הכנה למבחן בניהול אבטחת מידע

A multi-level security system is a class of system containing information with different sensitivities that simultaneously permits access by users with different security clearances and needs-to-know, but prevents users from obtaining access to information for which they lack authorization.

A TCB is defined as the totality of protection mechanisms within a computer system, including hardware, firmware, software, processes, and some inter-process communications; and when combined are responsible for ensuring a security policy.

Calling applications must be checked to ensure they do not attempt to exploit the ODBC drivers and gain elevated system access.

One approach for Internet access is to create a “tiered” application approach that manages data in layers. There can be any number of layers; however, the most typical architecture is to use a three-tier approach: presentation layer, business logic layer, and the data layer. This is sometimes referred to as the Internet Computing Model because the browser is used to connect to an application server that then connects to a database.

Included in preventive controls are physical, administrative, and technical measures intended to preclude actions violating policy or increasing risk to system resources.

Recovery controls are necessary to restore the system or operation to a normal operating state. Answer a is more correctly a corrective control.

Privileged users must be subject to periodic recertification to maintain the broad level of privileges that have been assigned to them

Ideally, controls must be transparent to users within the resource protection schema.

The classes of failures that have been identified in the Trusted Recovery Guide by the National Computer Security Center include: statetransition (action) failures, trusted computing base failures, media failures, and discontinuity of operation. Note that a buffer overflow may be a state transition type of failure, but the reader should know these terms and what they apply to.