Exam 6: Security Management Models

Bell-LaPadula security rules prevent information from being moved from a level of higher security to a level of lower security.

Separation of duties is the principle by which members of the organization can access the minimum amount of information for the minimum amount of time necessary to perform their required duties.

Under lattice-based access controls,the column of attributes associated with a particular object (such as a printer)is referred to as a(n)____.

____ controls cover security processes that are designed by the strategic planners and executed by security administrators.

One discretionary model is ____,in which access is granted based on a set of rules specified by the central authority.

Information Technology-Code of Practice for Information Security Management was originally published as British Standard BS7799.

One of the key elements of the Clark-Wilson model is the unconstrained data item which is a data item with protected integrity._________________________

To design a security blueprint,an organization can use a(n)____________________,which is a generic blueprint offered by a service organization.

The personnel security ____________________ structure assigns each user of an information asset an authorization level that identifies the level of information classification he or she can access.

Providing information security for the information and information systems that support the operations and assets under their control is the primary responsibility of which group under the InfoSec governance framework?

The primary objective of the Committee of Sponsoring Organizations of the Treadway Commission (COSO),a private-sector initiative formed in 1985,is to identify the factors that cause fraudulent financial reporting and to make recommendations to reduce its incidence._________________________

Nondiscretionary controls can be based on roles or on a specified set of ____________________.

In an access control matrix,as part of lattice-based controls,the column of attributes associated with a particular object (such as a printer)is referred to as a(n)capability table._________________________

Under the TCSEC model,the term ____ can be misleading-note that in this context,it means that components are part of the TCB security system,but it does not necessarily follow that they are all above reproach.

Within lattice-based access controls,the row of attributes associated with a particular subject (such as a user)is referred to as a capabilities table.

There are six access controls methodologies categorized by their inherent characteristics.List and briefly define them.

A convenience store safe that can only be opened during store hours is an example of the ____________________ isolation access control.

Under the Common Criteria,____ is the user-generated specifications for security requirements.

The ITSEC is the international set of criteria for evaluating computer systems and is very similar to the TCSEC._________________________

Which of the following is the primary purpose of ISO/IEC 27001:2005?