tailieunhanh - The CISSP Prep Guide Gold Edition phần 4
b. Có nhân viên thường xuyên thay đổi trong một tổ chức. c. Quy định là cần thiết để xác định độ thanh thải. d. Thông tin an ninh phải được sử dụng. 22. Mức cắt được sử dụng đối với: a Hạn chế số lượng của các chữ cái trong một mật khẩu. b. Thiết lập các ngưỡng cho các biến điện áp. c. Giảm số lượng dữ liệu được đánh giá | Security Architecture and Models 265 ance to operate the system must be capable of detecting that a fault has occurred and the system must then have the capability to correct the fault or operate around it. In a failsafe system program execution is terminated and the system is protected from being compromised when a hardware or software failure occurs and is detected. In a system that is fail soft or resilient selected non-critical processing is terminated when a hardware or software failure occurs and is detected. The computer or network then continues to function in a degraded mode. The term failover refers to switching to a duplicate hot backup component in real time when a hardware or software failure occurs which enables the system to continue processing. A cold start occurs in a system when there is a TCB or media failure and the recovery procedures cannot return the system to a known reliable secure state. In this case the TCB and portions of the software and data might be inconsistent and require external intervention. At that time the maintenance mode of the system usually has to be employed. Assurance Assurance is simply defined as the degree of confidence in satisfaction of security needs. The following sections summarize guidelines and standards that have been developed to evaluate and accept the assurance aspects of a system. Evaluation Criteria In 1985 the Trusted Computer System Evaluation Criteria TCSEC was developed by the National Computer Security Center NCSC to provide guidelines for evaluating vendors products for the specified security criteria. TCSEC provides the following A basis for establishing security requirements in the acquisition specifications A standard of the security services that should be provided by vendors for the different classes of security requirements A means to measure the trustworthiness of an information system The TCSEC document called the Orange Book because of its color is part of a series of guidelines with covers
đang nạp các trang xem trước