2 cissp ® Official Study Guide Eighth Edition


Know details about each of the access control models



Download 19,3 Mb.
Pdf ko'rish
bet298/881
Sana08.04.2023
Hajmi19,3 Mb.
#925879
1   ...   294   295   296   297   298   299   300   301   ...   881
Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

Know details about each of the access control models. 
Know the access control models 
and their functions. The state machine model ensures that all instances of subjects access-
ing objects are secure. The information flow model is designed to prevent unauthorized
insecure, or restricted information flow. The noninterference model prevents the actions of 
one subject from affecting the system state or actions of another subject. The Take-Grant 
model dictates how rights can be passed from one subject to another or from a subject 
to an object. An access control matrix is a table of subjects and objects that indicates the 
actions or functions that each subject can perform on each object. Bell-LaPadula subjects 
have a clearance level that allows them to access only those objects with the corresponding 
classification levels. This enforces confidentiality. Biba prevents subjects with lower security 
levels from writing to objects at higher security levels. Clark-Wilson is an integrity model 
that relies on auditing to ensure that unauthorized subjects cannot access objects and that 
authorized users access objects properly. Biba and Clark-Wilson enforce integrity. Goguen-
Meseguer and Sutherland focus on integrity. Graham-Denning focuses on the secure cre-
ation and deletion of both subjects and objects.
Know the definitions of certification and accreditation. 
Certification is the technical 
evaluation of each part of a computer system to assess its concordance with security stan-
dards. Accreditation is the process of formal acceptance of a certified configuration from a 
designated authority.
Be able to describe open and closed systems. 
Open systems are designed using industry 
standards and are usually easy to integrate with other open systems. Closed systems are 
generally proprietary hardware and/or software. Their specifications are not normally pub-
lished, and they are usually harder to integrate with other systems.


Written Lab 

Download 19,3 Mb.

Do'stlaringiz bilan baham:
1   ...   294   295   296   297   298   299   300   301   ...   881




Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling

kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha


yuklab olish