Domain 2 – Asset Security
- Describe the four stages of the information life cycle. What is the difference between backup and archival?
- What is data remanence? Describe the four different approaches to eliminating data remanence: overwriting, degaussing, encryption, and physical destruction.
- Describe the media management tasks required to safeguard information within the media life cycle.
- Describe what data leak prevention (DLP) is and compare the benefits and drawbacks of network DLP, endpoint DLP, and hybrid DLP.
Domain 3 – Security Engineering/Security Architecture Design
- Describe the difference between the Biba Integrity Model and the Clark-Wilson Integrity Model. Give an overview of the Bell LaPadula Confidentiality.
- In your own words, describe the concept of ring protection. What is the difference between Layering and data hiding?
- Describe the different components addressed within the Common Criteria used for evaluation of the security elements within a system. What is the difference between certification and accreditation of a system?.
- Define cloud computing and describe the differences between Software as as Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS). Define parallel computing and describe bit-level parallelism, instruction-level parallelism, task-level parallelism, and data parallelism.
Instructions: Answer all questions in a single document. Then submit to the appropriate assignment folder. Each response to a single essay question should be about a half-page in length (about 150 words).
1. Not all information has the same importance and value to a company. How data is classified is an important factor used in determining the amounts of funding and resources that should be applied to protecting each type of data. Describe the data classification levels within commercial and military organizations and provide examples of the types of information that would be classified at each classification level.
2. It takes a team of individuals throughout the organization working together to safeguard the integrity and confidentiality of data resources. Describe the layers of responsibility within an organization when it comes to asset security and data protection. For each role, discuss their responsibility within the organization for asset security.
3. The architecture of a computer system is very important and comprises many topics. The system must ensure that memory is properly segregated and protected, ensure that only authorized subjects access objects, ensure that untrusted processes cannot perform activities that would put other processes at risk, control the flow of information, and define a domain of resources for each subject. It also must ensure that if the computer experiences any type of disruption, it will not result in an insecure state. Many of these issues are dealt with in the system’s security policy, and the security mode is built to support the requirements of this policy. Explain the concept of a trusted computing base and describe how it is used to enforce the system’s security policy. Provide examples of specific elements (hardware, software or firmware) in the architecture of the computer system could be used that provide security within the TCB.