This site is 100% ad supported. Please add an exception to adblock for this site.

CISSP Study 2


undefined, object
copy deck
No Read Up, No Write Down describes what Security Model
Bell LaPadula
Biba, Clark Wilson, and Non-Interference models cover what aspect of security
Execution and memory space assigned to each process is called a _______ _______
Protection Domain
The Boundary that separates the TCB from the rest of the system.
Security Perimeter
Programming technique used to encapsulate methods and data in an object
Information Hiding
System component that manages and enforces access controls on objects
Reference Monitor
Operates at the highest level of information classification where all users must have clearances for the highest level
System High mode
Lack of parameter checking leaves a system vulnerable to this type of attack
Buffer overflow
Also called a maintenance hook
Trap door
Attack that exploits difference in time when a security control is applied and a service is used
TOC/TOU attack
This recovery mode permits access by only privileged users from privileged terminals
Maintenance mode
Design where a component failure allows the system to continue to function
Design where a failure causes termination of processes to protect the system from compromise
Design where a failure causes non-critical processes to terminate, and system runs in a degraded state
Fail-soft or Resilient
Design where a failure causes the system to use backup spare components to compensate for failed ones
This standard includes levels of assurance, from D (Least secure) to A (Most secure)
TCSEC (Trusted Computer Security Evaluation Criteria)
TCSEC Minimal Protection (one class)
D (Minimal Protection)
TCSEC Discretionary Protection (two classes)
C1 (User logon, Groups allowed)
C2 (Individual Logon, password, auditing)
TCSEC Mandatory Protection (three classes)
B1 (MAC)
B2 (MAC with Trusted path and assurance)
B3 (MAC with proven mathematical model)
TCSEC Verified Protection (one class)
A1 (Mathematical model must be proven)
European counterpart to TCSEC
ITSEC (Information Technology Security Evaluation Criteria)
ITSEC separately evaluates ____ and _____
Functionality and Assurance
The ITSEC subject of an evaluation is called the ___ __ _____
Target of Evaluation (TOE)
Combination of ITSEC, TCSEC, and Canada's CTCPEC
Common Criteria
Unit of evaluations levels in the Common Criteria
Evaluation Assurance Level
4 Phases of DITSCAP and NIACAP accreditation
1. Definition
2. Verification
3. Validation
4. Post Accreditation
This Access Control model specifies the rights that a subject can transfer to an object, or that a subject can take from another subject.
Take-Grant model
TCSEC Level that addresses covert storage channels
TCSEC level that addresses both covert storage and timing channels
B3, A1
Consolidation of power should not be allowed in a secure system, this is called
Separation (or segregation) of duties
Two operators are needed to perform a function. This is called
Dual Control
Two operators review and approve each other's work. This is called
Two-man control
Operators are given varying assignments for a time period, then their assignment changes. This is called
Rotation of duties
This type of recovery is required for only B3 and A1 TCSEC levels
Trusted Recovery
Operating system loaded without the front-end security enabled, is only done in this mode
Single-user mode
Required tracking of changes to a system under B2, B3, and A1 is called
Configuation Management
This refers to the data left on media after erasure
Data Remanence
Separation of duties, least privilege, personnel security, configuration control, Record retention, are examples of what type of controls?
Administrative Controls
Software controls, media controls, hardware controls, physical access controls are examples of what type of controls?
Operations Controls
A weakness in a system which might be exploited
An event that can cause harm to a system and create a loss of C, I , A
Exposure Factor
Single Loss Expectancy
Annualized Rate of Occurence
Annualized Loss Expectancy

Deck Info