Summary: Youtube: Cissp Exam Cram: Models, Processes, And Frameworks

Study material generic cover image
  • This + 400k other summaries
  • A unique study and practice tool
  • Never study anything twice again
  • Get the grades you hope for
  • 100% sure, 100% understanding
Use this summary
Remember faster, study better. Scientifically proven.
Trustpilot Logo
PLEASE KNOW!!! There are just 54 flashcards and notes available for this material. This summary might not be complete. Please search similar or other summaries.

Read the summary and the most important questions on Youtube: CISSP Exam Cram: Models, Processes, and Frameworks

  • 1 Domain 1: Security and Risk Management

  • 1.3 Threat Modeling

    This is a preview. There are 10 more flashcards available for chapter 1.3
    Show more cards here

  • Welk Threat Model is open source en focut op "acceptable" risk voor stakeholders?

    TRIKE
  • 3 Domain 3: Security Architecture and Engineering

  • 3.1 TSCEC, ITSEC, and Common Criteria

    This is a preview. There are 1 more flashcards available for chapter 3.1
    Show more cards here

  • What evaluation criteria is: A structured set of criteria for evaluating computer security within products and systems.

    TCSEC (Trusted Computer System Evaluation Criteria)
  • What evaluation criteria is:  enables an objective evaluation to validate that a particular product or system satisfies a defined set of security requirements.

    Common Criteria (ISO-IEC 15048)

    Common Criteria Has replaced ITCSEC and ITSEC!
  • What evaluation criteria is: It represents an initial attempt to create security evaluation criteria in Europe. It uses two scales to rate functionality and assurance.

    ITSEC (Information Technology Security Evaluation Criteria)
  • 3.3 Security Models

  • What is the purpose of a Security Model?

    Provides a way for designers to map abstract statements into a security policy:
    • Determine how security will be implemented, what subjects can access the system, and what objects they will have access to.
  • What are the properties of Security Models?


    • Simple security property: Describes rules for read
    • Star * security property: Describes rules for write
    • Invocation property: Rules around invocations (calls), such as to subjects
  • What Security Models are about Integrity?


    • Biba
      State machine model (SMM)
    • Clark-Wilson
      Access control triple
    • Goguen-Meseguer
      THE noninterference model
    • Sutherland
      preventing interference (information flow and SMM)
  • What Security Models are about Confidentiality?

    • Bell-LaPadula -> government (DoD)
      No read up, no write down
    • Brewer and Nash
      aka “Chinese Wall”
    • Take Grant
      Employs a “directed graph” 
  • What is the definition of a State Machine Model?

    • Describes a system that is always secure no matter what state it is in.
    • Based on the computer science definition of a finite state machine (FSM).
    • A state is a snapshot of a system at a specific moment in time. All state transitions must be evaluated.
    • If each possible state transition results in another secure state, the system can be called a secure state machine.
  • What is the definition of an Information Flow Model?


    • Focuses on the flow of information
    • Information flow models are based on a state machine model
    • Biba and Bell-LaPadula are both information flow models
    • Bell-LaPadula preventing information flow from a high security level to a low security level
    • Biba focuses on flow from low to high security level
PLEASE KNOW!!! There are just 54 flashcards and notes available for this material. This summary might not be complete. Please search similar or other summaries.

To read further, please click:

Read the full summary
This summary +380.000 other summaries A unique study tool A rehearsal system for this summary Studycoaching with videos
  • Higher grades + faster learning
  • Never study anything twice
  • 100% sure, 100% understanding
Discover Study Smart