2 cissp ® Official Study Guide Eighth Edition


Discretionary Security Protection (C1)



Download 19,3 Mb.
Pdf ko'rish
bet282/881
Sana08.04.2023
Hajmi19,3 Mb.
#925879
1   ...   278   279   280   281   282   283   284   285   ...   881
Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

Discretionary Security Protection (C1) 
A discretionary security protection system con-
trols access by user IDs and/or groups. Although there are some controls in place that 
limit object access, systems in this category provide only weak protection.
Controlled Access Protection (C2) 
Controlled access protection systems are stronger 
than C1 systems. Users must be identified individually to gain access to objects. C2 
systems must also enforce media cleansing. With media cleansing, any media that are 
reused by another user must first be thoroughly cleansed so that no remnant of the previ-
ous data remains available for inspection or use. Additionally, strict logon procedures 
must be enforced that restrict access for invalid or unauthorized users.

298
Chapter 8 

Principles of Security Models, Design, and Capabilities
Mandatory Protection (Categories B1, B2, B3) 
Mandatory protection systems provide 
more security controls than category C or D systems. More granularity of control is man-
dated, so security administrators can apply specifi c controls that allow only very limited 
sets of subject/object access. This category of systems is based on the Bell-LaPadula model. 
Mandatory access is based on security labels. 
Labeled Security (B1) 
In a labeled security system, each subject and each object has a 
security label. A B1 system grants access by matching up the subject and object labels 
and comparing their permission compatibility. B1 systems support suffi cient security to 
house classifi ed data. 
Structured Protection (B2) 
In addition to the requirement for security labels (as in 
B1 systems), B2 systems must ensure that no covert channels exist. Operator and administra-
tor functions are separated, and process isolation is maintained. B2 systems are suffi cient 
for classifi ed data that requires more security functionality than a B1 system can deliver. 

Download 19,3 Mb.

Do'stlaringiz bilan baham:
1   ...   278   279   280   281   282   283   284   285   ...   881



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish