Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
13 Cards in this Set
- Front
- Back
|
Bell-La Padula Model |
Explores the rules that would have to be in place if a subject is granted acertain level of clearance and a particular mode of access. (read down, write up) |
|
|
Biba model |
Lattice-based model with multiple levels like Bell-La Padula. Focuses on integrity. (read up, write down) |
|
|
Clark-Wilson model |
Uses 3-part relationship (subject/transaction/object). Subjects must use program/transaction to access objects. |
|
|
Brewer and Nash model |
This model focuses on preventing conflict of interest when a given subject has access to objects with sensitive information associated with two competing parties. (Chinese model) |
|
|
Graham-Denning model |
Primarily concerned with how subjects and objects are created, how subjectsare assigned rights or privileges, and how ownership of objects is managed. |
|
|
Zachman Framework |
A logical structure for identifying and organizing the descriptive representations (models) that are important in the management of enterprises and to the development of the systems, both automated and manual, that comprise them. |
|
|
TOGAF |
The Open Group Architecture Framework An architecture content framework (ACF) to describe standard building blocks and components as well as numerous reference models. |
|
|
SABSA |
Sherwood Applied Business Security Architecture Framework Holistic life cycle for developing security architecture that begins with assessing business requirements and subsequently creating a “chain of traceability” through the phases of strategy, concept, design, implementation, and metrics. |
|
|
Harrison-Ruzzo-Ullman model |
Composed of a set of generic rights and finite set of commands. Concerned with situations in which a subject should be restricted from gaining particular privileges. |
|
|
COBIT |
Control Objects for Information and Related Technology Provides a set of generally accepted processes to assist in maximizing the benefits derived using information technology (IT) and developing appropriate IT governance. |
|
|
NIST SP 800-14 |
“Generally Accepted Principles and Practices for Securing Information Technology Systems” Provides a foundation upon which organizations can establish and review information technology security programs. |
|
|
ISO/IEC 21827:2008 |
The Systems Security Engineering – Capability Maturity Model (SSE-CMM) Describes the essential characteristics of an organization’s security engineering process that must exist to ensure good security engineering. |
|
|
ITIL |
IT Infrastructure Library Defines the organizational structure and skill requirements of an IT organization as well as the set of operational procedures and practices that direct IT operations and infrastructure, including information security operations. |
