This is why I subscribe to this list--a superb discussion on symmetric key
and authentication. Thanks!
Tom Falter, CISSP
-----Original Message-----
From: CISSP-Discuss@yahoogroups.com
[mailto:CISSP-Discuss@yahoogroups.com]
Sent: Friday, May 20, 2005 10:35 AM
To: CISSP-Discuss@yahoogroups.com
Subject: [CISSP-D] Digest Number 628
There are 9 messages in this issue.
Topics in this digest:
1. REVIEW: "CISSP Exam Notes", K. Wan
From: "Rob, grandpa of Ryan, Trevor, Devon & Hannah"
<rslade@computercrime.org>
2. common criteria evalution criteria
From: Nishidhdha <nishidhdha@yahoo.com>
3. RE: Symmetric Key and authentication.
From: "Clement Dupuis" <cdupuis@cccure.org>
4. Re: System-high security mode vs Compartmented security mode
From: Fritz Ames <fritzames@earthlink.net>
5. Re: Symmetric Key and authentication.
From: "Doug Landoll" <dlandoll@veridyn.com>
6. Re: question on studying
From: "email2mno" <email2mno@yahoo.com>
7. Re: Symmetric Key and authentication.
From: "Doug Landoll" <dlandoll@veridyn.com>
8. RE: System-high security mode vs Compartmented security mode
From: "Connelly, Thomas J." <Thomas_J._Connelly@oa.eop.gov>
9. book review
From: "snoopytbi" <snoopytbi@yahoo.fr>
________________________________________________________________________
________________________________________________________________________
Message: 1
Date: Thu, 19 May 2005 16:14:18 -0800
From: "Rob, grandpa of Ryan, Trevor, Devon & Hannah"
<rslade@computercrime.org>
Subject: REVIEW: "CISSP Exam Notes", K. Wan
BKCISPEN.RVW 20050330
"CISSP Exam Notes", K. Wan, 2003, 988-97323-1-9, U$24.95
%A K. Wan kplab@pacific.net.hk
%C Hong Kong
%D 2003
%G 988-97323-1-9
%I KP Lab Limited
%O U$24.95 http://www.kp-lab.com/
%O http://www.powells.com/cgi-bin/biblio?inkey=91-9889732319-0
%O Audience i- Tech 2 Writing 1 (see revfaq.htm for explanation)
%P 196 p. (PDF ebook)
%T "CISSP Exam Notes - All you need to pass the exam"
This appears to be a self-published ebook, available from the author,
in PDF format. Despite the fact that an ebook softcopy could readily
be edited, it has not been updated in the two years since it was
published: some of the CISSP requirements have changed since then, and
the book does not reflect that.
The ten domains of the CISSP CBK (Common Body of Knowledge) are
covered in ten chapters, with the material provided in point form.
The structure and flow of the material bears a striking resemblance to
the slides in the (ISC)^2 CISSP review seminar. However, given minor
discrepancies, I suspect that the book is not directly based on the
(ISC)^2 slides, but rather on another course that, itself, was based
on the (ISC)^2 CBK review seminar. (In response to the initial draft
of this review, the author responded that his ebook was based on the
other books that followed the course outline, rather than on the
course itself.) (Wan's company, KP Lab, seems to be restricted to
producing training guides for various certifications.)
As noted, the points in the book follow the structure of the course
slides. There is usually a sentence or phrase expanding or explaining
each point from the Common Body of Knowledge listing, so the material
is slightly longer than the subject outline that is available from the
(ISC)^2 site. The explanations are, however, briefer even than those
in the first edition of "The CISSP Prep Guide" by Krutz and Vines (cf.
BKCISPPG.RVW), which is, itself, one of the tersest guides on the
market. As with that work, and other similar texts, if you do not
already know the content, this tome will not help you very much.
Unlike most other CISSP study guides, there are no "sample" questions.
Overall, the points are reasonably well selected. (The section on
malware is very disappointing, and the section on legal concepts is
rather weak.) The material is more up-to-date than any other besides
the "Official (ISC)^2 Guide to the CISSP Exam" (cf. BKOIGTCE.RVW). In
terms of books dealing with an overall familiarization with the topics
to be covered on the CISSP exam, this one does have an advantage in
price, and in speed of access. (I requested a copy directly from the
author by email, and got it within two hours. If, for example, you
are in a boot camp course situation, you may need all the help you can
get, quickly.)
copyright Robert M. Slade, 2005 BKCISPEN.RVW 20050330
====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@sun.soci.niu.edu
You see things; and you say, 'Why?' But I dream things that never
were, and I say, 'Why not?' - George Bernard Shaw
http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade
________________________________________________________________________
________________________________________________________________________
Message: 2
Date: Tue, 10 May 2005 15:06:31 +0100 (BST)
From: Nishidhdha <nishidhdha@yahoo.com>
Subject: common criteria evalution criteria
Hi All,
I was going thru common criteria approved product on following URL
http://www.commoncriteriaportal.org/public/developer/index.php?menu=6&orderi
ndex=1&showcatagories=-2
here i found that only very products got EVAL Level 5 and none of the
product got Level 6 or 7
Is there any specific reason for the same? here cost is a factor or Level 6
and 7 is impossible to achieve
Pls guide me, if you have any idea
Thanks and Regards,
Nishi
Yahoo! India Matrimony: Find your partner online.
[This message contained attachments]
________________________________________________________________________
________________________________________________________________________
Message: 3
Date: Fri, 6 May 2005 22:21:37 -0500
From: "Clement Dupuis" <cdupuis@cccure.org>
Subject: RE: Symmetric Key and authentication.
I think the following describe MAC very well:
Data associated with an authenticated message that allows a receiver to
verify the integrity of the message. (Glossary of INFOSEC and INFOSEC
Related Terms - Idaho State University).
www.hipaabasics.com/glossary.htm
A Message Authentication Code is a one-way hash computed from a message and
some secret data. It is difficult to forge without knowing the secret data.
Its purpose is to detect if the message has been altered.
www.zvon.org/tmRFC/RFC2246/Output/chapter12.html
in a payment system, a code used to validate the source of integrity of the
message.
www.gbc.hu/english/bszotare3.htm
In cryptography, a message authentication code (MAC) is a short piece of
information used to authenticate a message. A MAC algorithm (sometimes
termed a keyed hash function) accepts as input a secret key as well as the
message, and produces a MAC (sometimes known as a tag). The MAC protects
both a message's integrity?by ensuring that a different MAC will be produced
if the message has changed?as well as its authenticity?because only someone
who knows the secret key could have
en.wikipedia.org/wiki/Message_authentication_code
Best regards
Clement
-----Original Message-----
From: CISSP-Discuss@yahoogroups.com [mailto:CISSP-Discuss@yahoogroups.com]
On Behalf Of Manish Bajaj
Sent: Monday, May 09, 2005 11:45 AM
To: Roshan Mani
Cc: Vijay Kumar; CISSP-Discuss@yahoogroups.com
Subject: Re: [CISSP-D] Symmetric Key and authentication.
You can achieve non-repudiation only thru Asymmetric encryption. It is
so because only PKI provides you with a private key that only you are
supposed to have. It is not shared with any other entity and nobody
can claim to have send a message on your behalf... which is the crux
of non repudiation.
If authenticaton is the only issue, then you have can work with either.
Yahoo! Groups Links
--
No virus found in this incoming message.
Checked by AVG Anti-Virus.
Version: 7.0.308 / Virus Database: 266.11.5 - Release Date: 5/4/2005
--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.308 / Virus Database: 266.11.5 - Release Date: 5/4/2005
________________________________________________________________________
________________________________________________________________________
Message: 4
Date: Tue, 17 May 2005 06:50:10 -0400
From: Fritz Ames <fritzames@earthlink.net>
Subject: Re: System-high security mode vs Compartmented security mode
Rand,
Try going through Doug's great response again until you can pass his
little "test" at the end. ALL of the terms are confusing until you
really buy into their distinctions. Think about the general uses of the
terms "threat," "vulnerability," and "risk," and how they're hard for
people without risk-management experience to distinguish *clearly*--but
the distinctions mean a lot to *you.* The same thing here...
You want "Classified" and "Top Secret" to be the extent of the puzzle,
but that is just a hierarchical component of the label--the security
level. Everyone with a SECRET clearance is not allowed to see ALL
SECRET information! Think of it this way: You have a personal
secret--about finance, for example. Let's call the "level" something
like "YOUR SECRET." Now assume that you then share that secret with two
people you trust to not spread that secret. Those people have
compartmented information at "YOUR SECRET" level. If you have another
secret (let's say this is about your love life) and you tell that to two
people--and one of those people is in the group of two people who know
your first secret, you have another compartment. If you were to print
paper labels to stick to the information in their heads you could label
the information "YOUR SECRET" *and* "finance," while the other is "YOUR
SECRET" *and* "Love." The labels tell how sensitive it is, and *also*
what group has access (the people with whom you share finance
information versus the group with which you share your Don Juan side).
If the people whom you have trusted with your information don't respect
the "compartments" they will share information with each other. If they
don't respect the "level" then they will share the information with
*anyone*.
In this case of personal information it is only one person who will get
information that you didn't want to get out--the one who wasn't in both
"compartments." Now think of national-level classified information! If
all classified information at the SECRET level was stored on one big
system with NO compartmentalization then one bad apple accessing a
system could make quite a mess!!!
Keep plugging away...
--Fritz
Rand wrote:
Still confuses the heck out of me.I think the terms themselves are to
blame. "System-high", "Compartmentalized" are just more terms to
comprehend, but in reality, using "Classified" or "Top Secret", etc.
will work just as well. Hence, saying someone has "system-high" status
can be put in this manner: this person has "full clearance" to all
systems... It's just semantics as far as I'm concerned. Let's hear some
more enlightening opinions from experienced CISSP's. I'm still a grunt...
Thanx,
Rand
On 5/15/05, Doug Landoll <dlandoll@veridyn.com
<mailto:dlandoll@veridyn.com>> wrote:
I believe some clarification is in order. To understand these
definitions you must clearly understand security labels and levels.
This is something most all CISSP books and classes gloss over. A
short tutorial follows:
1) a security LABEL is composed of both a level and a compartment
(sometimes called category or formal need to know).
a) the level is the hierarchical part of the label. i.e., Top
Secret > Secret > Confidential > Unclassified
b) the compartment is the non-hierarchical part of the label.
i.e., "Project Alpha", "Project Beta" these are simply members of
the compartment "set" and each person is either 'read onto the
program' or not. If you have been determined to have formal need to
know for "Project Alpha" information then you are read onto that
program.
c) The security label will then look like this Level:Compartment.
ie. Top Secret - Project Alpha, Secret, etc.
[That is a rather quick overview - if you still need help look up
the terms "dominance" and "non-comparable" labels.
2) When systems are deployed with sensitive information and those
systems are accessed by personnel with or without clearances, there
is a level of risk in these systems based on the difference between
the lowest cleared user and the most sensitive information. For
example, a system with SECRET cleared users and SECRET information
(no categories) is a low risk system, wereas a system with SECRET
information and UNCLASSIFIED users is a higher risk system.
3) The US Government has names for the different levels of risk in
systems based on the difference between the lowest cleared user and
the most sensitive information. These are defined as
a) System High (everybody is cleared for everything - not even
DAC-based NTK).
b) Dedicated (everybody is cleared for all labeled information,
but DAC controls are required - think personal records)
c) Compartmented Mode (everybody is cleared to the highest LEVEL
but may not have been read onto all categories - this means that MAC-
level enforcement is required. This is a big deal since many OSs do
not have MAC-based access control).
d) Multi-level System (not everybody has been cleared to the
highest LEVEL. This also means MAC control is required but there is
a higher risk. For example, there could be SECRET users and TOP
SECRET information.)
You have mastered this concept when you clearly understand the
following:
- difference between a label and a level and a compartment
- hierarchical vs. non-hierarchical
- domination, non-comparable labels
- NTK vs. Formal NTK
Good Luck,
Doug Landoll, CISSP, CISA
President, Veridyn Inc.
(512) 310-2228
--- In CISSP-Discuss@yahoogroups.com
<mailto:CISSP-Discuss@yahoogroups.com>, "Dave Sims" < davesims2@c...>
wrote:
I think your definitions are slightly skewed.
Compartmentalized security is based on need to know "Regardless"
of security level. An example might be My security rating is higher
than yours, but I am not allowed access to information stored in
your compartment because I don't work on that project, or need to
know about it.
Using need to know in system-high is somewhat confusing. System-
high mode is more a certification of the system, than the user.
This is another definition I Googled for you.
system high mode: [An] information system (IS) security mode of
operation wherein each user, with direct or indirect access to the
information system (IS), its peripherals, remote terminals, or
remote hosts, has all of the following: (a) valid security clearance
for all information within an IS; (b) formal access approval and
signed nondisclosure agreements for all the information stored
and/or processed (including all compartments, subcompartments and/or
special access programs); and (c) valid need-to-know for some of the
information contained within the IS. [INFOSEC-99]
Meaning to me that the system meets System-high parameters, and
you could still have compartmentalized security. I am not
absolutely certain on this and would welcome some more guidance from
someone else on the list.
Thanks
Dave
----------------------------------------------------------------------
--
Yahoo! Groups Links
* To visit your group on the web, go to:
http://groups.yahoo.com/group/CISSP-Discuss/
* To unsubscribe from this group, send an email to:
CISSP-Discuss-unsubscribe@yahoogroups.com
<mailto:CISSP-Discuss-unsubscribe@yahoogroups.com?subject=Unsubscribe>
* Your use of Yahoo! Groups is subject to the Yahoo! Terms of
Service <http://docs.yahoo.com/info/terms/>.
--
----------------------
Rand
~~~~~~~~~~~
Four wheels move the body. Two wheels move the soul.
------------------------------------------------------------------------
Yahoo! Groups Links
* To visit your group on the web, go to:
http://groups.yahoo.com/group/CISSP-Discuss/
* To unsubscribe from this group, send an email to:
CISSP-Discuss-unsubscribe@yahoogroups.com
<mailto:CISSP-Discuss-unsubscribe@yahoogroups.com?subject=Unsubscribe>
* Your use of Yahoo! Groups is subject to the Yahoo! Terms of
Service <http://docs.yahoo.com/info/terms/>.
__________ NOD32 1.992 (20050205) Information __________
This message was checked by NOD32 antivirus system.
http://www.nod32.com
________________________________________________________________________
________________________________________________________________________
Message: 5
Date: Sun, 15 May 2005 05:57:59 -0000
From: "Doug Landoll" <dlandoll@veridyn.com>
Subject: Re: Symmetric Key and authentication.
Symmetric Key Cryptography provides confidentiality, authentication,
and integrity. You can think of authentication in this case as
a "weak" form of authentication for the following reasons:
Basis: only the Alice AND Bob know the key to encrypt or decrypt the
message.
1) So if Bob is able to decrypt the message then the Bob knows it
came from Alice since he knows he did not send it.
2) Bob cannot prove to anyone else (say Clyde) that the message came
from Alice since any such message could have been produced by either
Alice or Bob. This later case is referred to as non-repudiation.
Asymmetric cryptography CAN provide encryption (confidentiality and
integrity), authentication, key exchange, and non-repudiation.
Basis: A message encrypted by Alice (in Alice's private key) can be
decrypted by anybody (from Alice's public) key, but only could have
been encrypted by Alice (since Alice's public key decrypts the
message).
a) The receiver of Alice's message (Bob) can show the still
encrypted message to anybody, who can then independently verify the
message came from Alice (by decrypting the message using Alice's
public key).
The Shon Harris book glosses over the difference
between "authentication" (in the symmetric crypto sense) and non-
repudiation. Also be careful about the information in a lot of these
books regarding the capabilities of the various assymetric
algorithms. A couple of key points are as follows:
D-H: key exchange only
El Gamal: Key Exchange, Encryption (C and I), and Non-repudiation
RSA: Key Exchange, Encryption (C and I), and Non-repudiation
Regards,
Doug Landoll, CISSP, CISA
President, Veridyn Inc
(512) 310-2228
--- In CISSP-Discuss@yahoogroups.com, Vijay Kumar <vijaychhipa@y...>
wrote:
Manish
Your comments are in-line with what is logical. However the Shon
Harris
book mentioned that authentication can not be had with Symmetric
only encryption.
________________________________________________________________________
________________________________________________________________________
Message: 6
Date: Wed, 11 May 2005 14:09:27 -0000
From: "email2mno" <email2mno@yahoo.com>
Subject: Re: question on studying
Hi
Your plan seems to be nice one and I will follow it. I am planning to
take the exam in August.
Thanks
________________________________________________________________________
________________________________________________________________________
Message: 7
Date: Fri, 20 May 2005 04:25:27 -0000
From: "Doug Landoll" <dlandoll@veridyn.com>
Subject: Re: Symmetric Key and authentication.
Be careful this is a bad approach to preparing for the CISSP exam.
The CISSP prep books out there are a great tool for CISSP candidates
and the books consolidate a lot of information. However, they are
not free of errors. Do not rely on an answer just because it is in a
book.
Symmetric encryption can provide authentication but only to the
other party in the transaction. i.e., if you and I share a key and i
receive a message encrypted in that key, then I KNOW it came from
you. However, I cannot take that message and show it to someone else
and convince them that the message came from you (since either you
OR I could have encrypted it.)
This second type of authentication is called non-repudiation and can
only be performed through asymetric encryption.
Note: Not all asymetric encryption can enforce non-repudiation. For
example, Diffie-Hellman algorithm was designed for key exchange only
and does not provide non-repudiation. (It was the El Gamal algorithm
that extended D-H to provide non-repudiation.
--- In CISSP-Discuss@yahoogroups.com, Vijay Kumar <vijaychhipa@y...>
wrote:
Manish
Your comments are in-line with what is logical. However the Shon
Harris
book mentioned that authentication can not be had with Symmetric
only encryption.
________________________________________________________________________
________________________________________________________________________
Message: 8
Date: Tue, 17 May 2005 08:34:51 -0400
From: "Connelly, Thomas J." <Thomas_J._Connelly@oa.eop.gov>
Subject: RE: System-high security mode vs Compartmented security mode
Rand,
I think part of the problem you are having is keeping all the
definitions straight. The terms "Classified" or "Top Secret won't work
just as well. System High and Compartmentalized are describing how the
systems operate, where as Classified or Top Secret apply toward the
level of protection that must be afforded information.
Consider the computer system where you probably work. It most likely
operates in System High mode of operation. All the information it
processes is unclassified (I'm assuming), You have a formal access
approval and signed nondisclosure agreements for all information, but
not the need to know for all information (i.e., you don't know how much
your boss is making, and can't see his information in the accounting
department).
For Compartmented, if Secret is the highest classification processed by
the system, everyone must have a secret clearance, a formal access
approval and signed nondisclosure agreements for all information, but
you will only have access to that information which you have a need to
know.
The main difference between the two is that in System High, there may be
information that you do not have a valid need to know, but you have the
ability to gain access to it (e.g., your not working on your coworkers
project, but you have access to his information). For compartmented,
you are only given access to that information that you have that need to
know (your not working on your coworkers project, and you don't have
access to his information).
I've put the definitions and links to my sources below.
I hope this helps.
Tom
From the CNSSI INFOSEC Glossary:
Classified information: Information that has been determined pursuant to
Executive Order 12958 or any predecessor Order, or by the Atomic Energy
Act of 1954, as amended, to require protection against unauthorized
disclosure and is marked to indicate its classified status.
http://www.cnss.gov/Assets/pdf/cnssi_4009.pdf
From the Department of Defense 8510.1-M DoD Information Technology
Security Certification and Accreditation Process (DITSCAP) Manual:
Dedicated Mode. IS security mode of operation wherein each user, with
direct or indirect access to the system, its peripherals, remote
terminals, or remote hosts, has all of the following:
* Valid security clearance for all information within the system;
* Formal access approval and signed nondisclosure agreements for
all the information stored and/or processed (including all compartments
and/or special access programs); and
* Valid need-to-know for all information contained within the IS.
When in the dedicated security mode, a system is specifically and
exclusively dedicated to and controlled for the processing of one
particular type or classification of information, either for full-time
operation or for a specified period of time.
System High Mode. IS security mode of operation wherein each user, with
direct or indirect access to the IS, its peripherals, remote terminals,
or remote hosts, has all of the following:
* Valid security clearance for all information within an IS;
* Formal access approval and signed nondisclosure agreements for
all the information stored and/or processed (including all compartments
and/or special access programs); and
* Valid need-to-know for some of the information contained within
the IS.
Compartmented Mode. INFOSEC mode of operation wherein each user with
direct or indirect access to a system, its peripherals, remote
terminals, or remote hosts has all the following:
* Valid security clearance for the most restricted information
processed in the system;
* Formal access approval and signed nondisclosure agreements for
that information which a user is to have access; and
* Valid need-to-know for information which a user is to have
access.
Multilevel Mode. INFOSEC mode of operation wherein all the following
statements are satisfied concerning the users who have direct or
indirect access to the system, its peripherals, remote terminals, or
remote hosts:
* Some users do not have a valid security clearance for all the
information processed in the IS;
* All users have the proper security clearance and appropriate
formal access approval for that information to which they have access;
and
* All users have a valid need-to-know only for information for
which they have access.
http://www.dtic.mil/whs/directives/corres/pdf/85101m_0700/p85101m.pdf
_____
From: CISSP-Discuss@yahoogroups.com
[mailto:CISSP-Discuss@yahoogroups.com] On Behalf Of Rand
Sent: Monday, May 16, 2005 4:30 PM
To: Doug Landoll
Cc: CISSP-Discuss@yahoogroups.com
Subject: Re: [CISSP-D] System-high security mode vs Compartmented
security mode
Still confuses the heck out of me.I think the terms themselves are to
blame. "System-high", "Compartmentalized" are just more terms to
comprehend, but in reality, using "Classified" or "Top Secret", etc.
will work just as well. Hence, saying someone has "system-high" status
can be put in this manner: this person has "full clearance" to all
systems... It's just semantics as far as I'm concerned. Let's hear some
more enlightening opinions from experienced CISSP's. I'm still a
grunt...
Thanx,
Rand
On 5/15/05, Doug Landoll <dlandoll@veridyn.com> wrote:
I believe some clarification is in order. To understand these
definitions you must clearly understand security labels and levels.
This is something most all CISSP books and classes gloss over. A
short tutorial follows:
1) a security LABEL is composed of both a level and a compartment
(sometimes called category or formal need to know).
a) the level is the hierarchical part of the label. i.e., Top
Secret > Secret > Confidential > Unclassified
b) the compartment is the non-hierarchical part of the label.
i.e., "Project Alpha", "Project Beta" these are simply members of
the compartment "set" and each person is either 'read onto the
program' or not. If you have been determined to have formal need to
know for "Project Alpha" information then you are read onto that
program.
c) The security label will then look like this Level:Compartment.
ie. Top Secret - Project Alpha, Secret, etc.
[That is a rather quick overview - if you still need help look up
the terms "dominance" and "non-comparable" labels.
2) When systems are deployed with sensitive information and those
systems are accessed by personnel with or without clearances, there
is a level of risk in these systems based on the difference between
the lowest cleared user and the most sensitive information. For
example, a system with SECRET cleared users and SECRET information
(no categories) is a low risk system, wereas a system with SECRET
information and UNCLASSIFIED users is a higher risk system.
3) The US Government has names for the different levels of risk in
systems based on the difference between the lowest cleared user and
the most sensitive information. These are defined as
a) System High (everybody is cleared for everything - not even
DAC-based NTK).
b) Dedicated (everybody is cleared for all labeled information,
but DAC controls are required - think personal records)
c) Compartmented Mode (everybody is cleared to the highest LEVEL
but may not have been read onto all categories - this means that MAC-
level enforcement is required. This is a big deal since many OSs do
not have MAC-based access control).
d) Multi-level System (not everybody has been cleared to the
highest LEVEL. This also means MAC control is required but there is
a higher risk. For example, there could be SECRET users and TOP
SECRET information.)
You have mastered this concept when you clearly understand the
following:
- difference between a label and a level and a compartment
- hierarchical vs. non-hierarchical
- domination, non-comparable labels
- NTK vs. Formal NTK
Good Luck,
Doug Landoll, CISSP, CISA
President, Veridyn Inc.
(512) 310-2228
--- In CISSP-Discuss@yahoogroups.com, "Dave Sims" < davesims2@c...>
wrote:
I think your definitions are slightly skewed.
Compartmentalized security is based on need to know "Regardless"
of security level. An example might be My security rating is higher
than yours, but I am not allowed access to information stored in
your compartment because I don't work on that project, or need to
know about it.
Using need to know in system-high is somewhat confusing. System-
high mode is more a certification of the system, than the user.
This is another definition I Googled for you.
system high mode: [An] information system (IS) security mode of
operation wherein each user, with direct or indirect access to the
information system (IS), its peripherals, remote terminals, or
remote hosts, has all of the following: (a) valid security clearance
for all information within an IS; (b) formal access approval and
signed nondisclosure agreements for all the information stored
and/or processed (including all compartments, subcompartments and/or
special access programs); and (c) valid need-to-know for some of the
information contained within the IS. [INFOSEC-99]
Meaning to me that the system meets System-high parameters, and
you could still have compartmentalized security. I am not
absolutely certain on this and would welcome some more guidance from
someone else on the list.
Thanks
Dave
_____
Yahoo! Groups Links
* To visit your group on the web, go to:
http://groups.yahoo.com/group/CISSP-Discuss/
* To unsubscribe from this group, send an email to:
CISSP-Discuss-unsubscribe@yahoogroups.com
<mailto:CISSP-Discuss-unsubscribe@yahoogroups.com?subject=Unsubscribe>
* Your use of Yahoo! Groups is subject to the Yahoo! Terms of
Service <http://docs.yahoo.com/info/terms/> .
--
----------------------
Rand
~~~~~~~~~~~
Four wheels move the body. Two wheels move the soul.
_____
Yahoo! Groups Links
* To visit your group on the web, go to:
http://groups.yahoo.com/group/CISSP-Discuss/
* To unsubscribe from this group, send an email to:
CISSP-Discuss-unsubscribe@yahoogroups.com
<mailto:CISSP-Discuss-unsubscribe@yahoogroups.com?subject=Unsubscribe>
* Your use of Yahoo! Groups is subject to the Yahoo! Terms of
Service <http://docs.yahoo.com/info/terms/> .
[This message contained attachments]
________________________________________________________________________
________________________________________________________________________
Message: 9
Date: Wed, 18 May 2005 08:16:34 -0000
From: "snoopytbi" <snoopytbi@yahoo.fr>
Subject: book review
hi,
what is the best book, to your opinion, to prepare CISSP exam?
For frenchmen : is there a french edition?
Thanks,
________________________________________________________________________
________________________________________________________________________
------------------------------------------------------------------------
Yahoo! Groups Links
------------------------------------------------------------------------
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/CISSP-Discuss/
<*> To unsubscribe from this group, send an email to:
CISSP-Discuss-unsubscribe@yahoogroups.com
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
