WGU C725 Information Security and Assurance SET II (With Complete Top Solution Rated A)
After determining the potential attack concepts, the next step in
... [Show More] threat modeling is to perform ______________ analysis. ______________ analysis is also known as decomposing the application, system, or environment. The purpose of this task is to gain a greater understanding of the logic of the product as well as its interactions with external elements.Also known as decomposing the application - Reduction analysis
Whether an application, a system, or an entire environment, it needs to be divided into smaller containers or compartments. Those might be subroutines, modules, or objects if you're focusing on software, computers, or operating systems; they might be protocols if you're focusing on systems or networks; or they might be departments, tasks, and networks if you're focusing on an entire business infrastructure. Each identified sub-element should be evaluated in order to understand inputs, processing, security, data management, storage, and outputs.
Trust Boundaries, Data Flow Paths, Input Points, Privileged Operations, Details about Security Stance and Approach - The Five Key Concepts in the Decomposition process.
In the decomposition process, any location where the level of trust or security changes - Trust Boundaries
In the decomposition process, the movement of data between locations - Data Flow Paths
In the decomposition process, locations where external input is received - Input Points
In the decomposition process, any activity that requires greater privileges than of a standard user account or process, typically required to make system changes or alter security - Privileged Operations
In the decomposition process, the declaration of the security policy, security foundations, and security assumptions - Details about Security Stance and Approach
The concept that most computers, devices, networks, and systems are not built by a single entity - supply chain
T or F
When evaluating a third party for your security integration, you should consider the following processes:On-Site Assessment, Document Exchange and Review, Process/Policy Review, Third-Party Audit - True
When engaging third-party assessment and monitoring services, keep in mind that the external entity needs to show security-mindedness in their business operations. If an external organization is unable to manage their own internal operations on a secure basis, how can they provide reliable security management functions for yours? [Show Less]