Exam 6: Security Management Models

Under the Bell-LaPadula model,the ____ property prohibits a high-level subject from sending messages to a lower-level object.In short,subjects can read down and objects can write or append up.

Need to know limits a user's access to the specific information required to perform the currently assigned task,and not merely to the category of data required for a general work function._________________________

Under ITSEC,what is the highest level of assessment a product can be rated?

Which of the following is NOT a change control principle of the Clark-Wilson model?

A(n)____________________ is the outline of an information security blueprint.

ISO/IEC 27001's primary purpose is to enable organizations that adopt it to obtain ____________________,and thus the standard makes a better assessment tool than an implementation framework.

Operational controls cover security processes designed by strategic planners,are integrated into the organization's management practices and are routinely used by security administrators to design,implement and monitor other control systems._________________________

When MACs are implemented,users and data owners have limited control over access to information resources.

The ____________________ integrity model is based on the premise that higher levels of integrity are more worthy of trust than lower ones,with the intent to provide access controls to ensure that objects or subjects cannot have less integrity as a result of read/write operations.

Which of the following is NOT a purpose of the ISO/IEC 17799 (later 27002)standard?

____________________ -based access controls assign users a matrix of authorizations for particular areas of access,and contains subjects and objects,with the boundaries associated with each subject/object pair clearly demarcated.

The major process steps in the ISO 27000 series include Plan-Do-Check-Act.

Controls that remedy a circumstance or mitigate damage done during an incident as called ____,

A control requiring that significant tasks be split up in such a way that more than one individual is responsible for their completion is known as ____.

Management controls deal with the functions of security that have been integrated into the repeatable processes of the organization.

According to COSO a(n)____ is a process,effected by an entity's board of directors,management and other personnel,designed to provide reasonable assurance regarding the achievement of the objectives.

All security models discussed in the text are freely available to the public.

One discretionary model is ____________________-based access controls,in which access is granted based on a set of mandates specified by the central authority.

The ___ or Chinese Wall model is designed to prevent a conflict of interest between two parties.

The original purpose of ISO/IEC 17799 was to give recommendations for information security management for use by those who are responsible for initiating,implementing,or maintaining security in their organization._________________________