disclosure

Confidentiality is the opposite of disclosure.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the
Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 59.

Data mining

Data mining is used to reveal hidden relationships, patterns and trends by
running queries on large data stores.
Data mining is the act of collecting and analyzing large quantities of information to
determine patterns of use or behavior and use those patterns to form conclusions about
past, current, or future behavior. Data mining is typically used by large organizations with
large databases of customer or consumer behavior. Retail and credit companies will use
data mining to identify buying patterns or trends in geographies, age groups, products, or
services. Data mining is essentially the statistical analysis of general information in the
absence of specific data.
The following are incorrect answers:
They are incorrect as they all apply to Protecting Objects and the data within them.
Layering, abstraction and data hiding are related concepts that can work together to
produce modular software that implements an organizations security policies and is more
reliable in operation.
Layering is incorrect. Layering assigns specific functions to each layer and communication
between layers is only possible through well-defined interfaces. This helps preclude
tampering in violation of security policy. In computer programming, layering is the
organization of programming into separate functional components that interact in some
sequential and hierarchical way, with each layer usually having an interface only to the
layer above it and the layer below it.
Abstraction is incorrect. Abstraction "hides" the particulars of how an object functions or
stores information and requires the object to be manipulated through well-defined
interfaces that can be designed to enforce security policy. Abstraction involves the removal
of characteristics from an entity in order to easily represent its essential properties.
Data hiding is incorrect. Data hiding conceals the details of information storage and
manipulation within an object by only exposing well defined interfaces to the information
rather than the information itslef. For example, the details of how passwords are stored
could be hidden inside a password object with exposed interfaces such as
check_password, set_password, etc. When a password needs to be verified, the test
password is passed to the check_password method and a boolean (true/false) result is
returned to indicate if the password is correct without revealing any details of how/where the real passwords are stored. Data hiding maintains activities at different security levels to
separate these levels from each other.
The following reference(s) were used for this question:
Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third
Edition ((ISC)2 Press) (Kindle Locations 27535-27540). Auerbach Publications. Kindle
Edition.
and
Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third
Edition ((ISC)2 Press) (Kindle Locations 4269-4273). Auerbach Publications. Kindle
Edition.

Clearing renders information unrecoverable by a keyboard attack and purging renders
information unrecoverable against laboratory attack.

The removal of information from a storage medium is called sanitization.
Different kinds of sanitization provide different levels of protection. A distinction can be
made between clearing information (rendering it unrecoverable by a keyboard attack) and
purging (rendering it unrecoverable against laboratory attack).
There are three general methods of purging media: overwriting, degaussing, and
destruction.
There should be continuous assurance that sensitive information is protected and not
allowed to be placed in a circumstance wherein a possible compromise can occur. There are two primary levels of threat that the protector of information must guard against:
keyboard attack (information scavenging through system software capabilities) and
laboratory attack (information scavenging through laboratory means). Procedures should
be implemented to address these threats before the Automated Information System (AIS)
is procured, and the procedures should be continued throughout the life cycle of the AIS.
Reference(s) use for this question:
SWANSON, Marianne & GUTTMAN, Barbara, National Institute of Standards and
Technology (NIST), NIST Special Publication 800-14, Generally Accepted Principles and
Practices for Securing Information Technology Systems, September 1996 (page 26).
and
A guide to understanding Data Remanence in Automated Information Systems

security

The correct answer to this "security". It is a major factor in deciding if a
centralized or decentralized environment is more appropriate.
Example: In a centralized computing environment, you have a central server and
workstations (often "dumb terminals") access applications, data, and everything else from
that central servers. Therefore, the vast majority of your security resides on a centrally
managed server. In a decentralized (or distributed) environment, you have a collection of
PC's each with their own operating systems to maintain, their own software to maintain,
local data storage requiring protection and backup. You may also have PDA's and "smart
phones", data watches, USB devices of all types able to store data... the list gets longer all
the time.
It is entirely possible to reach a reasonable and acceptable level of security in a distributed environment. But doing so is significantly more difficult, requiring more effort, more money,
and more time.
The other answers are not correct because:
scalability - A distributed computing environment is almost infinitely scalable. Much more so
than a centralized environment. This is therefore a bad answer.
heterogeneity - Having products and systems from multiple vendors in a distributed
environment is significantly easier than in a centralized environment. This would not be a
"challenge of distributed computing solutions" and so is not a good answer.
usability - This is potentially a challenge in either environment, but whether or not this is a
problem has very little to do with whether it is a centralized or distributed environment.
Therefore, this would not be a good answer.
Reference:
Official ISC2 Guide page: 313-314
All in One Third Edition page: (unavailable at this time)

To ensure that program coding flaws are detected and corrected.

Debugging provides the basis for the programmer to correct the logic errors
in a program under development before it goes into production.
Source: Information Systems Audit and Control Association, Certified Information Systems
Auditor 2002 review manual, chapter 6: Business Application System Developmen  Acquisition, Implementation and Maintenance (page 298).

Verification

Verification vs. Validation:
Verification determines if the product accurately represents and meets the specifications. A
product can be developed that does not match the original specifications. This step
ensures that the specifications are properly met.
Validation determines if the product provides the necessary solution intended real-world
problem. In large projects, it is easy to lose sight of overall goal. This exercise ensures that
the main goal of the project is met.
From DITSCAP:
6.3.2. Phase 2, Verification. The Verification phase shall include activities to verify
compliance of the system with previously agreed security requirements. For each life-cycle
development activity, DoD Directive 5000.1 (reference (i)), there is a corresponding set of
security activities, enclosure 3, that shall verify compliance with the security requirements
and evaluate vulnerabilities.
6.3.3. Phase 3, Validation. The Validation phase shall include activities to evaluate the fully
integrated system to validate system operation in a specified computing environment with
an acceptable level of residual risk. Validation shall culminate in an approval to operate.
You must also be familiar with Verification and Validation for the purpose of the exam. A
simple definition for Verification would be whether or not the developers followed the
design specifications along with the security requirements. A simple definition for Validation would be whether or not the final product meets the end user needs and can be use for a
specific purpose.
Wikipedia has an informal description that is currently written as: Validation can be
expressed by the query "Are you building the right thing?" and Verification by "Are you
building it right?
NOTE:
DITSCAP was replaced by DIACAP some time ago (2007). While DITSCAP had defined
both a verification and a validation phase, the DIACAP only has a validation phase. It may
not make a difference in the answer for the exam; however, DIACAP is the cornerstone
policy of DOD C&A and IA efforts today. Be familiar with both terms just in case all of a
sudden the exam becomes updated with the new term.
Reference(s) used for this question:
Harris, Shon (2012-10-18). CISSP All-in-One Exam Guide, 6th Edition (p. 1106). McGraw-
Hill. Kindle Edition.
http://iase.disa.mil/ditscap/DITSCAP.html
https://en.wikipedia.org/wiki/Verification_and_validation
For the definition of "validation" in DIACAP, Click Here
Further sources for the phases in DIACAP, Click Here

A baseline

Baselines provide the minimum level of security necessary throughout the
organization.Standards specify how hardware and software products should be used throughout the
organization.
Procedures are detailed step-by-step instruction on how to achieve certain tasks.
Guidelines are recommendation actions and operational guides to personnel when a
specific standard does not apply.
Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-
Hill/Osborne, 2002, chapter 3: Security Management Practices (page 94).

Multilevel Security Mode

In multilevel mode, two or more classification levels of data exist, some
people are not cleared for all the data on the system.
Risk is higher because sensitive data could be made available to someone not validated as
being capable of maintaining secrecy of that data (i.e., not cleared for it).
In other security modes, all users have the necessary clearance for all data on the system.
Source: LaROSA, Jeanette (domain leader), Application and System Development Security
CISSP Open Study Guide, version 3.0, January 2002.

procedure

Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation

A security domain

A security domain is a domain of trust that shares a single security policy and
single management.
The term security domain just builds upon the definition of domain by adding the fact that
resources within this logical structure (domain) are working under the same security policy
and managed by the same group.
So, a network administrator may put all of the accounting personnel, computers, and
network resources in Domain 1 and all of the management personnel, computers, and
network resources in Domain 2. These items fall into these individual containers because
they not only carry out similar types of business functions, but also, and more importantly,
have the same type of trust level. It is this common trust level that allows entities to be
managed by one single security policy.
The different domains are separated by logical boundaries, such as firewalls with ACLs,
directory services making access decisions, and objects that have their own ACLs
indicating which individuals and groups can carry out operations on them.All of these security mechanisms are examples of components that enforce the security
policy for each domain. Domains can be architected in a hierarchical manner that dictates
the relationship between the different domains and the ways in which subjects within the
different domains can communicate. Subjects can access resources in domains of equal or
lower trust levels.
The following are incorrect answers:
The reference monitor is an abstract machine which must mediate all access to subjects to
objects, be protected from modification, be verifiable as correct, and is always invoked.
Concept that defines a set of design requirements of a reference validation mechanism
(security kernel), which enforces an access control policy over subjects’ (processes, users)
ability to perform operations (read, write, execute) on objects (files, resources) on a
system. The reference monitor components must be small enough to test properly and be
tamperproof.
The security kernel is the hardware, firmware and software elements of a trusted
computing base that implement the reference monitor concept.
The security perimeter includes the security kernel as well as other security-related system
functions that are within the boundary of the trusted computing base. System elements that
are outside of the security perimeter need not be trusted. not every process and resource
falls within the TCB, so some of these components fall outside of an imaginary boundary
referred to as the security perimeter. A security perimeter is a boundary that divides the
trusted from the untrusted. For the system to stay in a secure and trusted state, precise
communication standards must be developed to ensure that when a component within the
TCB needs to communicate with a component outside the TCB, the communication cannot
expose the system to unexpected security compromises. This type of communication is
handled and controlled through interfaces.
Reference(s) used for this question:
Harris, Shon (2012-10-25). CISSP All-in-One Exam Guide, 6th Edition (Kindle Locations
28548-28550). McGraw-Hill. Kindle Edition.
Harris, Shon (2012-10-25). CISSP All-in-One Exam Guide, 6th Edition (Kindle Locations
7873-7877). McGraw-Hill. Kindle Edition.
Harris, Shon (2012-10-25). CISSP All-in-One Exam Guide, 6th Edition , Access Control, Page 214-217
Schneiter, Andrew (2013-04-15). Official (ISC)2 Guide to the CISSP CBK, Third Edition :
Security Architecture and Design (Kindle Locations 1280-1283). . Kindle Edition.
TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.
AIO 6th edition chapter 3 access control page 214-217 defines Security domains.
Reference monitor, Security Kernel, and Security Parameter are defined in Chapter 4,
Security Architecture and Design.

direct addressing

Absolute/Direct
+---+---+-------------------+
| load | reg | address |
+---+---+-------------------+
(Effective address = address as given in instruction)
This requires space in an instruction for quite a large address. It is often available on CISC
machines which have variable-length instructions, such as x86.
Some RISC machines have a special Load Upper Literal instruction which places a 16-bit
constant in the top half of a register. An OR literal instruction can be used to insert a 16-bit
constant in the lower half of that register, so that a full 32-bit address can then be used via
the register-indirect addressing mode, which itself is provided as "base-plus-offset" with an
offset of 0.
http://en.wikipedia.org/wiki/Addressing_mode (Very good coverage of the subject)also see:
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the
Ten Domains of Computer Security, page 186.
also see:
http://www.comsci.us/ic/notes/am.html

Data entry

Under the principle of separation of duties, an operator should not be
performing data entry. This should be left to data entry personnel.
System operators represent a class of users typically found in data center environments
where mainframe systems are used. They provide day-to-day operations of the mainframe
environment, ensuring that scheduled jobs are running effectively and troubleshooting
problems that may arise. They also act as the arms and legs of the mainframe
environment, load and unloading tape and results of job print runs. Operators have
elevated privileges, but less than those of system administrators. If misused, these
privileges may be used to circumvent the system’s security policy. As such, use of these
privileges should be monitored through audit logs.
Some of the privileges and responsibilities assigned to operators include:
Implementing the initial program load: This is used to start the operating system. The boot
process or initial program load of a system is a critical time for ensuring system security.
Interruptions to this process may reduce the integrity of the system or cause the system to
crash, precluding its availability.
Monitoring execution of the system: Operators respond to various events, to include errors,interruptions, and job completion messages.
Volume mounting: This allows the desired application access to the system and its data.
Controlling job flow: Operators can initiate, pause, or terminate programs. This may allow
an operator to affect the scheduling of jobs. Controlling job flow involves the manipulation
of configuration information needed by the system. Operators with the ability to control a
job or application can cause output to be altered or diverted, which can threaten the
confidentiality.
Bypass label processing: This allows the operator to bypass security label information to
run foreign tapes (foreign tapes are those from a different data center that would not be
using the same label format that the system could run). This privilege should be strictly
controlled to prevent unauthorized access.
Renaming and relabeling resources: This is sometimes necessary in the mainframe
environment to allow programs to properly execute. Use of this privilege should be
monitored, as it can allow the unauthorized viewing of sensitive information.
Reassignment of ports and lines: Operators are allowed to reassign ports or lines. If
misused, reassignment can cause program errors, such as sending sensitive output to an
unsecured location. Furthermore, an incidental port may be opened, subjecting the system
to an attack through the creation of a new entry point into the system.
Reference(s) used for this question:
Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third
Edition ((ISC)2 Press) (Kindle Locations 19367-19395). Auerbach Publications. Kindle
Edition.
129
Which of the following should be performed by an operator?
A. Changing profiles
B. Approving changes
C. Adding and removal of users
D. Installing system software
Answer: D
Of the listed tasks, installing system software is the only task that should normally be performed by an operator in a properly segregated environment.
Source: MOSHER, Richard & ROTHKE, Ben, CISSP CBK Review presentation on domain
7.