the various phases of software development. The model states that each cycle of the spiral involves the same series of steps for each part of the project. CPM refers to the Critical Path Methodology.
    Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 7: Applications and Systems Development (page 246).

  6. Which of the following is used in database information security to hide information?

    • Inheritance
    • Polyinstantiation
    • Polymorphism
    • Delegation
    Explanation:
    Polyinstantiation enables a relation to contain multiple tuples with the same primary keys with each instance distinguished by a security level. When this information is inserted into a database, lower-level subjects need to be restricted from this information. Instead of just restricting access, another set of data is created to fool the lower-level subjects into thinking that the information actually means something else.
    Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, chapter 11: Application and System Development (page 727).

  7. Which expert system operating mode allows determining if a given hypothesis is valid?

    • Blackboard
    • Lateral chaining
    • Forward chaining
    • Backward chaining
    Explanation:

    Backward-chaining mode – the expert system backtracks to determine if a given hypothesis is valid. Backward-chaining is generally used when there are a large number of possible solutions relative to the number of inputs.

    Incorrect answers are:
    In a forward-chaining mode, the expert system acquires information and comes to a conclusion based on that information. Forward-chaining is the reasoning approach that can be used when there is a small number of solutions relative to the number of inputs.

    Blackboard is an expert system-reasoning methodology in which a solution is generated by the use of a virtual blackboard, wherein information or potential solutions are placed on the blackboard by a plurality of individuals or expert knowledge sources. As more information is placed on the blackboard in an iterative process, a solution is generated.

    Lateral-chaining mode – No such expert system mode.
    Sources:

    KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 7: Applications and Systems Development (page 259).
    KRUTZ, Ronald & VINES, Russel, The CISSP Prep Guide: Gold Edition, Wiley Publishing Inc., 2003, Chapter 7: Expert Systems (page 354).

  8. Why does compiled code pose more of a security risk than interpreted code?

    • Because malicious code can be embedded in compiled code and be difficult to detect.
    • If the executed compiled code fails, there is a chance it will fail insecurely.
    • Because compilers are not reliable.
    • There is no risk difference between interpreted code and compiled code.
    Explanation:

    From a security standpoint, a compiled program is less desirable than an interpreted one because malicious code can be
    resident somewhere in the compiled code, and it is difficult to detect in a very large program.

    Incorrect answers:

    There is a risk difference between interpreted code and compiled code.

    Compilers are reliable.
    The risk of a program failing insecurely is not the result of compiled or interpreted code.

    Sources:
    KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 7: Applications and Systems Development (page 263).
    KRUTZ, Ronald & VINES, Russel, The CISSP Prep Guide: Gold Edition, Wiley Publishing Inc., 2003, Chapter 2: Security Architecture and Models, Software (page 258).

  9. What is called a system that is capable of detecting that a fault has occurred and has the ability to correct the fault or operate around it?

    • A fail safe system
    • A fail soft system
    • A fault-tolerant system
    • A failover system
    Explanation:
    A fault-tolerant system is capable of detecting that a fault has occurred and has the ability to correct the fault or operate around it. In a fail-safe system, program execution is terminated, and the system is protected from being compromised when a hardware or software failure occurs and is detected. In a fail-soft system, when a hardware or software failure occurs and is detected, selected, non-critical processing is terminated. The term failover refers to switching to a duplicate “hot” backup component in real-time when a hardware or software failure occurs, enabling processing to continue.
    Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 5: Security Architecture and Models (page 196).

  10. What is defined as the hardware, firmware and software elements of a trusted computing base that implement the reference monitor concept?

    • The reference monitor
    • Protection rings
    • A security kernel
    • A protection domain
    Explanation:
    A security kernel is defined as the hardware, firmware and software elements of a trusted computing base that implement the reference monitor concept. A reference monitor is a system component that enforces access controls on an object. A protection domain consists of the execution and memory space assigned to each process. The use of protection rings is a scheme that supports multiple protection domains.
    Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 5: Security Architecture and Models (page 194).

  11. Which of the following computer design approaches is based on the fact that in earlier technologies, the instruction fetch was the longest part of the cycle?

    • Pipelining
    • Reduced Instruction Set Computers (RISC)
    • Complex Instruction Set Computers (CISC)
    • Scalar processors
    Explanation:
    Complex Instruction Set Computer (CISC) uses instructions that perform many operations per instruction. It was based on the fact that in earlier technologies, the instruction fetch was the longest part of the cycle. Therefore, by packing more operations into an instruction, the number of fetches could be reduced. Pipelining involves overlapping the steps of different instructions to increase the performance in a computer. Reduced Instruction Set Computers (RISC) involve simpler instructions that require fewer clock cycles to execute. Scalar processors are processors that execute one instruction at a time.
    Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 5: Security Architectures and Models (page 188).

  12. What is used to protect programs from all unauthorized modification or executional interference?

    • A protection domain
    • A security perimeter
    • Security labels
    • Abstraction
    Explanation:
    A protection domain consists of the execution and memory space assigned to each process. The purpose of establishing a protection domain is to protect programs from all unauthorized modification or executional interference. The security perimeter is the boundary that separates the Trusted Computing Base (TCB) from the remainder of the system. Security labels are assigned to resources to denote a type of classification. Abstraction is a way to protect resources in the fact that it involves viewing system components at a high level and ignoring its specific details, thus performing information hiding.
    Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 5: Security Architecture and Models (page 193).

  13. Which of the following statements pertaining to software testing approaches is correct?

    • A bottom-up approach allows interface errors to be detected earlier.
    • A top-down approach allows errors in critical modules to be detected earlier.
    • The test plan and results should be retained as part of the system’s permanent documentation.
    • Black box testing is predicated on a close examination of procedural detail.
    Explanation:

    A bottom-up approach to testing begins testing of atomic units, such as programs or modules, and works upwards until a complete system testing has taken place. It allows errors in critical modules to be found early. A top-down approach allows for early detection of interface errors and raises confidence in the system, as programmers and users actually see a working system. White box testing is predicated on a close examination of procedural detail. Black box testing examines some aspect of the system with little regard for the internal logical structure of the software.
    Source: Information Systems Audit and Control Association, Certified Information Systems Auditor 2002 review manual, Chapter 6: Business Application System Development, Acquisition, Implementation and Maintenance (page 300).

    Top Down Testing: An approach to integration testing where the component at the top of the component hierarchy is tested first, with lower level components being simulated by stubs. Tested components are then used to test lower level components. The process is repeated until the lowest level components have been tested.

    Bottom Up Testing: An approach to integration testing where the lowest level components are tested first, then used to facilitate the testing of higher level components. The process is repeated until the component at the top of the hierarchy is tested.

    Black Box Testing: Testing based on an analysis of the specification of a piece of software without reference to its internal workings. The goal is to test how well the component conforms to the published requirements for the component.

  14. Which of the following test makes sure the modified or new system includes appropriate access controls and does not introduce any security holes that might compromise other systems?

    • Recovery testing
    • Security testing
    • Stress/volume testing
    • Interface testing
    Explanation:

    Security testing makes sure the modified or new system includes appropriate access controls and does not introduce any security holes that might compromise other systems.

    Recovery testing checks the system’s ability to recover after a software or hardware failure.

    Stress/volume testing involves testing an application with large quantities of data in order to evaluate performance during peak hours.
    Interface testing evaluates the connection of two or more components that pass information from one area to another.

    Source: Information Systems Audit and Control Association, Certified Information Systems Auditor 2002 review manual, Chapter 6: Business Application System Development, Acquisition, Implementation and Maintenance (page 300).

  15. Which of the following statements pertaining to software testing is incorrect?

    • Unit testing should be addressed and considered when the modules are being designed.
    • Test data should be part of the specifications.
    • Testing should be performed with live data to cover all possible situations.
    • Test data generators can be used to systematically generate random test data that can be used to test programs.
    Explanation:

    Live or actual field data is not recommended for use in the testing procedures because both data types may not cover out of range situations and the correct outputs of the test are unknown. Live data would not be the best data to use because of the lack of anomalies and also because of the risk of exposure to your live data.

    Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 7: Applications and Systems Development (page 251).

  16. Which of the following can be defined as the process of rerunning a portion of the test scenario or test plan to ensure that changes or corrections have not introduced new errors?

    • Unit testing
    • Pilot testing
    • Regression testing
    • Parallel testing
    Explanation:
    Regression testing is the process of rerunning a portion of the test scenario or test plan to ensure that changes or corrections have not introduced new errors. The data used in regression testing should be the same as the data used in the original test. Unit testing refers to the testing of an individual program or module. Pilot testing is a preliminary test that focuses only on specific and predetermined aspects of a system. Parallel testing is the process of feeding test data into two systems and comparing the results.
    Source: Information Systems Audit and Control Association, Certified Information Systems Auditor 2002 review manual, Chapter 6: Business Application System Development, Acquisition, Implementation and Maintenance (page 300).

  17. Which of the following is less likely to be included in the change control sub-phase of the maintenance phase of a software product?

    • Estimating the cost of the changes requested
    • Recreating and analyzing the problem
    • Determining the interface that is presented to the user
    • Establishing the priorities of requests
    Explanation:
    Change control sub-phase includes Recreating and analyzing the problem, Determining the interface that is presented to the user, and Establishing the priorities of requests.
    Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 7: Applications and Systems Development (page 252).

  18. What is the act of obtaining information of a higher sensitivity by combining information from lower levels of sensitivity?

    • Polyinstantiation
    • Inference
    • Aggregation
    • Data mining
    Explanation:

    Aggregation is the act of obtaining information of a higher sensitivity by combining information from lower levels of sensitivity.

    The incorrect answers are:

    Polyinstantiation is the development of a detailed version of an object from another object using different values in the new object.

    Inference is the ability of users to infer or deduce information about data at sensitivity levels for which they do not have access privilege.

    Data mining refers to searching through a data warehouse for data correlations.

    Sources:

    KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 7: Applications and Systems Development (page 261).
    KRUTZ, Ronald & VINES, Russel, The CISSP Prep Guide: Gold Edition, Wiley Publishing Inc., 2003, Chapter 7: Database Security Issues (page 358).

  19. Which of the following phases of a software development life cycle normally addresses Due Care and Due Diligence?

    • Implementation
    • System feasibility
    • Product design
    • Software plans and requirements
    Explanation:

    The software plans and requirements phase addresses threats, vulnerabilities, security requirements, reasonable care, due diligence, legal liabilities, cost/benefit analysis, level of protection desired, test plans.

    Implementation is incorrect because it deals with Installing security software, running the system, acceptance testing, security software testing, and complete documentation certification and accreditation (where necessary).

    System Feasibility is incorrect because it deals with information security policy, standards, legal issues, and the early validation of concepts.

    Product design is incorrect because it deals with incorporating security specifications, adjusting test plans and data,
    determining access controls, design documentation, evaluating encryption options, and verification.

    Sources:

    KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 7: Applications and Systems Development (page 252).
    KRUTZ, Ronald & VINES, Russel, The CISSP Prep Guide: Gold Edition, Wiley Publishing Inc., 2003, Chapter 7: Security Life Cycle Components, Figure 7.5 (page 346).

  20. Which of the following phases of a software development life cycle normally incorporates the security specifications, determines access controls, and evaluates encryption options?

    • Detailed design
    • Implementation
    • Product design
    • Software plans and requirements
    Explanation:

    The Product design phase deals with incorporating security specifications, adjusting test plans and data, determining access controls, design documentation, evaluating encryption options, and verification.

    Implementation is incorrect because it deals with Installing security software, running the system, acceptance testing, security software testing, and complete documentation certification and accreditation (where necessary).

    Detailed design is incorrect because it deals with information security policy, standards, legal issues, and the early validation of concepts.
    software plans and requirements is incorrect because it deals with addressesing threats, vulnerabilities, security requirements, reasonable care, due diligence, legal liabilities, cost/benefit analysis, level of protection desired, test plans.

    Sources:

    KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 7: Applications and Systems Development (page 252).
    KRUTZ, Ronald & VINES, Russel, The CISSP Prep Guide: Gold Edition, Wiley Publishing Inc., 2003, Chapter 7: Security Life Cycle Components, Figure 7.5 (page 346).

    145
    At which of the basic phases of the System Development Life Cycle are security requirements formalized?

    A. Disposal
    B. System Design Specifications
    C. Development and Implementation
    D. Functional Requirements Definition

    Answer: D
    During the Functional Requirements Definition the project management and systems development teams will conduct a comprehensive analysis of current and possible future functional requirements to ensure that the new system will meet end-user needs. The teams also review the documents from the project initiation phase and make any revisions or updates as needed. For smaller projects, this phase is often subsumed in the project initiation phase. At this point security requirements should be formalized.

    The Development Life Cycle is a project management tool that can be used to plan, execute, and control a software development project usually called the Systems Development Life Cycle (SDLC).

    The SDLC is a process that includes systems analysts, software engineers, programmers, and end users in the project design and development. Because there is no industry-wide SDLC, an organization can use any one, or a combination of SDLC methods.

    The SDLC simply provides a framework for the phases of a software development project from defining the functional requirements to implementation. Regardless of the method used, the SDLC outlines the essential phases, which can be shown together or as separate elements. The model chosen should be based on the project.

    For example, some models work better with long-term, complex projects, while others are more suited for short-term projects. The key element is that a formalized SDLC is utilized.

    The number of phases can range from three basic phases (concept, design, and implement) on up.

    The basic phases of SDLC are:

    Project initiation and planning
    Functional requirements definition
    System design specifications
    Development and implementation
    Documentation and common program controls
    Testing and evaluation control, (certification and accreditation)
    Transition to production (implementation)

    The system life cycle (SLC) extends beyond the SDLC to include two additional phases:

    Operations and maintenance support (post-installation)
    Revisions and system replacement

    System Design Specifications
    This phase includes all activities related to designing the system and software. In this phase, the system architecture, system outputs, and system interfaces are designed. Data input, data flow, and output requirements are established and security features are designed, generally based on the overall security architecture for the company.

    Development and Implementation
    During this phase, the source code is generated, test scenarios and test cases are developed, unit and integration testing is conducted, and the program and system are documented for maintenance and for turnover to acceptance testing and production. As well as general care for software quality, reliability, and consistency of operation, particular care should be taken to ensure that the code is analyzed to eliminate common vulnerabilities that might lead to security exploits and other risks.

    Documentation and Common Program Controls
    These are controls used when editing the data within the program, the types of logging the program should be doing, and how the program versions should be stored. A large number of such controls may be needed, see the reference below for a full list of controls.

    Acceptance
    In the acceptance phase, preferably an independent group develops test data and tests the code to ensure that it will function within the organization’s environment and that it meets all the functional and security requirements. It is essential that an independent group test the code during all applicable stages of development to prevent a separation of duties issue. The goal of security testing is to ensure that the application meets its security requirements and specifications. The security testing should uncover all design and implementation flaws that would allow a user to violate the software security policy and requirements. To ensure test validity, the application should be tested in an environment that simulates the production environment. This should include a security certification package and any user documentation.

    Certification and Accreditation (Security Authorization)
    Certification is the process of evaluating the security stance of the software or system against a predetermined set of security standards or policies. Certification also examines how well the system performs its intended functional requirements. The certification or evaluation document should contain an analysis of the technical and nontechnical security features and countermeasures and the extent to which the software or system meets the security requirements for its mission and operational environment.

    Transition to Production (Implementation)
    During this phase, the new system is transitioned from the acceptance phase into the live production environment. Activities during this phase include obtaining security accreditation; training the new users according to the implementation and training schedules; implementing the system, including installation and data conversions; and, if necessary, conducting any parallel operations.

    Revisions and System Replacement
    As systems are in production mode, the hardware and software baselines should be subject to periodic evaluations and audits. In some instances, problems with the application may not be defects or flaws, but rather additional functions not currently developed in the application. Any changes to the application must follow the same SDLC and be recorded in a change management system. Revision reviews should include security planning and procedures to avoid future problems. Periodic application audits should be conducted and include documenting security incidents when problems occur. Documenting system failures is a valuable resource for justifying future system enhancements.

    Below you have the phases used by NIST in it’s 800-63 Revision 2 document

    As noted above, the phases will vary from one document to another one. For the purpose of the exam use the list provided in the official ISC2 Study book which is presented in short form above. Refer to the book for a more detailed description of activities at each of the phases of the SDLC.

    However, all references have very similar steps being used. As mentioned in the official book, it could be as simple as three phases in it’s most basic version (concept, design, and implement) or a lot more in more detailed versions of the SDLC.
    The key thing is to make use of an SDLC.

    SSCP System Security Certified Practitioner (SSCP) Part 52 Q20 042
    SSCP System Security Certified Practitioner (SSCP) Part 52 Q20 042

     

    SDLC phases

    Reference(s) used for this question:

    NIST SP 800-64 Revision 2 at http://csrc.nist.gov/publications/nistpubs/800-64-Rev2/SP800-64-Revision2.pdf
    and
    Schneiter, Andrew (2013-04-15). Official (ISC)2 Guide to the CISSP CBK, Third Edition: Software Development Security ((ISC)2 Press) (Kindle Locations 134-157). Auerbach Publications. Kindle Edition.

Subscribe
Notify of
guest
0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments