WGU C706 Secure Software Design Terms (Over 200 Terms) (2022/2023) (Verified)
access control
The restriction of persons or programs that may access specific information. There are two default policies for this: allow by exception or deny by exception.
Access Control List (ACL)
The list of per...
wgu c706 secure software design terms over 200 terms 20222023 verified access control the restriction of persons or programs that may access specific information there are two default policie
WGU C706 Secure Software Design Terms (Over 200
Terms) (2022/2023) (Verified)
access control
The restriction of persons or programs that may access specific information. There are two default policies for this: allow by exception or deny by exception.
Access Control List (ACL)
The list of persons or programs that are allowed (or, in the case of blacklisting, not allowed) to access a particular resource.
Access List Traffic-Based Security plan (ALTBS)
A network with no other security measures in place besides a router-based access control list.
Active Directory service
The directory service used by Microsoft and which is included in Microsoft Server operating systems and serves as a location for managing network resources and security.
activity diagram
A stepwise graphical description of an action taken by a system in completing a task; it is most often represented using UML.
actor
A user in a software system; these are modeled to perform user-based tasks in the standard software development lifecycle (SDLC).
air gap security
A security measure using an internal computer network with no access to the Internet.
application programming interface (API)
The software system used by a programmer in creating new software; most APIs have built-in routines for error checking and compiling, which may introduce or ignore errors in a language. You should always research the known issues in an API before using it for development.
architectural design phase
The period during which the high-level overview of the system is developed.
archive
A backup copy of data or information gathered or used by an organization; it is important to maintain archive copies of software code that is undergoing an update or rewrite. It is also important to archive data in case of system failure or loss.
association
A relationship between actors and procedures in defining use cases for a system.
asymmetric encryption
Asymmetric encryption uses one key for encryption and a different key for decryption; it prevents someone who knows one key to both encrypt and decrypt the data. These systems are designed such that knowing one key will not reveal the other key.
attack
The exploitation of a vulnerability in a software system that causes the system to fail or otherwise misbehave from what is expected in normal operation.
attack surface The attack surface of a system is the set of known possible entry points on which an attack may be leveraged against a system. Planning an attack surface is essential for adequately mitigating system risk.
attribute (or field)
An attribute (also called a field) in a database is a single piece of raw data stored in a database record. An example of this is the first name attribute in an employee record.
audit logs
Records of some aspect of system behavior. Audit logs may be triggered by irregular behavior in a system or errors; these can provide valuable information in the case of attacks on a system that are recorded.
authentication
The verification of credentials for permitting a user or program to access a certain resource. Authentication systems suppose that users have a set of permissions that are
associated with verification information, such as a username and password for accessing an account.
availability
The measure of time when a system is operating in a usable manner; the typical measurement of availability is called uptime.
avoidance
A potential strategy for responding to a threat; this strategy attempts to prevent the system from being open to attack at all.
backdoor
A method of circumventing normal authentication procedures and allowing unwanted access into a computer system.
beta version
A nearly complete build of the software that can be used to test for functionality of security flaws before the release of the final software product. This version is typically released to a group of testers or early adopters who will have some responsibility in reporting their experiences and any problems they encounter.
binaries
The compiled machine code of a software system; these are no longer readable by human beings but can still be scanned by other programs to detect functionality or vulnerabilities.
BitLocker
Full drive encryption capability included in Microsoft Ultimate and Enterprise editions of Microsoft Windows 7.
black-box testing
A testing methodology where the test cases are mostly derived from the requirements statements without consideration of the actual code content.
block cipher
A block cipher operates on multiple bits or symbols at once, treating them as a group for
the purposes of encryption or decryption; the typical model of a block cipher is the Feistel cipher, which iterated the encryption process with variants of a given key.
boot sector virus A type of malware that resides in the boot sector of the computer, loading before the operating system and therefore evading any detection methods or antivirus software because it is able to control their use.
boundary class
A boundary class in system planning is an abstraction of data collected directly from a user, typically from a form or other GUI structure. Boundary classes cannot communicate directly with each other.
brute force
A brute force attack is an attempt to compromise a system by trying all possible values for either a key or password; this will generally take an incredibly long time but will eventually yield results. The expected time to compromise a system by brute force is when half of the possible values have been attempted.
certificate authority (CA)
A third party in public key encryption algorithms that verifies the public key of one or more of the parties involved (through the use of signed certificated) in a transaction; this
prevents fraudulent declarations of public keys by attackers.
change management
The process used in an organization providing a standard for changes to the network infrastructure.
checkpoint
A checkpoint in software is a point in execution where the state of the system can be recorded in sufficient detail to resume operation from that point at a later time regardless of subsequent system changes or processes.
ciphertext
The result of encrypting plaintext; this is often unreadable by human beings and remains unrelated to the original text in a well-constructed cryptosystem.
class
An abstract collection of data and methods used to perform related actions; a class should maintain the integrity of its data members by enforcing access and manipulation through external calls to its defined methods.
cleartext
The plain text of a message prior to encryption or after decryption in a cryptosystem.
cloud computing
A modern paradigm that takes advantage of the decreased cost of storage and network traffic, decoupling data processing and storage from the physical location of a business and possibly separating it across multiple locations or even virtual locations; the distance and location are irrelevant in this model where only the available resources and computing power are considered.
cold site
A type of recovery where all information technology infrastructure and office space sits in a dormant state. This is the most difficult type of site to bring back online, and it can take several days to bring such systems back up.
Commercial Off The Shelf (COTS)
COTS software is what is available to any consumer for immediate use; it is one potential means of finding an information system solution to a business problem.
communication diagram
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Topscorer1. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $12.49. You're not tied to anything after your purchase.