WGU, Information Security and Assurance (C725), SET IV STUDY Questions and Answers (2022/2023) (Verified Answers)
3 keer bekeken 0 aankoop
Vak
WGU, Information Security and Assurance
Instelling
WGU, Information Security And Assurance
WGU, Information Security and Assurance (C725), SET IV STUDY Questions and Answers (2022/2023) (Verified Answers)
Part 1: Introduction and General Model
Part 2: CC Evaluation Methodology
Part 3: Extensions to the Methodology
Three parts of the Common Evaluation Methodology
This part of the C...
WGU, Information Security and Assurance (C725),
SET IV STUDY Questions and Answers (2022/2023)
(Verified Answers)
Part 1: Introduction and General Model
Part 2: CC Evaluation Methodology
Part 3: Extensions to the Methodology
Three parts of the Common Evaluation Methodology
This part of the CEM describes agreed-upon principles of evaluation and
introduces agreed-upon evaluation terminology dealing with the process of
evaluation.
Part 1: Introduction and General Model
This part of the CEM is based on CC Part 3 evaluator actions. It uses well-defined
assertions to refine CC Part 3 evaluator actions and tangible evaluator activities
to determine requirement compliance. In addition, it offers guidance to further
clarify the intent evaluator actions. This part provides for methodologies to
evaluate the following:
PPs
STs
EAL1
EAL2
EAL3
EAL4
EAL5
EAL6
EAL7
Components not included in an EAL
Part 2: CC Evaluation Methodology
This part of the CEM takes full advantage of the evaluation results. This part
includes topics such as guidance on the composition and content of evaluation
document deliverables.
Part 3: Extensions to the Methodology
Bell-LaPadula model
Biba integrity model
Clark and Wilson model
Noninterference model
State machine modelAccess matrix model
Information flow model
Security models that help evaluators determine if the implementation of a reference
monitor meets the design requirements
The two security models that were a major influence for the TCSEC and ITSEC,
Bell-LaPadula model and the Biba integrity model
, Formed in the 1970's, a formal security model that describes a set of access
control rules. A subjects access to an object is allowed or disallowed by
comparing the objects security classification with the subjects security
clearance. It is intended to preserve the principle of least privilege. It is a formal
description of allowable paths of information flow in a secure system and defines
security requirements for systems handling data at different sensitivity levels.
The model defines a secure state and access between subjects and objects in
accordance with specific security policy.
Bell-LaPadula Model
The Biba model covers integrity levels, which are analogs to the sensitivity levels
from the Bell-LaPadula model. Integrity levels cover inappropriate modification of
data and prevent unauthorized users from making modifications to resources and
data.
This security model uses a read-up, write-down approach. Subjects cannot read
objects of lesser integrity and cannot write to objects of higher integrity. Think of
CIA analysts and the information they need to perform their duties. Under this
model, an analyst with Top Secret clearance can see only information that's
labeled as Top Secret with respect to integrity (confirmed by multiple sources,
and so forth); likewise, this analyst can contribute information only at his or her
clearance level. People with higher clearances are not "poisoned" with data from
a lower level of integrity and cannot poison those with clearances higher than
theirs.
Biba Integrity Model
A security model that Proposes "well formed transactions." It requires
mathematical proof that steps are performed in order exactly as they are listed,
authenticates the individuals who perform the steps, and defines separation of
duties.
Clark and Wilson model
A security model that covers ways to prevent subjects operating in one domain
from affecting each other in violation of security policy.
Covers ways to prevent subjects operating in one domain from affecting each other in
violation of security policy.
A security model that acts as an abstract mathematical model consisting of state
variables and transition functions.
State machine mode
A security model that acts as a state machine model for a discretionary access
control environment.
Access matrix model
A security model that simplifies analysis of covert channels. A covert channel is a
communication channel that allows two cooperating processes of different
security levels (one higher than the other) to transfer information in a way that
violates a system's security policy.
Information flow model
Which of the following terms best describes the primary concern of the Biba
security model?
Voordelen van het kopen van samenvattingen bij Stuvia op een rij:
Verzekerd van kwaliteit door reviews
Stuvia-klanten hebben meer dan 700.000 samenvattingen beoordeeld. Zo weet je zeker dat je de beste documenten koopt!
Snel en makkelijk kopen
Je betaalt supersnel en eenmalig met iDeal, creditcard of Stuvia-tegoed voor de samenvatting. Zonder lidmaatschap.
Focus op de essentie
Samenvattingen worden geschreven voor en door anderen. Daarom zijn de samenvattingen altijd betrouwbaar en actueel. Zo kom je snel tot de kern!
Veelgestelde vragen
Wat krijg ik als ik dit document koop?
Je krijgt een PDF, die direct beschikbaar is na je aankoop. Het gekochte document is altijd, overal en oneindig toegankelijk via je profiel.
Tevredenheidsgarantie: hoe werkt dat?
Onze tevredenheidsgarantie zorgt ervoor dat je altijd een studiedocument vindt dat goed bij je past. Je vult een formulier in en onze klantenservice regelt de rest.
Van wie koop ik deze samenvatting?
Stuvia is een marktplaats, je koop dit document dus niet van ons, maar van verkoper QUICKEXAMINER. Stuvia faciliteert de betaling aan de verkoper.
Zit ik meteen vast aan een abonnement?
Nee, je koopt alleen deze samenvatting voor €11,88. Je zit daarna nergens aan vast.
