Summary: Youtube: Cissp Exam Cram: Models, Processes, And Frameworks

Read the summary and the most important questions on Youtube: CISSP Exam Cram: Models, Processes, and Frameworks

• 1 Domain 1: Security and Risk Management

• 1.3 Threat Modeling

  This is a preview. There are 10 more flashcards available for chapter 1.3
  Show more cards here

• Welk Threat Model is open source en focut op "acceptable" risk voor stakeholders?

  TRIKE

• 3 Domain 3: Security Architecture and Engineering

• 3.1 TSCEC, ITSEC, and Common Criteria

  This is a preview. There are 1 more flashcards available for chapter 3.1
  Show more cards here

• What evaluation criteria is: A structured set of criteria for evaluating computer security within products and systems.

  TCSEC (Trusted Computer System Evaluation Criteria)

• What evaluation criteria is:  enables an objective evaluation to validate that a particular product or system satisfies a defined set of security requirements.

  Common Criteria (ISO-IEC 15048)
  
  Common Criteria Has replaced ITCSEC and ITSEC!

• What evaluation criteria is: It represents an initial attempt to create security evaluation criteria in Europe. It uses two scales to rate functionality and assurance.

  ITSEC (Information Technology Security Evaluation Criteria)

• 3.3 Security Models

• What is the purpose of a Security Model?

  Provides a way for designers to map abstract statements into a security policy:
  

  • Determine how security will be implemented, what subjects can access the system, and what objects they will have access to.
    

• What are the properties of Security Models?

  
  

  • Simple security property: Describes rules for read
  • Star * security property: Describes rules for write
  • Invocation property: Rules around invocations (calls), such as to subjects

• What Security Models are about Integrity?

  
  

  • Biba
    State machine model (SMM)
  • Clark-Wilson
    Access control triple
  • Goguen-Meseguer
    THE noninterference model
  • Sutherland
    preventing interference (information flow and SMM)

• What Security Models are about Confidentiality?

  • Bell-LaPadula -> government (DoD)
    No read up, no write down

  • Brewer and Nash
    aka “Chinese Wall”

  • Take Grant
    Employs a “directed graph” 

• What is the definition of a State Machine Model?

  • Describes a system that is always secure no matter what state it is in.
  • Based on the computer science definition of a finite state machine (FSM).
  • A state is a snapshot of a system at a specific moment in time. All state transitions must be evaluated.
  • If each possible state transition results in another secure state, the system can be called a secure state machine.

• What is the definition of an Information Flow Model?

  
  

  • Focuses on the flow of information
  • Information flow models are based on a state machine model
  • Biba and Bell-LaPadula are both information flow models
  • Bell-LaPadula preventing information flow from a high security level to a low security level
  • Biba focuses on flow from low to high security level