2 cissp ® Official Study Guide Eighth Edition



Download 19,3 Mb.
Pdf ko'rish
bet36/881
Sana08.04.2023
Hajmi19,3 Mb.
#925879
1   ...   32   33   34   35   36   37   38   39   ...   881
Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

Abstraction
Abstraction
is used for efficiency. Similar elements are put into groups, classes, or roles that 
are assigned security controls, restrictions, or permissions as a collective. Thus, the concept 
of abstraction is used when classifying objects or assigning roles to subjects. The concept 
of abstraction also includes the definition of object and subject types or of objects them-
selves (that is, a data structure used to define a template for a class of entities). Abstraction 
is used to define what types of data an object can contain, what types of functions can be 
performed on or by that object, and what capabilities that object has. Abstraction simplifies 
security by enabling you to assign security controls to a group of objects collected by type 
or function.
Data Hiding
Data hiding
is exactly what it sounds like: preventing data from being discovered or 
accessed by a subject by positioning the data in a logical storage compartment that is not 
accessible or seen by the subject. Forms of data hiding include keeping a database from 
being accessed by unauthorized visitors and restricting a subject at a lower classification 
level from accessing data at a higher classification level. Preventing an application from 
accessing hardware directly is also a form of data hiding. Data hiding is often a key element 
in security controls as well as in programming.
The term 
security through obscurity
may seem relevant here. However, that concept is 
different. Data hiding is the act of intentionally positioning data so that it is not viewable 
or accessible to an unauthorized subject, while security through obscurity is the idea of not 
informing a subject about an object being present and thus hoping that the subject will not 
discover the object. Security through obscurity does not actually implement any form of 
protection. It is instead an attempt to hope something important is not discovered by keep-
ing knowledge of it a secret. An example of security though obscurity is when a program-
mer is aware of a flaw in their software code, but they release the product anyway hoping 
that no one discovers the issue and exploits it.


Download 19,3 Mb.

Do'stlaringiz bilan baham:
1   ...   32   33   34   35   36   37   38   39   ...   881



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish