Information Security:
Legal
Five rules of evidence:
authentic, be accurate, be complete, be convincing, and be admissible
Phases of an incident response:
a. Documentation
b. Containment
c. Investigation
The abstract concepts of law infl uenced by the writings of legal scholars and academics ...Civil/tort law
Intellectual property covers the expression of ideas rather than the ideas themselves ......Copyright
Intellectual property protects the goodwill a merchant or vendor invests in its products....Trademark
Like incident response, computer forensics model with various computer forensics guidelines:
International Organization of Computer Evidence (IOCE), Scientific Working Group on Digital Evidence (SWGDE), Association of Chief Police Officers (ACPO). These guidelines formalize the computer forensic processes by breaking them into numerous phases or steps.
Categories of software licensing:
a. Freeware
b. Commercial
c. Academic
d. shareware
Within these categories, there are specific types of agreements. Master agreements and end-user licensing agreements (EULAs) are the most prevalent.
Incident response sub-phases triage encompasses:
Detection, identification, notification
Integrity of a forensic bit stream image is often determined by Comparing hash totals to the original source
Ensuring the authenticity and integrity of evidence is critical. If the courts feel the evidence or its copies are not accurate or lack integrity, it is doubtful that the evidence or any information derived from the evidence will be admissible. Th e current protocol for demonstrating authenticity and integrity relies on hash functions that create unique numerical signatures that are sensitive to any bit changes. Currently, if these signatures match the original or have not changed since the original collection, the courts will accept that integrity has been established.
When dealing with digital evidence:
The crime scene: Must have the least amount of contamination that is possible
Given the importance of the evidence that is available at a crime scene, the ability to deal with a scene in a manner that minimizes the amount of disruption, contamination, or destruction of evidence. Once a scene has been contaminated, there is no undo or redo button to push; the damage is done.
category of inappropriate activities:
Loss incurred unintentionally though the lack of operator training.....accidental loss
Theft of information or trade secrets for profit or unauthorized disclosure......intentionally illegal computer activity
Data scavenging through the resources available to normal system users......keyboard attack
Computer behavior that might be grounds for a job action or dismissal....Inappropriate computer activities
Maintenance accounts a threat to operations controls:
Maintenance accounts are commonly used by hackers to access network devices.
To guarantee that transaction records are retained IAW compliance requirements.....record retention.
A weakness in a system that could be exploited ....vulnerability
A company resource that could be lost due to an incident...asset
The minimization of loss associated with an incident ...risk management
A potential incident that could cause harm......threat
HIGHEST level of operator privilege .......Access Change
Object-oriented system:
is a group of independent objects that can be requested to perform certain operations or exhibit specific behaviors. These objects cooperate to provide the systems required functionality. The objects have an identity and can be created as the program executes (dynamic lifetime).
To provide the desired characteristics of object-oriented systems, the objects are encapsulated, i.e., they can only be accessed through messages sent to them to request performance of their defined operations. The object can be viewed as a black boxŽ whose internal details are hidden from outside observation and cannot normally be modified. Objects also exhibit the substitution property, which means that objects providing compatible operations can be substituted for each other.
In summary, an object-oriented system contains objects that exhibit the following properties:
Identity -- „each object has a name that is used to designate that object.
Encapsulation„an-- object can only be accessed through messages to perform its defined operations.
Substitution„ -- objects that perform compatible operations can be substituted for each other.
Dynamic--- lifetimes„ objects can be created as the program executes.
Functional programming, uses only mathematical functions to perform computations and solve problems. This approach is based on the assumption that any algorithm can be described as a mathematical function. Functional languages have the characteristics that::
1. They support functions and allow them to be manipulated by being passed as arguments and stored in data structures.
2. Functional abstraction is the only method of procedural abstraction.
In software engineering, the term verification is defined as:
To establish the truth of correspondence between a software product and its specification.
The discipline of identifying the components of a continually evolving system for the purposes of controlling changes to those components and maintaining integrity and traceability throughout the life cycle is called:
Configuration management
release control, involves deciding which requests are to be implemented in the new release, performing the changes and conducting testing.
Change control, involves the analysis and understanding of the existing code, and the design of changes, and corresponding test procedures.
The basic version of the Construction Cost Model (COCOMO), which proposes quantitative, life-cycle relationships, performs what function:
The Basic COCOMO Model:
The number of man-months (MM) required to develop the most common type of software product, in terms of the number of thousands of delivered source instructions (KDSI) in the software productŽ MM = 2.4 (KDSI)1.05.
The development schedule (TDEV) in monthsŽ
TDEV = 2.5(MM)0.38
In addition, Boehm has developed an intermediate COCOMO Model that also takes into account hardware constraints, personnel quality, use of modern tools, and other attributes and their aggregate impact on overall project costs. A detailed COCOMO Model, by Boehm, accounts for the effects of the additional factors used in the intermediate model on the costs of individual project phases.
The basic version of the Construction Cost Model (COCOMO), which proposes quantitative, life-cycle relationships, performs what function:
Estimates software development effort and cost as a function of the size of the software product in source instructions.
effort(sd) cost(size software products in source instruction)
The software development effort is determined using the following five user functions:
External input types
External output types
Logical internal file types
External interface file types
External inquiry types
Rayleigh curve:
applied to software development cost and effort estimation. In this method, estimates based on the number of lines of Source code are modified by the following two factors:
The manpower buildup index (MBI), which estimates the rate of buildup of staff on the project
A productivity factor (PF), which is based on the technology used.
Incremental development:
A refinement to the basic Waterfall Model that states that software should be developed in increments of functional capability.
The advantages of incremental development include the ease of testing increments of functional capability and the opportunity to incorporate user experience into a successively refined product.
The Spiral Model of the software development process uses metric relative to the spiral: The radial dimension represents cumulative cost
The radial dimension represents cumulative cost and the angular dimension represents progress made in completing each cycle of the spiral. The spiral model is actually a meta-model for software development processes.
A summary of the stages in the spiral is as follows:
1. The spiral begins in the top, left-hand quadrant by determining the objectives of the portion of the product being developed, the alternative means of implementing this portion of the product, and the constraints imposed on the application of the alternatives.
2. Next, the risks of the alternatives are evaluated based on the objectives and constraints. Following this step, the relative balances of the perceived risks are determined.
3. The spiral then proceeds to the lower right-hand quadrant where the development phases of the projects begin. A major review completes each cycle and then the process begins anew for succeeding phases of the project. Typical succeeding phases are software product design, integration and test plan development, additional risk analyses, operational prototype, detailed design, code, unit test, acceptance test, and implementation.
In the Capability Maturity Model (CMM) for software, the definition describes the range of expected results that can be achieved by following a software processŽ is that of:
Software process capability
A software process is a set of activities, methods, and practices that are used to develop and maintain software and associated products.
Software process capability is a means of predicting the outcome of the next software project conducted by an organization.
software process performance, is the result achieved by following a software process.
Thus, software capability is aimed at expected results while software performance is focused on results that have been achieved.
Software process maturity:
Defined
Managed
Measured
Controlled
Effective
Initial--->„the software process is ad hoc and most processes are undefined.
Repeatable---> „fundamental project management processes are in place.
Defined--->„the software process for both management and engineering functions is documented, standardized, and integrated into the organization.
Managed--->„the software process and product quality are measured, understood, and controlled.
Optimizing--->„continuous process improvement is being performed.
software process assessment VS a software capability evaluation
Software process assessments determine the state of an organizations current software process and are used to gain support from within the organization for a software process improvement program;
Software capability evaluations are used to identify contractors who are qualified to develop software or to monitor the state of the software process in a current software project.
Common term in object-oriented systems:
a. Behavior
b. Message
c. Method
Behavior, is a characteristic of an object.
The object is defined as a collection of operations that, when selected, reveal or manipulate the state of the object. Thus, consecutive invocations of an object may result in different behaviors, based on the last operations selected.
Message, is a request sent to an object to carry out a particular operation.
Method, is the code that describes what the object will do when sent a message.
In object-oriented programming, when all the methods of one class are passed on to a subclass, this is called: Inheritance
All the methods of one class, called a superclass are inherited by a subclass. Thus, all messages understood by the superclass are understood by the subclass.
In other words, the subclass inherits the behavior of the superclass.
Delegation, if an object does not have a method to satisfy a request it has received, it can delegate the request to another object.
object-oriented language:
a. Smalltalk
b. Simula 67
c. C++
Lisp is a functional language that processes symbolic expressions rather than numbers
Legal
Five rules of evidence:
authentic, be accurate, be complete, be convincing, and be admissible
Phases of an incident response:
a. Documentation
b. Containment
c. Investigation
The abstract concepts of law infl uenced by the writings of legal scholars and academics ...Civil/tort law
Intellectual property covers the expression of ideas rather than the ideas themselves ......Copyright
Intellectual property protects the goodwill a merchant or vendor invests in its products....Trademark
Like incident response, computer forensics model with various computer forensics guidelines:
International Organization of Computer Evidence (IOCE), Scientific Working Group on Digital Evidence (SWGDE), Association of Chief Police Officers (ACPO). These guidelines formalize the computer forensic processes by breaking them into numerous phases or steps.
Categories of software licensing:
a. Freeware
b. Commercial
c. Academic
d. shareware
Within these categories, there are specific types of agreements. Master agreements and end-user licensing agreements (EULAs) are the most prevalent.
Incident response sub-phases triage encompasses:
Detection, identification, notification
Integrity of a forensic bit stream image is often determined by Comparing hash totals to the original source
Ensuring the authenticity and integrity of evidence is critical. If the courts feel the evidence or its copies are not accurate or lack integrity, it is doubtful that the evidence or any information derived from the evidence will be admissible. Th e current protocol for demonstrating authenticity and integrity relies on hash functions that create unique numerical signatures that are sensitive to any bit changes. Currently, if these signatures match the original or have not changed since the original collection, the courts will accept that integrity has been established.
When dealing with digital evidence:
The crime scene: Must have the least amount of contamination that is possible
Given the importance of the evidence that is available at a crime scene, the ability to deal with a scene in a manner that minimizes the amount of disruption, contamination, or destruction of evidence. Once a scene has been contaminated, there is no undo or redo button to push; the damage is done.
category of inappropriate activities:
Loss incurred unintentionally though the lack of operator training.....accidental loss
Theft of information or trade secrets for profit or unauthorized disclosure......intentionally illegal computer activity
Data scavenging through the resources available to normal system users......keyboard attack
Computer behavior that might be grounds for a job action or dismissal....Inappropriate computer activities
Maintenance accounts a threat to operations controls:
Maintenance accounts are commonly used by hackers to access network devices.
To guarantee that transaction records are retained IAW compliance requirements.....record retention.
A weakness in a system that could be exploited ....vulnerability
A company resource that could be lost due to an incident...asset
The minimization of loss associated with an incident ...risk management
A potential incident that could cause harm......threat
HIGHEST level of operator privilege .......Access Change
Object-oriented system:
is a group of independent objects that can be requested to perform certain operations or exhibit specific behaviors. These objects cooperate to provide the systems required functionality. The objects have an identity and can be created as the program executes (dynamic lifetime).
To provide the desired characteristics of object-oriented systems, the objects are encapsulated, i.e., they can only be accessed through messages sent to them to request performance of their defined operations. The object can be viewed as a black boxŽ whose internal details are hidden from outside observation and cannot normally be modified. Objects also exhibit the substitution property, which means that objects providing compatible operations can be substituted for each other.
In summary, an object-oriented system contains objects that exhibit the following properties:
Identity -- „each object has a name that is used to designate that object.
Encapsulation„an-- object can only be accessed through messages to perform its defined operations.
Substitution„ -- objects that perform compatible operations can be substituted for each other.
Dynamic--- lifetimes„ objects can be created as the program executes.
Functional programming, uses only mathematical functions to perform computations and solve problems. This approach is based on the assumption that any algorithm can be described as a mathematical function. Functional languages have the characteristics that::
1. They support functions and allow them to be manipulated by being passed as arguments and stored in data structures.
2. Functional abstraction is the only method of procedural abstraction.
In software engineering, the term verification is defined as:
To establish the truth of correspondence between a software product and its specification.
The discipline of identifying the components of a continually evolving system for the purposes of controlling changes to those components and maintaining integrity and traceability throughout the life cycle is called:
Configuration management
release control, involves deciding which requests are to be implemented in the new release, performing the changes and conducting testing.
Change control, involves the analysis and understanding of the existing code, and the design of changes, and corresponding test procedures.
The basic version of the Construction Cost Model (COCOMO), which proposes quantitative, life-cycle relationships, performs what function:
The Basic COCOMO Model:
The number of man-months (MM) required to develop the most common type of software product, in terms of the number of thousands of delivered source instructions (KDSI) in the software productŽ MM = 2.4 (KDSI)1.05.
The development schedule (TDEV) in monthsŽ
TDEV = 2.5(MM)0.38
In addition, Boehm has developed an intermediate COCOMO Model that also takes into account hardware constraints, personnel quality, use of modern tools, and other attributes and their aggregate impact on overall project costs. A detailed COCOMO Model, by Boehm, accounts for the effects of the additional factors used in the intermediate model on the costs of individual project phases.
The basic version of the Construction Cost Model (COCOMO), which proposes quantitative, life-cycle relationships, performs what function:
Estimates software development effort and cost as a function of the size of the software product in source instructions.
effort(sd) cost(size software products in source instruction)
The software development effort is determined using the following five user functions:
External input types
External output types
Logical internal file types
External interface file types
External inquiry types
Rayleigh curve:
applied to software development cost and effort estimation. In this method, estimates based on the number of lines of Source code are modified by the following two factors:
The manpower buildup index (MBI), which estimates the rate of buildup of staff on the project
A productivity factor (PF), which is based on the technology used.
Incremental development:
A refinement to the basic Waterfall Model that states that software should be developed in increments of functional capability.
The advantages of incremental development include the ease of testing increments of functional capability and the opportunity to incorporate user experience into a successively refined product.
The Spiral Model of the software development process uses metric relative to the spiral: The radial dimension represents cumulative cost
The radial dimension represents cumulative cost and the angular dimension represents progress made in completing each cycle of the spiral. The spiral model is actually a meta-model for software development processes.
A summary of the stages in the spiral is as follows:
1. The spiral begins in the top, left-hand quadrant by determining the objectives of the portion of the product being developed, the alternative means of implementing this portion of the product, and the constraints imposed on the application of the alternatives.
2. Next, the risks of the alternatives are evaluated based on the objectives and constraints. Following this step, the relative balances of the perceived risks are determined.
3. The spiral then proceeds to the lower right-hand quadrant where the development phases of the projects begin. A major review completes each cycle and then the process begins anew for succeeding phases of the project. Typical succeeding phases are software product design, integration and test plan development, additional risk analyses, operational prototype, detailed design, code, unit test, acceptance test, and implementation.
In the Capability Maturity Model (CMM) for software, the definition describes the range of expected results that can be achieved by following a software processŽ is that of:
Software process capability
A software process is a set of activities, methods, and practices that are used to develop and maintain software and associated products.
Software process capability is a means of predicting the outcome of the next software project conducted by an organization.
software process performance, is the result achieved by following a software process.
Thus, software capability is aimed at expected results while software performance is focused on results that have been achieved.
Software process maturity:
Defined
Managed
Measured
Controlled
Effective
Initial--->„the software process is ad hoc and most processes are undefined.
Repeatable---> „fundamental project management processes are in place.
Defined--->„the software process for both management and engineering functions is documented, standardized, and integrated into the organization.
Managed--->„the software process and product quality are measured, understood, and controlled.
Optimizing--->„continuous process improvement is being performed.
software process assessment VS a software capability evaluation
Software process assessments determine the state of an organizations current software process and are used to gain support from within the organization for a software process improvement program;
Software capability evaluations are used to identify contractors who are qualified to develop software or to monitor the state of the software process in a current software project.
Common term in object-oriented systems:
a. Behavior
b. Message
c. Method
Behavior, is a characteristic of an object.
The object is defined as a collection of operations that, when selected, reveal or manipulate the state of the object. Thus, consecutive invocations of an object may result in different behaviors, based on the last operations selected.
Message, is a request sent to an object to carry out a particular operation.
Method, is the code that describes what the object will do when sent a message.
In object-oriented programming, when all the methods of one class are passed on to a subclass, this is called: Inheritance
All the methods of one class, called a superclass are inherited by a subclass. Thus, all messages understood by the superclass are understood by the subclass.
In other words, the subclass inherits the behavior of the superclass.
Delegation, if an object does not have a method to satisfy a request it has received, it can delegate the request to another object.
object-oriented language:
a. Smalltalk
b. Simula 67
c. C++
Lisp is a functional language that processes symbolic expressions rather than numbers
No comments:
Post a Comment