CISSP Security Architecture and Design - Domain 6 Flashcards
Q
A
Security Definitions - Framework
A defined approach to the process used to achieve the goals of an architecture, based on policy, and reflecting the requirements and expectations the various stakeholders.
Security Definitions - Blueprint
The functional definition for the integration and development of technology infrastructure into the business process.
ISO/IEC 27001
- General reuirements of the ISMS 2. Managment responsibility 3 Internal ISMS audits 4. Managment review of the ISMS 5. ISMS improvement
ISO/IEC 27002
- Security policy 2. Organization and Information Security 3. Asset management 4 Human Resources Security 5. Physical and Environmental Security 6. Communications and Operations management 7. Access control 8. IS Acquisitions, development and maintenance 9 IS Incident management 10. Business continuity Management 11. Compliance
Control Objects for Information and related technology - COBIT
An IT management framework.
Dedicated Security Mode
- Cannot separate compartments or categories. 2. All users have need to know access to all data.
Compartmented Security Mode
When all users have the clearance to access all the information processed by the system, but might not have the need to know.
Lattice based Access Control
- Every pair of elements (subject and object) has a partially ordered set with a greatest lower bound and least upper bound of access rights. 2. Bounds can be confidentiality levels (classifications and clearances) or integrity levels.
Non-Interference Model for Access Control
- Based on a theory where th users are separated into different domains. 2. Uses a state machine approach that keeps track of which actions are allowed for which users. 3. Users’ actions in one domain cannot affect or interfere with users in other domains. 4. A subject cannot be influenced by the behavior of other subjects at higher security levels.
Information Flow model - Access Control
- Each input induces a state transition and a specific output. 2. Restricts information from flowing in ways that would go against the security policy.
Bell-LaPadula Security Model (Confidentiality)
- Formal state transition model that divides entities into subjects and objects. 2. The model outlines how to keep a secure state in every transaction by only allowing subjects certain access rights. 3. The clearance of the subject attempting to access an object is compared with that objects classification. 4 The clearance/classification scheme is expressed in terms of a lattice.
Biba Security Model - Integrity (read up write down)
- No subject can depend on a less trusted object 2. Based on a hierarchical lattice of integrity levels
Biba Security Model - Rules (read up write down)
- Subject cannot write data to an object at a higher integrity level 2. Subject cannot read data from an object at a lower integrity level.
Clark-Wilson Security Model (Integrity)
- Well formed transactions: constraints on user to ensure the internal consistency of data is not affected 2. Seperation of duties: ensures the consistency of data 3. This model patrons objects into programs and data. 4. Access Triple: subject must go through a program to access and modify data.
Clark-Wilson Security Model - 3 Integrity Goals
- Prevents unathorized users from making modifications 2. Prevents authorized users from making improper modifications 3 maintains internal and external consistency
Brewer and Nash Security Model (Chinese Wall)
- Mathmatical theory used to implement dynamically changing access permissions 2. Defines a wall and develops a set of rules that ensure that no subject accesses objects on the other side of the wall 3 Individuals are only allowed to access data that is not in conflict with data they accessed previously 4. Way of separating competitors data within same dbase. 5. Tries to ensure that usr do not make fraudulent modifications to objects.
Graham-Denning Security Model
Primary concerened with how subjects and objects are created, how subjects are assigned rights and privileges and how ownership of objects is managed. Think MS permissions.
Evaluation of Security Products
- Helps vendors develop a product to meet the markets demand 2. Third party verifying the security mechanisms and acclaimed protection in products 3. Provide a common metric to understand and talk about protection provided in products. 4 A “grading” system
Security Product evaluations
Degree of independence of the eval team is crucial 2. Evaluation criteria needs to reflect security features 3. Accreditation is environment and system specific 4. Balance of risk and benefits
Security evaluations - Evaluation standards
- Trusted Computer System Evaluation Criteria (TCSEC) 2. Information Technology Security Evaluation (ITSEC) 3. ISO.IEC 15408 Common Criteria
TCSEC
- Devloped by National Computer Security Center for DOD 2. Based on the Bell-LaPadula model 3. Rainbow series
Rainbow Series (TCSEC)
- Orange book rated operations systems - standalone 2. Red book - Trusted Network Interpretation of the TCSEC
TCSEC Breadkdowns
- Addresses confidentiality only 2. Functionality and assurance of the security mechanisms are not evaluated separately but combined and rated as a whole system 3. Grded classification of systems that is divided into hierarchal divisions of security levels: A greater than B to B3 (MAC) which is greater than C (DAC) which greater than D which is minimal protection. Each higher level is inclusive of all the levels below.
TCSEC Levels C1- Discretionary Security Protection
- Seperation of users and data 2. Cooperating users processing data at the same sensitivity
TCSEC Levels C2 - Controlled Access Protection
- Object reuse 2. Protect Audit trail
TCSEC Levels B1 - Labeled security protection
- Labels and MAC 2. Process isolation in system architecture 3. Design Specifications and verification 4. Device Labels
TCSEC Levels B2 - Structured Protection
- Device Labeland subject sensitivity labels 2. Trusted path 3. Seperation of Operator and administrator functions 4. Covert channel analysis
TCSEC Level B3 - Security Domains
- Security Administrator role defined 2. Trusted recovery 3. Monitor events and notify security personnel
TCSEC Level A1 - Verified Design
Formal Methods
ITSEC
- DEvelop in Europe to establish one standard for evaluating the security of systems 2. Evaluates functionality and assurance separately 3. F1-F10 rates of functionality 4. E0-E6 rates for assurance - assurance is a measurement of correctness and a judgement of its effectiveness of security functionality and provides confidence
Common Criteria
- ISO/IEC 15408 2. Rainbow series was too rigid and did not take many things into account 3. ITSEC provided more flexibility, but added more complexity with its attempts 4. Made up from - TCSEC ITSEC Canadian Trusted Computer Product Evaluation Criteria (CTCPEC) Federal Criteria
Common Criteria Components
- Protection profile - description of needed security solution 2. Target of Eval nation - product proposed to provide needed security solution 3. Security target - written by vendor explain security functionality and assurance mechanisms that meet the needed security solution 4 Packages - Evaluation Assurance Levels (EAL) security requirements are bundled into package for reuse and describes what must be met to achieve specific EAL ratings
EAL 1
Functionally Tested
EAL 2
Structurally Tested
EAL 3
Methodically tested and checked
EAL 4 - most often used
Methodically designed, tested and reviewed
EAL 5
Semi-formally designed and tested
EAL 6
Semi-formally verified designed and tested
EAL 7
Formally verified designed and tested