Everything that should be captured in a security policy (tool that shows how info is secured and protected) is listed below straight from the CISSP exam guide. I felt the need to include this list here as a visual for potential study notes in case I want to someday take the exam, as I feel they are important enough to reiterate.
1. Acces control based OS id discretionary
2. Role based access control is provided
3. Data can be classified public and confidential or private
4. No unauthorized access allowed
5. Separation of duties is enforced
6. Auditing is capable of being performed
7. Trusted paths are there for activity processing
8. Identification, authentication, and authorization are used properly
9. Capability based authentication methodology is used
10. No covert channels allowed
11. Contains integrity on files that are considered critical
Multi-Level Security policy - Subject security >= object classification
No comments:
Post a Comment