Security requirements are crucial to the effectiveness and efficiency of a program or system. There are so many ways of obtaining standard security requirements that can be adopted and used. Such requirements can be drawn from the readily available security frameworks that have set standards that are internationally acceptable. They can also be company requirements set by the members.
Why are protection profiles reusable?
A protection profile gives an outline of standards, objectives and prerequisites for products that concern security requirements as regards various users. However, the requirements for protection profiles are entirely independent of the implementation process they are available for the public to view and use, and can be reused many times. A protection profile makes development of functional standards possible and makes formulation of specifications for a product possible.
A protection profile is reusable mainly because it is independent to a system or set of products according to specified consumer needs. Since it is a set of standards, used n evaluation of IT security, a protection profile, therefore, needs to be reused.
Why are rigorous audits essential at the acceptance phase?
Acceptance phase is a time when the software concerned, is taken through auditing, to test for its reliability and effectiveness. Thorough auditing is, therefore, essential in ensuring all errors are detected and corrected so the system can be free of failures.
Why are coding, testing, and use immaterial to ensuring that the right set of security functions are in place?
Software coding and testing are the main processes in validation and verification of an application. It helps in meeting the set requirements as expected by consumers, and can be implemented with the same characteristics to but yet meet the expectations of the major stakeholders.
Why is software reliability management reliant on quantitative measurement?
Software Reliability is the likelihood of having software that is free of failures and so many errors. This can be quantified by ensuring application of the software in a given period within an unambiguous environment.
Software reliability management is so much reliant on quantitative measurement because it is a design perfection based aspect, as opposed to manufacturing. No standard methods have been identified to be used in qualitative measurement of software, due to the stated reason. It is also hard to directly associate software quality to its functions and metrics.
Why should a distinction be made between information assurance and software assurance?
There is a need for a standard distinction between what software assurance is and what information assurance. Information assurance is an observation made to guarantee that software assurance is maintained. On the other hand, software assurance is an intensity of buoyancy, which assures users of freedom from vulnerabilities of given software. The main reason for such a distinction is to ensure software assurance is not compromised on the basis that information assurance is achieved.
If most defects are injected at the coding phase, why are they all not caught there?
During software or application development, most errors are caused during coding. These errors later referred to as bugs arise from mistakes made by programmers and some by compilers during building and debugging. However, these errors are difficult to detect since most of them have little effect on the program. Another reason is because most errors cause effect on the system later such as crashing and freezing.
What is a module and why does it provide a practical place to do code inspections?
A module is an element of a program, developed independently and later so many modules are linked to form a program. A module is made of many routines that server to break down the program into independent parts. Modules provide a practical place for inspection since they make debugging easier and faster.
What is operational testing periodic? What would happen if it was not conducted that way?
Operational testing period is an ongoing process of determining the validity and reliability of a system. It is a test carried out while the system is under application to detect errors that might have been overlooked during the design and building processes. If not conducted during application, operational testing could not be as effective since there are errors that affect the program during use, and only then can they be detected.
What is the difference between vulnerability and a hidden vulnerability? Why is the latter so potentially dangerous?
Vulnerability as regards security in computing is a limitation in the applied system that gives a loophole for attackers to take advantage of the system. It is a weakness in the design of the program that reduces the system’s information assurance. On the other hand, a hidden vulnerability is a vulnerability that cannot be easily detected until its effects to the system are felt. It is easier for the attacker to exploit the flaw of the hidden vulnerability in the case of a hidden vulnerability, as opposed to a mere vulnerability.
Why is the formulation of the RTO and RPO a trade-off process?
A trade-off occurs when one thing is exchanged for another, in a situation where the two concerned issues affect one thing. In such a case, a trade-off is said to occur when one of the concerned aspects is renounced for the sake of the other. Therefore, a trade-off is a modus operandi of forgoing a possibly desirable outcome to maximize on the benefits of other circumstances. RPO indicates how up-to-date a record is when accumulated to overhaul, while RTO refers to how long it takes to convey the database online with the best probable RPO.
What is the relationship between impact and likelihood in disaster planning?
In disaster planning, impact is used to refer to the repercussions that come with a disaster occurrence. Impact is reduced by use of activities that reduce risks on natural disasters. On the other hand, likelihood in disaster planning is the possibility that a disaster will occur, given the data collected on the risks. A main relationship that exists between impact and the likelihood is that both are reduced by carrying out disaster risk reduction analysis.
Why might planning be the single point of failure?
Planning is core to business success when done appropriately, but the opposite may be true if the process is not carried out well. For instance planning can be a source of failure if it is not regularly updated to match the emerging market demands. Planning may also be a source of failure in cases where the business was not studied properly before making the plan, or rather there was inadequate data available for analysis. Instances where the time needed for completion is underestimated, and there are cases of poor resource allocation can lead to failure.
What is the relationship between assumptions and strategies?
An assumption is something recognized as being true or likely to happen, though there is little evidence to support this belief. On the other hand, a strategy is a preparation of deed designed to realize a set goal. It is also referred to as the art of preparing and directing actions in a battle. A substantial relationship exists between a strategy and an assumption; this is based on the fact that strategies are made out of assumptions. From an assumption that some plan can work towards achieving some goals made as assumptions, strategies are built.
Why is organizational buy in so important to continuity management?
Organizational buy in is defined as the support and contribution offered by members of an organization to a process or idea within the organization. It is a crucial aspect to continuity management since it ensures al people are involved in strategy formulation and participation. When people are involved in all processes, identification of possible threats to organizational performance and formulation of strategies to counter them is made possible and easier.
What makes continuity so important? Why is continuity an important goal?
Continuity management is fundamental for so many reasons; it ensures that crucial functions are availed to customers, and other stakeholders eligible to access such services. It also plays a substantial role in maintaining consistency in service delivery and recovery from possible disasters. Finally, continuity management is an essential goal since it is a key strategy towards risk assessment and recovery hence ensures enhanced performance and sustainability in the market economy.
Why is continuity sometimes not thought about during the overall information assurance process? Why is that a critical omission?
Research shows that most businesses ignore the continuity issue when carrying out information assurance. They have always relied on assumptions and the hope of amusing luck, even when making crucial decisions that affect the business. This, however, is a critical omission since continuity management is crucial to assessing and preventing possible risks that may affect organizational performance. Costs incurred when carrying out business continuity are what most managers’ term as the main reasons behind omission of continuity when carrying out information assurance.
How does the concept of categories of disaster make it easier to accommodate potential harmful events? What is an example of how that works?
Disasters are categorized by their basis; natural or man-made. Most disasters explored in writing are ordinary disasters. This categorization is key to acceptance and accommodation of some harmful events as being normal. This happens, especially when the disaster concerned is natural, and the people affected clearly understand there is little they can do to prevent it. This then gives the morale to try harder and recover from the disaster.
What is the point of the statement of work? Why is one necessary? What would happen without one?
A statement of work is a document that incorporates and defines work requirements specifications and period for specified goals and objectives to be met. It includes pricing related issues and standard regulations, terms and conditions. A statement of work is essential in setting a foundation for rules and standards that will govern performance issues in business. If an organization lacks a statement of work, achieving goals and objectives could be almost impossible, since there will be no standards to guide the performance issues.
Why is it so important to define roles for disaster response? What would happen without this specification?
In ensuring disaster management is made possible, there has to be a clearly defined set of responsibilities for all the parties involved. Definition of roles for disaster response will help avoid issues of duplicated roles and actions, in a bid to save the organization from a disaster. Such a definition also serves as a basis of responsibility and accountability issues from the people involved. Without such a definition, conflict of responsibilities and roles may be experienced within the employees.
