Rand,
Try going through Doug's great response again until you can pass his
little "test" at the end. ALL of the terms are confusing until you
really buy into their distinctions. Think about the general uses of the
terms "threat," "vulnerability," and "risk," and how they're hard for
people without risk-management experience to distinguish *clearly*--but
the distinctions mean a lot to *you.* The same thing here...
You want "Classified" and "Top Secret" to be the extent of the puzzle,
but that is just a hierarchical component of the label--the security
level. Everyone with a SECRET clearance is not allowed to see ALL
SECRET information! Think of it this way: You have a personal
secret--about finance, for example. Let's call the "level" something
like "YOUR SECRET." Now assume that you then share that secret with two
people you trust to not spread that secret. Those people have
compartmented information at "YOUR SECRET" level. If you have another
secret (let's say this is about your love life) and you tell that to two
people--and one of those people is in the group of two people who know
your first secret, you have another compartment. If you were to print
paper labels to stick to the information in their heads you could label
the information "YOUR SECRET" *and* "finance," while the other is "YOUR
SECRET" *and* "Love." The labels tell how sensitive it is, and *also*
what group has access (the people with whom you share finance
information versus the group with which you share your Don Juan side).
If the people whom you have trusted with your information don't respect
the "compartments" they will share information with each other. If they
don't respect the "level" then they will share the information with
*anyone*.
In this case of personal information it is only one person who will get
information that you didn't want to get out--the one who wasn't in both
"compartments." Now think of national-level classified information! If
all classified information at the SECRET level was stored on one big
system with NO compartmentalization then one bad apple accessing a
system could make quite a mess!!!
Keep plugging away...
--Fritz
Rand wrote:
Still confuses the heck out of me.I think the terms themselves are to
blame. "System-high", "Compartmentalized" are just more terms to
comprehend, but in reality, using "Classified" or "Top Secret", etc.
will work just as well. Hence, saying someone has "system-high" status
can be put in this manner: this person has "full clearance" to all
systems... It's just semantics as far as I'm concerned. Let's hear some
more enlightening opinions from experienced CISSP's. I'm still a grunt...
Thanx,
Rand
On 5/15/05, Doug Landoll <dlandoll@veridyn.com
<mailto:dlandoll@veridyn.com>> wrote:
I believe some clarification is in order. To understand these
definitions you must clearly understand security labels and levels.
This is something most all CISSP books and classes gloss over. A
short tutorial follows:
1) a security LABEL is composed of both a level and a compartment
(sometimes called category or formal need to know).
a) the level is the hierarchical part of the label. i.e., Top
Secret > Secret > Confidential > Unclassified
b) the compartment is the non-hierarchical part of the label.
i.e., "Project Alpha", "Project Beta" these are simply members of
the compartment "set" and each person is either 'read onto the
program' or not. If you have been determined to have formal need to
know for "Project Alpha" information then you are read onto that
program.
c) The security label will then look like this Level:Compartment.
ie. Top Secret - Project Alpha, Secret, etc.
[That is a rather quick overview - if you still need help look up
the terms "dominance" and "non-comparable" labels.
2) When systems are deployed with sensitive information and those
systems are accessed by personnel with or without clearances, there
is a level of risk in these systems based on the difference between
the lowest cleared user and the most sensitive information. For
example, a system with SECRET cleared users and SECRET information
(no categories) is a low risk system, wereas a system with SECRET
information and UNCLASSIFIED users is a higher risk system.
3) The US Government has names for the different levels of risk in
systems based on the difference between the lowest cleared user and
the most sensitive information. These are defined as
a) System High (everybody is cleared for everything - not even
DAC-based NTK).
b) Dedicated (everybody is cleared for all labeled information,
but DAC controls are required - think personal records)
c) Compartmented Mode (everybody is cleared to the highest LEVEL
but may not have been read onto all categories - this means that MAC-
level enforcement is required. This is a big deal since many OSs do
not have MAC-based access control).
d) Multi-level System (not everybody has been cleared to the
highest LEVEL. This also means MAC control is required but there is
a higher risk. For example, there could be SECRET users and TOP
SECRET information.)
You have mastered this concept when you clearly understand the
following:
- difference between a label and a level and a compartment
- hierarchical vs. non-hierarchical
- domination, non-comparable labels
- NTK vs. Formal NTK
Good Luck,
Doug Landoll, CISSP, CISA
President, Veridyn Inc.
(512) 310-2228
--- In CISSP-Discuss@yahoogroups.com
<mailto:CISSP-Discuss@yahoogroups.com>, "Dave Sims" < davesims2@c...>
wrote:
I think your definitions are slightly skewed.
Compartmentalized security is based on need to know "Regardless"
of security level. An example might be My security rating is higher
than yours, but I am not allowed access to information stored in
your compartment because I don't work on that project, or need to
know about it.
Using need to know in system-high is somewhat confusing. System-
high mode is more a certification of the system, than the user.
This is another definition I Googled for you.
system high mode: [An] information system (IS) security mode of
operation wherein each user, with direct or indirect access to the
information system (IS), its peripherals, remote terminals, or
remote hosts, has all of the following: (a) valid security clearance
for all information within an IS; (b) formal access approval and
signed nondisclosure agreements for all the information stored
and/or processed (including all compartments, subcompartments and/or
special access programs); and (c) valid need-to-know for some of the
information contained within the IS. [INFOSEC-99]
Meaning to me that the system meets System-high parameters, and
you could still have compartmentalized security. I am not
absolutely certain on this and would welcome some more guidance from
someone else on the list.
Thanks
Dave
------------------------------------------------------------------------
Yahoo! Groups Links
* To visit your group on the web, go to:
http://groups.yahoo.com/group/CISSP-Discuss/
* To unsubscribe from this group, send an email to:
CISSP-Discuss-unsubscribe@yahoogroups.com
<mailto:CISSP-Discuss-unsubscribe@yahoogroups.com?subject=Unsubscribe>
* Your use of Yahoo! Groups is subject to the Yahoo! Terms of
Service <http://docs.yahoo.com/info/terms/>.
--
----------------------
Rand
~~~~~~~~~~~
Four wheels move the body. Two wheels move the soul.
------------------------------------------------------------------------
Yahoo! Groups Links
* To visit your group on the web, go to:
http://groups.yahoo.com/group/CISSP-Discuss/
* To unsubscribe from this group, send an email to:
CISSP-Discuss-unsubscribe@yahoogroups.com
<mailto:CISSP-Discuss-unsubscribe@yahoogroups.com?subject=Unsubscribe>
* Your use of Yahoo! Groups is subject to the Yahoo! Terms of
Service <http://docs.yahoo.com/info/terms/>.
__________ NOD32 1.992 (20050205) Information __________
This message was checked by NOD32 antivirus system.
http://www.nod32.com
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/CISSP-Discuss/
<*> To unsubscribe from this group, send an email to:
CISSP-Discuss-unsubscribe@yahoogroups.com
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
