Re: [CCCure CISSP] CISSPstudy Digest, Vol 66, Issue 2

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Re: [CCCure CISSP] CISSPstudy Digest, Vol 66, Issue 2

Maxwel Kendagor
I concur with Nandj. You have expounded it clearly.. Kudos

rgds,

Maxwel


On Tue, Dec 17, 2013 at 8:06 AM, <[hidden email]> wrote:
Send CISSPstudy mailing list submissions to
        [hidden email]

To subscribe or unsubscribe via the World Wide Web, visit
        http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
or, via email, send a message with subject or body 'help' to
        [hidden email]

You can reach the person managing the list at
        [hidden email]

When replying, please edit your Subject line so it is more specific
than "Re: Contents of CISSPstudy digest..."


Today's Topics:

   1. Security model question (abid James)
   2. Who needs to send the endorsement form to ISC2 -  candidate or
      the endorser? (Amlan Deb)
   3. Re: Who needs to send the endorsement form to ISC2 -
      candidate or the endorser? (Clement Dupuis)
   4. Re: question on chapter 6 of Shon Harris's 6th edition (SB2013)
   5. Re: Security model question (Nandkumar Jiwade)


----------------------------------------------------------------------

Message: 1
Date: Mon, 16 Dec 2013 23:48:47 +0530
From: abid James <[hidden email]>
To: "[hidden email]" <[hidden email]>
Subject: [CCCure CISSP] Security model question
Message-ID: <[hidden email]>
Content-Type: text/plain; charset="iso-8859-1"

The newark police maintain a database of addresses of convicted sex offenders
supplied by the country courthouse. They also main two other databases of the
resident addreesses supplied by the country voter registration department and those collected at local hospital, but computer controls are in place that override the updating of the sex offender addressess based on these records
what security model is being used

1) bell-lapadula
2) biba
3) clark-wilson
4) non-interference

Can anyone explain the question i find difficulty in answering this question.

regards
sameer

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cccure.org/mailman/private/cisspstudy_cccure.org/attachments/20131216/b25db034/attachment.html>

------------------------------

Message: 2
Date: Mon, 16 Dec 2013 10:34:44 -0800 (PST)
From: Amlan Deb <[hidden email]>
To: The CISSP Study Mailing list <[hidden email]>
Subject: [CCCure CISSP] Who needs to send the endorsement form to ISC2
        -       candidate or the endorser?
Message-ID:
        <[hidden email]>
Content-Type: text/plain; charset="iso-8859-1"

Hi,
?
Does the endorser have to send the completed form + candidate CV to ISC2 or does the candidate have to do so after getting the form attested and signed by the endorser?
?
Or does it not matter who sends it to ISC2 as long as the form is completed and signed by both the parties?
?
Thanks,
Amlan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cccure.org/mailman/private/cisspstudy_cccure.org/attachments/20131216/1bebc4d4/attachment.html>

------------------------------

Message: 3
Date: Mon, 16 Dec 2013 13:48:17 -0500
From: Clement Dupuis <[hidden email]>
To: Amlan Deb <[hidden email]>,         The CISSP Study Mailing list
        <[hidden email]>
Subject: Re: [CCCure CISSP] Who needs to send the endorsement form to
        ISC2 - candidate or the endorser?
Message-ID:
        <CALR7dM28F2Bk+e6H4vhkMK9rYz+i=[hidden email]>
Content-Type: text/plain; charset="iso-8859-1"

Good day Amlan,

It can be either.  It does not matter.

Best regards

Clement


Clement Dupuis, CD

Chief Learning Officer (CLO) and Security Evangelist
GCFW, GCIA, Security+ 301, CEH V7, CCSA, CCSE,  + 12 others

SecureNinja
Office : +703 535 8600
Mobile: +1 407 433 6444

Email: [hidden email]

Web: www.secureninja.com

Connect with me on LinkedIn | Follow me on Twitter


Description: Secure Ninja @ LinkedinDescription: See Us @
YoutubeDescription: Like us on FacebookDescription: Fallow us Twitter

901 N. Pitt Street, Suite 105
Alexandria, VA  22314

Description: Description: sn_logo

In Cyberspace:

[hidden email]
Clement Dupuis, CD
President/Founder/Chief Security Evangelist
The CCCure Family of Portals
----------------------------------------------------------------------------------------------
Maintainer of :

The CCCure Quiz Engine
https://www.freepracticetests.org/quiz/index.php?page=home

The CCCure Family of Portals
http://www.cccure.org

The Professional Security Testers Warehouse
http://www.professionalsecuritytesters.org/

Knowledge sharing and giving back to the community

-------------------------------------------------------------------------------------------------------
>>  Call me to get the best CISSP, Security+, or other Security related
training  <<
-------------------------------------------------------------------------------------------------------


On Mon, Dec 16, 2013 at 1:34 PM, Amlan Deb <[hidden email]> wrote:

> Hi,
>
> Does the endorser have to send the completed form + candidate CV to ISC2
> or does the candidate have to do so after getting the form attested and
> signed by the endorser?
>
> Or does it not matter who sends it to ISC2 as long as the form is
> completed and signed by both the parties?
>
> Thanks,
> Amlan
>
> _______________________________________________
> You can find the list archive at:
> http://cissp-study.3965.n7.nabble.com/
>
> CISSPstudy mailing list
> [hidden email]
>
> To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
> http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cccure.org/mailman/private/cisspstudy_cccure.org/attachments/20131216/7c3322f9/attachment.html>

------------------------------

Message: 4
Date: Mon, 16 Dec 2013 19:01:23 -0800 (PST)
From: SB2013 <[hidden email]>
To: [hidden email]
Subject: Re: [CCCure CISSP] question on chapter 6 of Shon Harris's 6th
        edition
Message-ID: <[hidden email]>
Content-Type: text/plain; charset=us-ascii

Thank you Doug and Eoin for your responses.

I am in more agreement with Eoin's response given the context of the chapter
on WAN.

Many thanks.

SB2013



--
View this message in context: http://cissp-study.3965.n7.nabble.com/question-on-chapter-6-of-Shon-Harris-s-6th-edition-tp500p516.html
Sent from the CISSP_Study mailing list archive at Nabble.com.



------------------------------

Message: 5
Date: Tue, 17 Dec 2013 10:36:15 +0530
From: Nandkumar Jiwade <[hidden email]>
To: The CISSP Study Mailing list <[hidden email]>
Subject: Re: [CCCure CISSP] Security model question
Message-ID:
        <[hidden email]>
Content-Type: text/plain; charset="windows-1252"

Ans:-  *Clark - Wilson Model*.

uses the following elements:? *Users-*Active agents,? *Transformation
procedures (TPs)-*Programmed abstract operations, such as read, write, and
modify ? *Constrained data items (CDIs)-*Can be manipulated only by
TPs ? *Unconstrained
data items (UDIs)-*Can be manipulated by users via primitive read and write
operations ? *Integrity verification procedures (IVPs)-*Check the
consistency of CDIs with external reality.

When an application uses the Clark-Wilson model, it separates data into one
subset that needs to be highly protected, which is referred to as a
constrained data item (CDI), and another subset that does not require a
high level of protection, which is called an unconstrained data item (UDI).
Users cannot modify critical data (CDI) directly. Instead, the subject
(user) must be authenticated to a piece of software, and the software
procedures (TPs) will carry out the operations on behalf of the user. For
example, when Kathy needs to update information held within her company?s
database, she will not be allowed to do so without a piece of software
controlling these activities. First, Kathy must authenticate to a program,
which is acting as a front end for the database, and then the program will
control what Kathy can and cannot do to the information in the database.
This is referred to as *access triple: *subject (user), program (TP), and
object (CDI). A user cannot modify CDI without using a TP. So, Kathy is
going to input data, which is supposed to overwrite some original data in
the database. The software (TP) has to make sure this type of activity is
secure and will carry out the write procedures for Kathy. Kathy (and any
type of subject) is not trusted enough to manipulate objects directly.
(SH-AIO-6thEd.)

Eliminating options- 1] BLP- confidentiality model- as the question in
scenario is relate to Updating of records.
2] Biba and The Bell-LaPadula model uses a lattice of security levels (top
secret, secret, sensitive, and so on). These security levels were
developed mainly
to ensure that sensitive data were only available to authorized individuals.

4] Non-Interference:  The non-interference model is all about preventing
covert channels through shared resources or inference attacks.



Regds,

Nandj



On Mon, Dec 16, 2013 at 11:48 PM, abid James <
[hidden email]> wrote:

>  The newark police maintain a database of addresses of convicted sex
> offenders
> supplied by the country courthouse. They also main two other databases of
> the
> resident addreesses supplied by the country voter registration department
> and those collected at local hospital, but computer controls are in place
> that override the
>
>
> * updating of the sex offender addressess based on these recordswhat
> security model is being used*1) bell-lapadula
> 2) biba
> 3) clark-wilson
> 4) non-interference
>
> Can anyone explain the question i find difficulty in answering this
> question.
>
> regards
> sameer
>
> _______________________________________________
> You can find the list archive at:
> http://cissp-study.3965.n7.nabble.com/
>
> CISSPstudy mailing list
> [hidden email]
>
> To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
> http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cccure.org/mailman/private/cisspstudy_cccure.org/attachments/20131217/4e5f054d/attachment.html>

------------------------------

Subject: Digest Footer

_______________________________________________
You can search through the mailing list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org


------------------------------

End of CISSPstudy Digest, Vol 66, Issue 2
*****************************************


_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org