tailieunhanh - Hack Attacks Revealed A Complete Reference with Custom Security Hacking Toolkit phần 2
cấp dưới, cho phù hợp; "(4) đào tạo an ninh cao nhận thức để thông báo cho nhân viên, kể cả nhà thầu và người sử dụng khác của hệ thống thông tin hỗ trợ các hoạt động và tài sản của cơ quan, "(A) rủi ro an ninh thông tin liên quan đến hoạt động của mình; và" (B) trách nhiệm của họ trong việc tuân thủ | TCB services. The mere repetition of test conditions defined for other TCB primitives may not be adequate for some services. Conditions for protection of audit and authentication data. Because both audit and authentication mechanisms and data are protected by the TCB the test conditions for the protection of these mechanisms and their data are similar to those that show that the TCB protection mechanisms are tamperproof and noncircumventable. For example these conditions show that neither privileged TCB primitives nor audit and user authentication files are accessible to regular users. Test Coverage Although class C1 test coverage suggests that each test condition be implemented for each type of object coverage of resource-specific test conditions also requires that each test condition be included for each type of service whenever the test condition is relevant to a service . For example the test conditions that show that direct access to a shared printer is denied to a user will be repeated for a shared tape drive with appropriate modification of test data . test environments setup test parameters and outcomes . Security Class B1 Test Condition Generation The objectives of security testing shall be to uncover all design and implementation flaws that would permit a subject external to the TCB to read change or delete data normally denied under the mandatory or discretionary security policy enforced by the TCB as well as to ensure that no subject without authorization to do so is able to cause the TCB to enter a state such that it is unable to respond to communications initiated by other users TCSEC Part I Section . The security-testing requirements of class B1 are more extensive than those of either class C1 or C2 both in test condition generation and in coverage analysis. The source of test conditions referring to users access to data includes the mandatory and discretionary policies implemented by the TCB. These policies are defined by an informal policy .
đang nạp các trang xem trước