13-6

Question 1

this is a document created by a user that identifies user security requirements

Answer 1

protection profile

Question 2

this is a document created by the developer of a particular system that identifies the security capabilities of a particular product

Answer 2

security target

Question 3

specify individuals security functions that a particular product should provide

Answer 3

security functional requirements

Question 4

describe what measures are taken during the development of a product to ensure that it actually complied with the security functionality

Answer 4

security assurance requirements

Question 5

this is a formal security model that describes various access control rules . one of the earliest computer security models. developed by Bell and Lapadula in 73. designed to enforce access control in gove and military applications

Answer 5

Bell - Lapadula Model

Question 6

a system is secure if and only if the state is a secure state and all state transitions are secure, then every subsequent state will also be secure , no matter what inputs occur

Answer 6

Bell Lapadula Model basic security theorum

Question 7

this model divides a system into a series of subjects and objects

Answer 7

bell lapadula model

Question 8

a ____ is any entity that is attempting to access a system or date. it usually refers to an application or system that is attempting to access a system or data.

Answer 8

subject

Question 9

4 clasification types

Answer 9

unclassified, classified, secret, top secret

Question 10

this means that a subject can read an object only if the security level of the subject is higher that or equal to the security of the object

Answer 10

simple security property or ss property

Question 11

a subject can write an object only if the security level of the object is higher than or equal to the security level of the subject.

Answer 11

• propert

Question 12

this is an older model established in 1977. similar to bell lapadula and also uses subuect and objects. it controls object modification

Answer 12

Biba Integrity Model

Question 13

this model comes in three parts. a subject cannot execute objects that have lower level of iegrity than the subject. a subject cannot modify objects that have a higher level of integrity. a subject may not request service that have a hgier integrity level.

Answer 13

Biba Integrity Modle

Question 14

published in1987, like the Bel Alpadula model its a subject object model. it introduces programs.

Answer 14

clark wilson model

Question 15

the 2 primary elements for achieving data integrity for this model is a well formed transaction and separation of duties.

Answer 15

clark wilson model

Question 16

the ____________ looks a s systems transition from one state to another. start with capoturing the current state of the system. a capture is performed again later and compared to the first to determine if a violation ahs been made

Answer 16

State Machine Model

Question 17

the 4 things to eveluate in the state machine model

Answer 17

users, states, commands, output

Question 18

was passed as part of the American Recoveries and reinvestment act of 2009. makes several modifications to Hippa

Answer 18

HITECH