Exam 8: Security Management Models

The information security principle that requires significant tasks to be split up so that more than one individual is required to complete them is called isolation of duties.

Which of the following is a generic blueprint offered by a service organization which must be flexible,scalable,robust,and detailed? 

ISO/IEC 27001 provides implementation details on how to implement ISO/IEC 27002 and how to set up a(n)____________________.

One approach used to categorize access control methodologies categorizes controls based on their operational impact on the organization. What are these categories as described by NIST?

​A security ​monitor is a conceptual piece of the system within the trusted computer base that manages access controls-in other words,it mediates all access to objects by subjects.

In a lattice-based access control,a restriction table is the row of attributes associated with a particular subject (such as a user).​

Which security architecture model is based on the premise that higher levels of integrity are more worthy of trust than lower ones.

Controls implemented at the discretion or option of the data user.

Ratings of the security level for a specified collection of information (or user)within a mandatory access control scheme.

Which of the following provides advice about the implementation of sound controls and control objectives for InfoSec,and was created by ISACA and the IT Governance Institute? 

Separation of duties is the principle by which members of the organization can access the minimum amount of information for the minimum amount of time necessary to perform their required duties.

To design a security program,an organization can use a(n)____________________,which is a generic outline of the more thorough and organization-specific blueprint offered by a service organization.

What are the two primary access modes of the Bell-LaPadula model and what do they restrict?

Under the Common Criteria,which term describes the user-generated specifications for security requirements? 

Requires that significant tasks be split up in such a way that more than one individual is responsible for their completion.

In information security,a specification of a model to be followed during the design, selection,and initial and ongoing implementation of all subsequent security controls is known as a blueprint.

Within TCSEC,the combination of all hardware,firmware,and software responsible for enforcing the security policy.

Which of the following is NOT one of the three levels in the U.S.military data classification scheme for National Security Information? 

Which of the following is NOT a change control principle of the Clark-Wilson model? 

Lattice-based access control specifies the level of access each subject has to each object,if any.