SSCP : System Security Certified Practitioner (SSCP) : Part 53

SSCP : System Security Certified Practitioner (SSCP) : Part 53

  1. What can best be defined as the sum of protection mechanisms inside the computer, including hardware, firmware and software?

    • Trusted system
    • Security kernel
    • Trusted computing base
    • Security perimeter

    Explanation:

    The Trusted Computing Base (TCB) is defined as the total combination of protection mechanisms within a computer system. The TCB includes hardware, software, and firmware. These are part of the TCB because the system is sure that these components will enforce the security policy and not violate it.

    The security kernel is made up of hardware, software, and firmware components at fall within the TCB and implements and enforces the reference monitor concept.

    Reference:
    AIOv4 Security Models and Architecture pgs 268, 273

  2. When attempting to establish Liability, which of the following would be describe as performing the ongoing maintenance necessary to keep something in proper working order, updated, effective, or to abide by what is commonly expected in a situation?

    • Due care
    • Due concern
    • Due diligence
    • Due practice
    Explanation:

    My friend JD Murray at Techexams.net has a nice definition of both, see his explanation below:

    Oh, I hate these two. It’s like describing the difference between “jealously” and “envy.” Kinda the same thing but not exactly. Here it goes:

    Due diligence is performing reasonable examination and research before committing to a course of action. Basically, “look before you leap.” In law, you would perform due diligence by researching the terms of a contract before signing it. The opposite of due diligence might be “haphazard” or “not doing your homework.”

    Due care is performing the ongoing maintenance necessary to keep something in proper working order, or to abide by what is commonly expected in a situation. This is especially important if the due care situation exists because of a contract, regulation, or law. The opposite of due care is “negligence.”

    In summary, Due Diligence is Identifying threats and risks while Due Care is Acting upon findings to mitigate risks

    EXAM TIP:
    The Due Diligence refers to the steps taken to identify risks that exists within the environment. This is base on best practices, standards such as ISO 27001, ISO 17799, and other consensus. The first letter of the word Due and the word Diligence should remind you of this. The two letters are DD = Do Detect.

    In the case of due care, it is the actions that you have taken (implementing, designing, enforcing, updating) to reduce the risks identified and keep them at an acceptable level. The same apply here, the first letters of the work Due and the work Care are DC. Which should remind you that DC = Do correct.

    The other answers are only detractors and not valid.

    Reference(s) used for this question:
    CISSP Study Guide, Syngress, By Eric Conrad, Page 419
    HARRIS, Shon, All-In-One CISSP Certification Exam Guide Fifth Edition, McGraw-Hill, Page 49 and 110.
    and
    Corporate; (Isc)² (2010-04-20). Official (ISC)2 Guide to the CISSP CBK, Second Edition ((ISC)2 Press) (Kindle Locations 11494-11504). Taylor & Francis. Kindle Edition.
    and
    My friend JD Murray at Techexams.net

  3. What can best be described as a domain of trust that shares a single security policy and single management?

    • The reference monitor
    • A security domain
    • The security kernel
    • The security perimeter
    Explanation:

    A security domain is a domain of trust that shares a single security policy and single management.

    The term security domain just builds upon the definition of domain by adding the fact that resources within this logical structure (domain) are working under the same security policy and managed by the same group.

    So, a network administrator may put all of the accounting personnel, computers, and network resources in Domain 1 and all of the management personnel, computers, and network resources in Domain 2. These items fall into these individual containers because they not only carry out similar types of business functions, but also, and more importantly, have the same type of trust level. It is this common trust level that allows entities to be managed by one single security policy.

    The different domains are separated by logical boundaries, such as firewalls with ACLs, directory services making access decisions, and objects that have their own ACLs indicating which individuals and groups can carry out operations on them.

    All of these security mechanisms are examples of components that enforce the security policy for each domain. Domains can be architected in a hierarchical manner that dictates the relationship between the different domains and the ways in which subjects within the different domains can communicate. Subjects can access resources in domains of equal or lower trust levels.

    The following are incorrect answers:

    The reference monitor is an abstract machine which must mediate all access to subjects to objects, be protected from modification, be verifiable as correct, and is always invoked. Concept that defines a set of design requirements of a reference validation mechanism (security kernel), which enforces an access control policy over subjects’ (processes, users) ability to perform operations (read, write, execute) on objects (files, resources) on a system. The reference monitor components must be small enough to test properly and be tamperproof.

    The security kernel is the hardware, firmware and software elements of a trusted computing base that implement the reference monitor concept.

    The security perimeter includes the security kernel as well as other security-related system functions that are within the boundary of the trusted computing base. System elements that are outside of the security perimeter need not be trusted. not every process and resource falls within the TCB, so some of these components fall outside of an imaginary boundary referred to as the security perimeter. A security perimeter is a boundary that divides the trusted from the untrusted. For the system to stay in a secure and trusted state, precise communication standards must be developed to ensure that when a component within the TCB needs to communicate with a component outside the TCB, the communication cannot expose the system to unexpected security compromises. This type of communication is handled and controlled through interfaces.

    Reference(s) used for this question:

    Harris, Shon (2012-10-25). CISSP All-in-One Exam Guide, 6th Edition (Kindle Locations 28548-28550). McGraw-Hill. Kindle Edition.

    Harris, Shon (2012-10-25). CISSP All-in-One Exam Guide, 6th Edition (Kindle Locations 7873-7877). McGraw-Hill. Kindle Edition.

    Harris, Shon (2012-10-25). CISSP All-in-One Exam Guide, 6th Edition , Access Control, Page 214-217
    Schneiter, Andrew (2013-04-15). Official (ISC)2 Guide to the CISSP CBK, Third Edition : Security Architecture and Design (Kindle Locations 1280-1283). . Kindle Edition.

    TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.
    AIO 6th edition chapter 3 access control page 214-217 defines Security domains. Reference monitor, Security Kernel, and Security Parameter are defined in Chapter 4, Security Architecture and Design.

  4. Which of the following is NOT a proper component of Media Viability Controls?

    • Storage
    • Writing
    • Handling
    • Marking
    Explanation:
    Media Viability Controls include marking, handling and storage.
    Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 231.

  5. A channel within a computer system or network that is designed for the authorized transfer of information is identified as a(n)?

    • Covert channel
    • Overt channel
    • Opened channel
    • Closed channel
    Explanation:

    An overt channel is a path within a computer system or network that is designed for the authorized transfer of data. The opposite would be a covert channel which is an unauthorized path.

    A covert channel is a way for an entity to receive information in an unauthorized manner. It is an information flow that is not controlled by a security mechanism. This type of information path was not developed for communication; thus, the system does not properly protect this path, because the developers never envisioned information being passed in this way. Receiving information in this manner clearly violates the system’s security policy.

    All of the other choices are bogus detractors.

    Reference(s) used for this question:

    KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 219.
    and
    Shon Harris, CISSP All In One (AIO), 6th Edition , page 380
    and
    Harris, Shon (2012-10-25). CISSP All-in-One Exam Guide, 6th Edition (p. 378). McGraw-Hill. Kindle Edition.

  6. Who is responsible for implementing user clearances in computer-based information systems at the B3 level of the TCSEC rating ?

    • Security administrators
    • Operators
    • Data owners
    • Data custodians
    Explanation:
    Security administrator functions include user-oriented activities such as setting user clearances, setting initial password, setting other security characteristics for new users or changing security profiles for existing users. Data owners have the ultimate responsibility for protecting data, thus determining proper user access rights to data.
    Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation. 

  7. Buffer overflow and boundary condition errors are subsets of which of the following?

    • Race condition errors.
    • Access validation errors.
    • Exceptional condition handling errors.
    • Input validation errors.
    Explanation:

    In an input validation error, the input received by a system is not properly checked, resulting in a vulnerability that can be exploited by sending a certain input sequence. There are two important types of input validation errors: buffer overflows (input received is longer than expected input length) and boundary condition error (where an input received causes the system to exceed an assumed boundary). A race condition occurs when there is a delay between the time when a system checks to see if an operation is allowed by the security model and the time when the system actually performs the operation. In an access validation error, the system is vulnerable because the access control mechanism is faulty. In an exceptional condition handling error, the system somehow becomes vulnerable due to an exceptional condition that has arisen.

    Source: DUPUIS, Clement, Access Control Systems and Methodology CISSP Open Study Guide, version 1.0, march 2002 (page 105).

  8. Which of the following describes a technique in which a number of processor units are employed in a single computer system to increase the performance of the system in its application environment above the performance of a single processor of the same kind?

    • Multitasking
    • Multiprogramming
    • Pipelining
    • Multiprocessing
    Explanation:

    Multiprocessing is an organizational technique in which a number of processor units are employed in a single computer system to increase the performance of the system in its application environment above the performance of a single processor of the same kind. In order to cooperate on a single application or class of applications, the processors share a common resource. Usually this resource is primary memory, and the multiprocessor is called a primary memory multiprocessor. A system in which each processor has a private (local) main memory and shares secondary (global) memory with the others is a secondary memory multiprocessor, sometimes called a multicomputer system because of the looser coupling between processors. The more common multiprocessor systems incorporate only processors of the same type and performance and thus are called homogeneous multiprocessors; however, heterogeneous multiprocessors are also employed. A special case is the attached processor, in which a second processor module is attached to a first processor in a closely coupled fashion so that the first can perform input/output and operating system functions, enabling the attached processor to concentrate on the application workload.

    The following were incorrect answers:

    Multiprogramming: The interleaved execution of two or more programs by a computer, in which the central processing unit executes a few instructions from each program in succession.

    Multitasking: The concurrent operation by one central processing unit of two or more processes.

    Pipelining: A procedure for processing instructions in a computer program more rapidly, in which each instruction is divided into numerous small stages, and a population of instructions are in various stages at any given time. One instruction does not have to wait for the previous one to complete all of the stages before it gets into the pipeline. It would be similiar to an assembly chain in the real world.

    References:

    TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.

    http://www.answers.com/Q/multiprocessing?cat=technology
    http://www.answers.com/multitasking?cat=biz-fin
    http://www.answers.com/pipelining?cat=technology

  9. What can best be described as an abstract machine which must mediate all access to subjects to objects?

    • A security domain
    • The reference monitor
    • The security kernel
    • The security perimeter
    Explanation:
    The reference monitor is an abstract machine which must mediate all access to subjects to objects, be protected from modification, be verifiable as correct, and is always invoked. The security kernel is the hardware, firmware and software elements of a trusted computing base that implement the reference monitor concept. The security perimeter includes the security kernel as well as other security-related system functions that are within the boundary of the trusted computing base. System elements that are outside of the security perimeter need not be trusted. A security domain is a domain of trust that shares a single security policy and single management.
    Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation. 

  10. Which of the following are the steps usually followed in the development of documents such as security policy, standards and procedures?

    • design, development, publication, coding, and testing.
    • design, evaluation, approval, publication, and implementation.
    • initiation, evaluation, development, approval, publication, implementation, and maintenance.
    • feasibility, development, approval, implementation, and integration.
    Explanation:

    The common steps used the the development of security policy are initiation of the project, evaluation, development, approval, publication, implementation, and maintenance. The other choices listed are the phases of the software development life cycle and not the step used to develop ducuments such as Policies, Standards, etc…

    Reference: TIPTON, Harold F. & KRAUSE, MICKI, Information Security Management Handbook, 4th Edition, Volume 3, 2002, Auerbach Publications.

  11. What is the goal of the Maintenance phase in a common development process of a security policy?

    • to review the document on the specified review date
    • publication within the organization
    • to write a proposal to management that states the objectives of the policy
    • to present the document to an approving body
    Explanation:

    “publication within the organization” is the goal of the Publication Phase “write a proposal to management that states the objectives of the policy” is part of Initial and Evaluation Phase “Present the document to an approving body” is part of Approval Phase.

    Reference: TIPTON, Harold F. & KRAUSE, MICKI, Information Security Management Handbook, 4th Edition, Volume 3, 2002, Auerbach Publications.
    Also: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 8: Business Continuity Planning and Disaster Recovery Planning (page 286).

  12. Which property ensures that only the intended recipient can access the data and nobody else?

    • Confidentiality
    • Capability
    • Integrity
    • Availability
    Explanation:

    Confidentiality is defined as the property that ensures that only the intended recipient can access the data and nobody else. It is usually achieve using cryptogrphic methods, tools, and protocols.

    Confidentiality supports the principle of “least privilege” by providing that only authorized individuals, processes, or systems should have access to information on a need-to-know basis. The level of access that an authorized individual should have is at the level necessary for them to do their job. In recent years, much press has been dedicated to the privacy of information and the need to protect it from individuals, who may be able to commit crimes by viewing the information. Identity theft is the act of assuming one’s identity through knowledge of confidential information obtained from various sources.

    The following are incorrect answers:
    Capability is incorrect. Capability is relevant to access control. Capability-based security is a concept in the design of secure computing systems, one of the existing security models. A capability (known in some systems as a key) is a communicable, unforgeable token of authority. It refers to a value that references an object along with an associated set of access rights. A user program on a capability-based operating system must use a capability to access an object. Capability-based security refers to the principle of designing user programs such that they directly share capabilities with each other according to the principle of least privilege, and to the operating system infrastructure necessary to make such transactions efficient and secure.

    Integrity is incorrect. Integrity protects information from unauthorized modification or loss.
    Availability is incorrect. Availability assures that information and services are available for use by authorized entities according to the service level objective.

    Reference(s) used for this question:
    Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 9345-9349). Auerbach Publications. Kindle Edition.
    http://en.wikipedia.org/wiki/Capability-based_security

  13. Making sure that the data has not been changed unintentionally, due to an accident or malice is:

    • Integrity.
    • Confidentiality.
    • Availability.
    • Auditability.
    Explanation:

    Integrity refers to the protection of information from unauthorized modification or deletion.

    Confidentiality is incorrect. Confidentiality refers to the protection of information from unauthorized disclosure.

    Availability is incorrect. Availability refers to the assurance that information and services will be available to authorized users in accordance with the service level objective.

    Auditability is incorrect. Auditability refers to the ability to trace an action to the identity that performed it and identify the date and time at which it occurred.

    References:

    CBK, pp. 5 – 6
    AIO3, pp. 56 – 57

  14. Which of the following is not a component of a Operations Security “triples”?

    • Asset
    • Threat
    • Vulnerability
    • Risk
    Explanation:
    The Operations Security domain is concerned with triples – threats, vulnerabilities and assets.
    Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 216.

  15. When two or more separate entities (usually persons) operating in concert to protect sensitive functions or information must combine their knowledge to gain access to an asset, this is known as?

    • Dual Control
    • Need to know
    • Separation of duties
    • Segragation of duties
    Explanation:

    The question mentions clearly “operating together”. Which means the BEST answer is Dual Control.

    Two mechanisms necessary to implement high integrity environments where separation of duties is paramount are dual control or split knowledge.

    Dual control enforces the concept of keeping a duo responsible for an activity. It requires more than one employee available to perform a task. It utilizes two or more separate entities (usually persons), operating together, to protect sensitive functions or information.

    Whenever the dual control feature is limited to something you know., it is often called split knowledge (such as part of the password, cryptographic keys etc.) Split knowledge is the unique “what each must bring” and joined together when implementing dual control.

    To illustrate, let say you have a box containing petty cash is secured by one combination lock and one keyed lock. One employee is given the combination to the combo lock and another employee has possession of the correct key to the keyed lock. In order to get the cash out of the box both employees must be present at the cash box at the same time. One cannot open the box without the other. This is the aspect of dual control.

    On the other hand, split knowledge is exemplified here by the different objects (the combination to the combo lock and the correct physical key), both of which are unique and necessary, that each brings to the meeting.

    This is typically used in high value transactions / activities (as per the organizations risk appetite) such as:

    Approving a high value transaction using a special user account, where the password of this user account is split into two and managed by two different staff. Both staff should be present to enter the password for a high value transaction. This is often combined with the separation of duties principle. In this case, the posting of the transaction would have been performed by another staff. This leads to a situation where collusion of at least 3 people are required to make a fraud transaction which is of high value.

    Payment Card and PIN printing is separated by SOD principles. Now the organization can even enhance the control mechanism by implementing dual control / split knowledge. The card printing activity can be modified to require two staff to key in the passwords for initiating the printing process. Similarly, PIN printing authentication can also be made to be implemented with dual control. Many Host Security modules (HSM) comes with built in controls for dual controls where physical keys are required to initiate the PIN printing process.

    Managing encryption keys is another key area where dual control / split knowledge to be implemented.

    PCI DSS defines Dual Control as below. This is more from a cryptographic perspective, still useful:

    Dual Control: Process of using two or more separate entities (usually persons) operating in concert to protect sensitive functions or information. Both entities are equally responsible for the physical protection of materials involved in vulnerable transactions. No single person is permitted to access or use the materials (for example, the cryptographic key). For manual key generation, conveyance, loading, storage, and retrieval, dual control requires dividing knowledge of the key among the entities. (See also Split Knowledge).

    Split knowledge: Condition in which two or more entities separately have key components that individually convey no knowledge of the resultant cryptographic key.

    It is key for information security professionals to understand the differences between Dual Control and Separation of Duties. Both complement each other, but are not the same.

    The following were incorrect answers:

    Segregation of Duties address the splitting of various functions within a process to different users so that it will not create an opportunity for a single user to perform conflicting tasks.

    For example, the participation of two or more persons in a transaction creates a system of checks and balances and reduces the possibility of fraud considerably. So it is important for an organization to ensure that all tasks within a process has adequate separation.

    Let us look at some use cases of segregation of duties

    A person handling cash should not post to the accounting records
    A loan officer should not disburse loan proceeds for loans they approved
    Those who have authority to sign cheques should not reconcile the bank accounts
    The credit card printing personal should not print the credit card PINs
    Customer address changes must be verified by a second employee before the change
    can be activated.

    In situations where the separation of duties are not possible, because of lack of staff, the senior management should set up additional measure to offset the lack of adequate controls.

    To summarise, Segregation of Duties is about Separating the conflicting duties to reduce fraud in an end to end function.

    Need To Know (NTK):
    The term “need to know”, when used by government and other organizations (particularly those related to the military), describes the restriction of data which is considered very sensitive. Under need-to-know restrictions, even if one has all the necessary official approvals (such as a security clearance) to access certain information, one would not be given access to such information, unless one has a specific need to know; that is, access to the information must be necessary for the conduct of one’s official duties. As with most security mechanisms, the aim is to make it difficult for unauthorized access to occur, without inconveniencing legitimate access. Need-to-know also aims to discourage “browsing” of sensitive material by limiting access to the smallest possible number of people.

    EXAM TIP: HOW TO DECIPHER THIS QUESTION

    First, you probably nototiced that both Separation of Duties and Segregation of Duties are synonymous with each others. This means they are not the BEST answers for sure. That was an easy first step.

    For the exam remember:

    Separation of Duties is synonymous with Segregation of Duties
    Dual Control is synonymous with Split Knowledge

    Reference(s) used for this question:

    Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 16048-16078). Auerbach Publications. Kindle Edition.
    and

    Dual Control or Segregation of Duties?

  16. What is the difference between Advisory and Regulatory security policies?

    • there is no difference between them
    • regulatory policies are high level policy, while advisory policies are very detailed
    • Advisory policies are not mandated. Regulatory policies must be implemented.
    • Advisory policies are mandated while Regulatory policies are not
    Explanation:

    Advisory policies are security polices that are not mandated to be followed but are strongly suggested, perhaps with serious consequences defined for failure to follow them (such as termination, a job action warning, and so forth). A company with such policies wants most employees to consider these policies mandatory.

    Most policies fall under this broad category.
    Advisory policies can have many exclusions or application levels. Thus, these policies can control some employees more than others, according to their roles and responsibilities within that organization. For example, a policy that
    requires a certain procedure for transaction processing might allow for an alternative procedure under certain, specified conditions.

    Regulatory
    Regulatory policies are security policies that an organization must implement due to compliance, regulation, or other legal requirements. These companies might be financial institutions, public utilities, or some other type of organization that operates in the public interest. These policies are usually very detailed and are specific to the industry in which the organization operates.
    Regulatory polices commonly have two main purposes:

    1. To ensure that an organization is following the standard procedures or base practices of operation in its specific industry
    2. To give an organization the confidence that it is following the standard and accepted industry policy

    Informative
    Informative policies are policies that exist simply to inform the reader. There are no implied or specified requirements, and the audience for this information could be certain internal (within the organization) or external parties. This does not mean that the policies are authorized for public consumption but that they are general enough to be distributed to external parties (vendors accessing an extranet, for example) without a loss of confidentiality.

    References:
    KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Page 12, Chapter 1: Security Management Practices.

    also see:
    The CISSP Prep Guide:Mastering the Ten Domains of Computer Security by Ronald L. Krutz, Russell Dean Vines, Edward M. Stroz

    also see:
    http://i-data-recovery.com/information-security/information-security-policies-standards-guidelines-and-procedures

  17. What is the main purpose of Corporate Security Policy?

    • To transfer the responsibility for the information security to all users of the organization
    • To communicate management’s intentions in regards to information security
    • To provide detailed steps for performing specific actions
    • To provide a common framework for all development activities
    Explanation:

    A Corporate Security Policy is a high level document that indicates what are management`s intentions in regard to Information Security within the organization. It is high level in purpose, it does not give you details about specific products that would be use, specific steps, etc..

    The organization’s requirements for access control should be defined and documented in its security policies. Access rules and rights for each user or group of users should be clearly stated in an access policy statement. The access control policy should minimally consider:

    Statements of general security principles and their applicability to the organization
    Security requirements of individual enterprise applications, systems, and services
    Consistency between the access control and information classification policies of different systems and networks
    Contractual obligations or regulatory compliance regarding protection of assets
    Standards defining user access profiles for organizational roles
    Details regarding the management of the access control system

    As a Certified Information System Security Professional (CISSP) you would be involved directly in the drafting and coordination of security policies, standards and supporting guidelines, procedures, and baselines.

    Guidance provided by the CISSP for technical security issues, and emerging threats are considered for the adoption of new policies. Activities such as interpretation of government regulations and industry trends and analysis of vendor solutions to include in the security architecture that advances the security of the organization are performed by the CISSP as well.

    The following are incorrect answers:

    To transfer the responsibility for the information security to all users of the organization is bogus. You CANNOT transfer responsibility, you can only tranfer authority. Responsibility will also sit with upper management. The keyworks ALL and USERS is also an indication that it is the wrong choice.

    To provide detailed steps for performing specific actions is also a bogus detractor. A step by step document is referred to as a procedure. It details how to accomplish a specific task.

    To provide a common framework for all development activities is also an invalid choice. Security Policies are not restricted only to development activities.

    Reference Used for this question:

    Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 1551-1565). Auerbach Publications. Kindle Edition.
    and
    Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 9109-9112). Auerbach Publications. Kindle Edition.

  18. Ensuring least privilege does not require:

    • Identifying what the user’s job is.
    • Ensuring that the user alone does not have sufficient rights to subvert an important process.
    • Determining the minimum set of privileges required for a user to perform their duties.
    • Restricting the user to required privileges and nothing more.
    Explanation:
    Ensuring that the user alone does not have sufficient rights to subvert an important process is a concern of the separation of duties principle and it does not concern the least privilege principle.
    Source: DUPUIS, Clément, Access Control Systems and Methodology CISSP Open Study Guide, version 1.0, march 2002 (page 33). 

  19. Which of the following phases of a system development life-cycle is most concerned with maintaining proper authentication of users and processes to ensure appropriate access control decisions?

    • Development/acquisition
    • Implementation
    • Operation/Maintenance
    • Initiation
    Explanation:

    The operation phase of an IT system is concerned with user authentication.

    Authentication is the process where a system establishes the validity of a transmission, message, or a means of verifying the eligibility of an individual, process, or machine to carry out a desired action, thereby ensuring that security is not compromised by an untrusted source.

    It is essential that adequate authentication be achieved in order to implement security policies and achieve security goals. Additionally, level of trust is always an issue when dealing with cross-domain interactions. The solution is to establish an authentication policy and apply it to cross-domain interactions as required.

    Source: STONEBURNER, Gary & al, National Institute of Standards and Technology (NIST), NIST Special Publication 800-27, Engineering Principles for Information Technology Security (A Baseline for Achieving Security), June 2001 (page 15).

  20. What can be defined as: It confirms that users’ needs have been met by the supplied solution ?

    • Accreditation
    • Certification
    • Assurance
    • Acceptance
    Explanation:

    Acceptance confirms that users’ needs have been met by the supplied solution. Verification and Validation informs Acceptance by establishing the evidence – set against acceptance criteria – to determine if the solution meets the users’ needs. Acceptance should also explicitly address any integration or interoperability requirements involving other equipment or systems. To enable acceptance every user and system requirement must have a ‘testable’ characteristic.

    Accreditation is the formal acceptance of security, adequacy, authorization for operation and acceptance of existing risk. Accreditation is the formal declaration by a Designated Approving Authority (DAA) that an IS is approved to operate in a particular security mode using a prescribed set of safeguards to an acceptable level of risk.

    Certification is the formal testing of security safeguards and assurance is the degree of confidence that the implemented security measures work as intended. The certification is a Comprehensive evaluation of the technical and nontechnical security features of an IS and other safeguards, made in support of the accreditation process, to establish the extent to which a particular design and implementation meets a set of specified ecurity requirements.

    Assurance is the descriptions of the measures taken during development and evaluation of the product to assure compliance with the claimed security functionality. For example, an evaluation may require that all source code is kept in a change management system, or that full functional testing is performed. The Common Criteria provides a catalogue of these, and the requirements may vary from one evaluation to the next. The requirements for particular targets or types of products are documented in the Security Targets (ST) and Protection Profiles (PP), respectively.

    Source: ROTHKE, Ben, CISSP CBK Review presentation on domain 4, August 1999.

    and
    Official ISC2 Guide to the CISSP CBK, Second Edition, on page 211.
    and
    http://www.aof.mod.uk/aofcontent/tactical/randa/content/randaintroduction.htm

Subscribe
Notify of
guest
0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments