2 cissp ® Official Study Guide Eighth Edition



Download 19,3 Mb.
Pdf ko'rish
bet283/881
Sana08.04.2023
Hajmi19,3 Mb.
#925879
1   ...   279   280   281   282   283   284   285   286   ...   881
Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

Security Domains (B3) 
Security domain systems provide more secure functionality by 
further increasing the separation and isolation of unrelated processes. Administration 
functions are clearly defi ned and separate from functions available to other users. 
The focus of B3 systems shifts to simplicity to reduce any exposure to vulnerabilities in 
unused or extra code. The secure state of B3 systems must also be addressed during the 
initial boot process. B3 systems are diffi cult to attack successfully and provide suffi cient 
secure controls for very sensitive or secret data. 
Verified Protection (Category A1) 
Verifi ed protection systems are similar to B3 systems 
in the structure and controls they employ. The difference is in the development cycle. Each 
phase of the development cycle is controlled using formal methods. Each phase of the 
design is documented, evaluated, and verifi ed before the next step is taken. This forces 
extreme security consciousness during all steps of development and deployment and is the 
only way to formally guarantee strong system security. 
A verifi ed design system starts with a design document that states how the resulting sys-
tem will satisfy the security policy. From there, each development step is evaluated in the 
context of the security policy. Functionality is crucial, but assurance becomes more impor-
tant than in lower security categories. A1 systems represent the top level of security and are 
designed to handle top-secret data. Every step is documented and verifi ed, from the design 
all the way through to delivery and installation.
Other Colors in the Rainbow Series 
Altogether, there are nearly 30 titles in the collection of DoD documents that either add to 
or further elaborate on the Orange Book. Although the colors don’t necessarily mean any-
thing, they’re used to identify publications in this series. 
It is important to understand that most of the books in the rainbow series 
are now outdated and have been replaced by updated standards, guide-
lines, and directives. However, they are still included here for reference to 
address any exam items.

Select Controls Based On Systems Security Requirements 

Download 19,3 Mb.

Do'stlaringiz bilan baham:
1   ...   279   280   281   282   283   284   285   286   ...   881



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish