User involvement in system specification and acceptance

Effective user involvement is the most critical factor in ensuring that the
application meets business objectives.
A great way of getting early input from the user community is by using Prototyping. The
prototyping method was formally introduced in the early 1980s to combat the perceived
weaknesses of the waterfall model with regard to the speed of development. The objective
is to build a simplified version (prototype) of the application, release it for review, and use
the feedback from the users’ review to build a second, better version.
This is repeated until the users are satisfied with the product. t is a four-step process:
initial concept,
design and implement initial prototype,
refine prototype until acceptable, and
complete and release final version.
There is also the Modified Prototype Model (MPM. This is a form of prototyping that is ideal
for Web application development. It allows for the basic functionality of a desired system or
component to be formally deployed in a quick time frame. The maintenance phase is set to
begin after the deployment. The goal is to have the process be flexible enough so the
application is not based on the state of the organization at any given time. As the
organization grows and the environment changes, the application evolves with it, rather
than being frozen in time.
Reference(s) used for this question:
Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third
Edition ((ISC)2 Press) (Kindle Locations 12101-12108 and 12099-12101). Auerbach
Publications. Kindle Edition.
and
Information Systems Audit and Control Association, Certified Information Systems Auditor
2002 review manual, chapter 6: Business Application System Development, Acquisition,
Implementation and Maintenance (page 296).

Accreditation

Accreditation is the authorization by management to implement software or
systems in a production environment. This authorization may be either provisional or full.
The following are incorrect answers:
Certification is incorrect. Certification is the process of evaluating the security stance of the
software or system against a selected set of standards or policies. Certification is the
technical evaluation of a product. This may precede accreditation but is not a required
precursor.
Acceptance is incorrect. This term is sometimes used as the recognition that a piece of
software or system has met a set of functional or service level criteria (the new payroll
system has passed its acceptance test). Certification is the better tem in this context.
Evaluation is incorrect. Evaluation is certainly a part of the certification process but it is not
the best answer to the question.
Reference(s) used for this question:
The Official Study Guide to the CBK from ISC2, pages 559-560
AIO3, pp. 314 - 317
AIOv4 Security Architecture and Design (pages 369 - 372)
AIOv5 Security Architecture and Design (pages 370 - 372)

The test plan and results should be retained as part of the system's permanent
documentation.

A bottom-up approach to testing begins testing of atomic units, such as
programs or modules, and works upwards until a complete system testing has taken place.
It allows errors in critical modules to be found early. A top-down approach allows for early
detection of interface errors and raises confidence in the system, as programmers and
users actually see a working system. White box testing is predicated on a close
examination of procedural detail. Black box testing examines some aspect of the system
with little regard for the internal logical structure of the software.
Source: Information Systems Audit and Control Association, Certified Information Systems
Auditor 2002 review manual, Chapter 6: Business Application System Development,
Acquisition, Implementation and Maintenance (page 300).
Top Down Testing: An approach to integration testing where the component at the top of
the component hierarchy is tested first, with lower level components being simulated by
stubs. Tested components are then used to test lower level components. The process is
repeated until the lowest level components have been tested.
Bottom Up Testing: An approach to integration testing where the lowest level components
are tested first, then used to facilitate the testing of higher level components. The process
is repeated until the component at the top of the hierarchy is tested.
Black Box Testing: Testing based on an analysis of the specification of a piece of software
without reference to its internal workings. The goal is to test how well the component
conforms to the published requirements for the component.

Acceptance

Acceptance confirms that users’ needs have been met by the supplied
solution. Verification and Validation informs Acceptance by establishing the evidence – set
against acceptance criteria - to determine if the solution meets the users’ needs.
Acceptance should also explicitly address any integration or interoperability requirements
involving other equipment or systems. To enable acceptance every user and system
requirement must have a 'testable' characteristic.
Accreditation is the formal acceptance of security, adequacy, authorization for operation
and acceptance of existing risk. Accreditation is the formal declaration by a Designated
Approving Authority (DAA) that an IS is approved to operate in a particular security mode
using a prescribed set of safeguards to an acceptable level of risk.
Certification is the formal testing of security safeguards and assurance is the degree of
confidence that the implemented security measures work as intended. The certification is a
Comprehensive evaluation of the technical and nontechnical security features of an IS and
other safeguards, made in support of the accreditation process, to establish the extent to
which a particular design and implementation meets a set of specified ecurity requirements.
Assurance is the descriptions of the measures taken during development and evaluation of
the product to assure compliance with the claimed security functionality. For example, an
evaluation may require that all source code is kept in a change management system, or
that full functional testing is performed. The Common Criteria provides a catalogue of
these, and the requirements may vary from one evaluation to the next. The requirements
for particular targets or types of products are documented in the Security Targets (ST) and
Protection Profiles (PP), respectively.
Source: ROTHKE, Ben, CISSP CBK Review presentation on domain 4, August 1999.
and
Official ISC2 Guide to the CISSP CBK, Second Edition, on page 211.
and
http://www.aof.mod.uk/aofcontent/tactical/randa/content/randaintroduction.htm

Confidentiality

Confidentiality is defined as the property that ensures that only the intended
recipient can access the data and nobody else. It is usually achieve using cryptogrphic
methods, tools, and protocols.
Confidentiality supports the principle of “least privilege” by providing that only authorized
individuals, processes, or systems should have access to information on a need-to-know
basis. The level of access that an authorized individual should have is at the level
necessary for them to do their job. In recent years, much press has been dedicated to the
privacy of information and the need to protect it from individuals, who may be able to
commit crimes by viewing the information. Identity theft is the act of assuming one’s identity
through knowledge of confidential information obtained from various sources.
The following are incorrect answers:
Capability is incorrect. Capability is relevant to access control. Capability-based security is
a concept in the design of secure computing systems, one of the existing security models.
A capability (known in some systems as a key) is a communicable, unforgeable token of
authority. It refers to a value that references an object along with an associated set of
access rights. A user program on a capability-based operating system must use a
capability to access an object. Capability-based security refers to the principle of designing
user programs such that they directly share capabilities with each other according to the
principle of least privilege, and to the operating system infrastructure necessary to make
such transactions efficient and secure.
Integrity is incorrect. Integrity protects information from unauthorized modification or loss.
Availability is incorrect. Availability assures that information and services are available for
use by authorized entities according to the service level objective.
Reference(s) used for this question:
Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third
Edition ((ISC)2 Press) (Kindle Locations 9345-9349). Auerbach Publications. Kindle
Edition.
http://en.wikipedia.org/wiki/Capability-based_security

Control modifications to system hardware in order to prevent resource changes

Configuration management isn't about preventing change but ensuring the
integrity of IT resources by preventing unauthorised or improper changes.
According to the Official ISC2 guide to the CISSP exam, a good CM process is one that
can:
(1) accommodate change;
(2) accommodate the reuse of proven standards and best practices;
(3) ensure that all requirements remain clear, concise, and valid;
(4) ensure changes, standards, and requirements are communicated promptly and
precisely; and
(5) ensure that the results conform to each instance of the product.
Configuration management
Configuration management (CM) is the detailed recording and updating of information that
describes an enterprise's computer systems and networks, including all hardware and
software components. Such information typically includes the versions and updates that
have been applied to installed software packages and the locations and network addresses
of hardware devices. Special configuration management software is available. When a
system needs a hardware or software upgrade, a computer technician can accesses the
configuration management program and database to see what is currently installed. The
technician can then make a more informed decision about the upgrade needed.
An advantage of a configuration management application is that the entire collection of systems can be reviewed to make sure any changes made to one system do not adversely
affect any of the other systems
Configuration management is also used in software development, where it is called Unified
Configuration Management (UCM). Using UCM, developers can keep track of the source
code, documentation, problems, changes requested, and changes made.
Change management
In a computer system environment, change management refers to a systematic approach
to keeping track of the details of the system (for example, what operating system release is
running on each computer and which fixes have been applied).

 Management

Management is responsible for protecting all assets that are directly or
indirectly under their control.
They must ensure that employees understand their obligations to protect the company's
assets, and implement security in accordance with the company policy. Finally,
management is responsible for initiating corrective actions when there are security
violations.
Source: HARE, Chris, Security management Practices CISSP Open Study Guide, version
1.0, april 1999

The correct answer is "control evaluator & consultant". During any system
development or acquisition, the security staff should evaluate security controls and advise
(or consult) on the strengths and weaknesses with those responsible for making the final
decisions on the project.
The other answers are not correct because:
policeman - It is never a good idea for the security staff to be placed into this type of role
(though it is sometimes unavoidable). During system development or acquisition, there
should be no need of anyone filling the role of policeman.
data owner - In this case, the data owner would be the person asking for the new system to
manage, control, and secure information they are responsible for. While it is possible the
security staff could also be the data owner for such a project if they happen to have
responsibility for the information, it is also possible someone else would fill this role.
Therefore, the best answer remains "control evaluator & consultant".
application user - Again, it is possible this could be the security staff, but it could also be
many other people or groups. So this is not the best answer.
Reference:
Official ISC2 Guide page: 555 - 560
All in One Third Edition page: 832 - 846

Limiting the local access of operations personnel

The questions specifically said: "within a different function" which eliminate
Job Rotation as a choice.
Management monitoring of audit logs is a detective control and it would not prevent
collusion.
Changing passwords regularly would not prevent such attack.
This question validates if you understand the concept of separation of duties and least
privilege. By having operators that have only the minimum access level they need and only
what they need to do their duties within a company, the operations personnel would be
force to use collusion to defeat those security mechanism.
Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.

 integrity

Integrity is the guarantee that the message sent is the message received,
and that the message was not intentionally or unintentionally altered.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering theTen Domains of Computer Security, 2001, John Wiley & Sons, Page 60.

 Multiprocessing

A system with multiple processors is called a multiprocessing system.
Multitasking is incorrect. Multitasking involves sharing the processor amoung all ready
processes. Though it appears to the user that multiple processes are executing at the
same time, only one process is running at any point in time.
Multithreading is incorrect. The developer can structure a program as a collection of
independent threads to achieve better concurrency. For example, one thread of a program
might be performing a calculation while another is waiting for additional input from the user.
"Parallel running" is incorrect. This is not a real term and is just a distraction.
References:
CBK, pp. 315-316
AIO3, pp. 234 - 239

Prototype systems can provide significant time and cost savings.

Prototype systems can provide significant time and cost savings, however
they also have several disadvantages. They often have poor internal controls, change
control becomes much more complicated and it often leads to functions or extras being
added to the system that were not originally intended.
Source: Information Systems Audit and Control Association, Certified Information Systems
Auditor 2002 review manual, chapter 6: Business Application System Development,
Acquisition, Implementation and Maintenance (page 306).