<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns:p="urn:schemas-microsoft-com:office:powerpoint" xmlns:a="urn:schemas-microsoft-com:office:access" xmlns:dt="uuid:C2F41010-65B3-11d1-A29F-00AA00C14882" xmlns:s="uuid:BDC6E3F0-6DA3-11d1-A2A3-00AA00C14882" xmlns:rs="urn:schemas-microsoft-com:rowset" xmlns:z="#RowsetSchema" xmlns:b="urn:schemas-microsoft-com:office:publisher" xmlns:ss="urn:schemas-microsoft-com:office:spreadsheet" xmlns:c="urn:schemas-microsoft-com:office:component:spreadsheet" xmlns:odc="urn:schemas-microsoft-com:office:odc" xmlns:oa="urn:schemas-microsoft-com:office:activation" xmlns:html="http://www.w3.org/TR/REC-html40" xmlns:q="http://schemas.xmlsoap.org/soap/envelope/" xmlns:rtc="http://microsoft.com/officenet/conferencing" xmlns:D="DAV:" xmlns:Repl="http://schemas.microsoft.com/repl/" xmlns:mt="http://schemas.microsoft.com/sharepoint/soap/meetings/" xmlns:x2="http://schemas.microsoft.com/office/excel/2003/xml" xmlns:ppda="http://www.passport.com/NameSpace.xsd" xmlns:ois="http://schemas.microsoft.com/sharepoint/soap/ois/" xmlns:dir="http://schemas.microsoft.com/sharepoint/soap/directory/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:dsp="http://schemas.microsoft.com/sharepoint/dsp" xmlns:udc="http://schemas.microsoft.com/data/udc" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:sub="http://schemas.microsoft.com/sharepoint/soap/2002/1/alerts/" xmlns:ec="http://www.w3.org/2001/04/xmlenc#" xmlns:sp="http://schemas.microsoft.com/sharepoint/" xmlns:sps="http://schemas.microsoft.com/sharepoint/soap/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:udcs="http://schemas.microsoft.com/data/udc/soap" xmlns:udcxf="http://schemas.microsoft.com/data/udc/xmlfile" xmlns:udcp2p="http://schemas.microsoft.com/data/udc/parttopart" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns:st="" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Hi Clement,<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>What is the best answer….<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'>
<p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>
cisspstudy-bounces@cccure.org [mailto:cisspstudy-bounces@cccure.org] <b>On
Behalf Of </b>Clement Dupuis<br>
<b>Sent:</b> Saturday, September 05, 2009 12:06 AM<br>
<b>To:</b> The CISSP Study Mailing list<br>
<b>Subject:</b> Re: [Cisspstudy] Bell-Lapadula?<o:p></o:p></span></p>
</div>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal style='margin-bottom:12.0pt'>Bell Lapadula does address flow
control.<br>
<br>
It will not allow the information to flow in a way that would compromise
Confidentiality such as allowed a Secret document to be written into a
confidential container for example. BLP has to be combined with the flow
model and the state model to achieve something useful in real life<br>
<br>
Take care<br>
<br>
Clement<br>
<br clear=all>
Clément Dupuis, CD<br>
CISSP, GCFW, GCIA, Security+, CEH, ECSA, LPT, CCSA, CCSE, MBNS, MBIS, MBHS,
ACE<br>
----------------------------------------------------------------------------------------------<br>
In real life:<br>
Senior Security Specialist and Instructor<br>
Security University<br>
>> Call me to get the best CISSP training <<<br>
----------------------------------------------------------------------------------------------<br>
In Cyberspace:<br>
President/Security Evangelist/Chief Learning Officer (CLO)<br>
The CCCure Family of Portals<br>
----------------------------------------------------------------------------------------------<br>
Business: 407 479 3903<br>
Fax: 407 264 8396 <br>
<br>
Maintainer of :<br>
The CISSP and SSCP Open Study Guides Web Site<br>
<a href="http://www.cccure.org">http://www.cccure.org</a> <br>
<br>
The Professional Security Testers Warehouse<br>
<a href="http://www.professionalsecuritytesters.org">http://www.professionalsecuritytesters.org</a>
<br>
<br>
Knowledge sharing and giving back to the community<br>
<br>
<o:p></o:p></p>
<div>
<p class=MsoNormal>On Fri, Sep 4, 2009 at 14:27, <<a
href="mailto:An.Dang@do.treas.gov">An.Dang@do.treas.gov</a>> wrote:<o:p></o:p></p>
<p class=MsoNormal>A) is very tempting as well ... or you can argue out of it
because the word "control" ... involves with label.<br>
<br>
My review seminar instructor also gave the answer to a question for
"certification" as "a set of technical ... by technical
staff" while the CBK CD gave a different answer as well.<br>
<br>
<br>
----- Original Message -----<br>
From: <a href="mailto:cisspstudy-bounces@cccure.org">cisspstudy-bounces@cccure.org</a>
<<a href="mailto:cisspstudy-bounces@cccure.org">cisspstudy-bounces@cccure.org</a>><br>
To: <a href="mailto:cisspstudy@cccure.org">cisspstudy@cccure.org</a> <<a
href="mailto:cisspstudy@cccure.org">cisspstudy@cccure.org</a>><br>
Sent: Fri Sep 04 12:00:01 2009<br>
Subject: cisspstudy Digest, Vol 15, Issue 7<br>
<br>
Send cisspstudy mailing list submissions to<br>
<a href="mailto:cisspstudy@cccure.org">cisspstudy@cccure.org</a><br>
<br>
To subscribe or unsubscribe via the World Wide Web, visit<br>
<a
href="http://cccure.org/mailman/listinfo/cisspstudy_cccure.org" target="_blank">http://cccure.org/mailman/listinfo/cisspstudy_cccure.org</a><br>
or, via email, send a message with subject or body 'help' to<br>
<a href="mailto:cisspstudy-request@cccure.org">cisspstudy-request@cccure.org</a><br>
<br>
You can reach the person managing the list at<br>
<a href="mailto:cisspstudy-owner@cccure.org">cisspstudy-owner@cccure.org</a><br>
<br>
When replying, please edit your Subject line so it is more specific<br>
than "Re: Contents of cisspstudy digest..."<br>
<br>
<br>
Today's Topics:<br>
<br>
1. Bell-LaPadula Question?<br>
(Dallas, Michael J Civ USAF USAFE 100 CS/SCQ)<br>
2. Re: Bell-LaPadula Question? (Clement Dupuis)<br>
<br>
<br>
----------------------------------------------------------------------<br>
<br>
Message: 1<br>
Date: Fri, 4 Sep 2009 14:32:07 +0100<br>
From: "Dallas, Michael J Civ USAF USAFE 100 CS/SCQ"<br>
<<a href="mailto:mike.dallas@mildenhall.af.mil">mike.dallas@mildenhall.af.mil</a>><br>
To: "'<a href="mailto:cisspstudy@cccure.org">cisspstudy@cccure.org</a>'"
<<a href="mailto:cisspstudy@cccure.org">cisspstudy@cccure.org</a>><br>
Subject: [Cisspstudy] Bell-LaPadula Question?<br>
Message-ID:<br>
<<a
href="mailto:200909041321.n84DLgKl036775@mset-fwl-002.lakenheath.af.mil">200909041321.n84DLgKl036775@mset-fwl-002.lakenheath.af.mil</a>><br>
Content-Type: text/plain; charset="us-ascii"<br>
<br>
I received this question in a practice exam provided by a recent ISC2 CBK
review seminar. I was told the correct answer is C, however I don't agree
with it as need-to-know would be an important factor with this model.
What do you all think? My guess on this was D.<br>
24. What is one issue NOT addressed by the Bell-LaPadula model?<br>
(A) Information flow control<br>
(B) Security levels<br>
(C) Need to Know<br>
(D) Access modes<br>
<br>
Thanks,<br>
Mike<br>
-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
URL: <<a
href="http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20090904/0af558f6/attachment-0001.html"
target="_blank">http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20090904/0af558f6/attachment-0001.html</a>><br>
<br>
------------------------------<br>
<br>
Message: 2<br>
Date: Fri, 4 Sep 2009 11:56:52 -0400<br>
From: Clement Dupuis <<a href="mailto:clement.dupuis@cccure.com">clement.dupuis@cccure.com</a>><br>
To: The CISSP Study Mailing list <<a href="mailto:cisspstudy@cccure.org">cisspstudy@cccure.org</a>><br>
Subject: Re: [Cisspstudy] Bell-LaPadula Question?<br>
Message-ID:<br>
<<a
href="mailto:959788640909040856y707aa912qad05febc04e63f50@mail.gmail.com">959788640909040856y707aa912qad05febc04e63f50@mail.gmail.com</a>><br>
Content-Type: text/plain; charset="windows-1252"<br>
<br>
The need to know is address by the use of labels.<br>
<br>
Bell Lapadula was built to secure multilevel secure database. They were<br>
under Mandatory Access control.<br>
<br>
The labels contain a security clearance (sensitivity) and also categories.<br>
The categories enforces the need to know.<br>
<br>
So it is definitively wrong<br>
<br>
Take care<br>
<br>
Clement<br>
<br>
Cl?ment Dupuis, CD<br>
CISSP, GCFW, GCIA, Security+, CEH, ECSA, LPT, CCSA, CCSE, MBNS, MBIS, MBHS,<br>
ACE<br>
----------------------------------------------------------------------------------------------<br>
In real life:<br>
Senior Security Specialist and Instructor<br>
Security University<br>
>> Call me to get the best CISSP training <<<br>
----------------------------------------------------------------------------------------------<br>
In Cyberspace:<br>
President/Security Evangelist/Chief Learning Officer (CLO)<br>
The CCCure Family of Portals<br>
----------------------------------------------------------------------------------------------<br>
Business: 407 479 3903<br>
Fax: 407 264 8396<br>
<br>
Maintainer of :<br>
The CISSP and SSCP Open Study Guides Web Site<br>
<a href="http://www.cccure.org" target="_blank">http://www.cccure.org</a><br>
<br>
The Professional Security Testers Warehouse<br>
<a href="http://www.professionalsecuritytesters.org" target="_blank">http://www.professionalsecuritytesters.org</a><br>
<br>
Knowledge sharing and giving back to the community<br>
<br>
<br>
On Fri, Sep 4, 2009 at 09:32, Dallas, Michael J Civ USAF USAFE 100 CS/SCQ <<br>
<a href="mailto:mike.dallas@mildenhall.af.mil">mike.dallas@mildenhall.af.mil</a>>
wrote:<br>
<br>
> I received this question in a practice exam provided by a recent
ISC2 CBK<br>
> review seminar. I was told the correct answer is C, however I don?t
agree<br>
> with it as need-to-know would be an important factor with this model.
What<br>
> do you all think? My guess on this was D.<br>
><br>
> 24. What is one issue NOT addressed by the Bell-LaPadula model?<br>
><br>
> (A) Information flow
control<br>
><br>
> (B) Security levels<br>
><br>
> (C) Need to Know<br>
><br>
> (D) Access modes<br>
><br>
><br>
><br>
> Thanks,<br>
><br>
> Mike<br>
><br>
> _______________________________________________<br>
> cisspstudy mailing list<br>
> <a href="mailto:cisspstudy@cccure.org">cisspstudy@cccure.org</a><br>
> <a href="http://cccure.org/mailman/listinfo/cisspstudy_cccure.org"
target="_blank">http://cccure.org/mailman/listinfo/cisspstudy_cccure.org</a><br>
><br>
><br>
-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
URL: <<a
href="http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20090904/99e6f2f7/attachment-0001.html"
target="_blank">http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20090904/99e6f2f7/attachment-0001.html</a>><br>
<br>
------------------------------<br>
<br>
_______________________________________________<br>
cisspstudy mailing list<br>
<a href="mailto:cisspstudy@cccure.org">cisspstudy@cccure.org</a><br>
<a href="http://cccure.org/mailman/listinfo/cisspstudy_cccure.org"
target="_blank">http://cccure.org/mailman/listinfo/cisspstudy_cccure.org</a><br>
<br>
<br>
End of cisspstudy Digest, Vol 15, Issue 7<br>
*****************************************<br>
_______________________________________________<br>
cisspstudy mailing list<br>
<a href="mailto:cisspstudy@cccure.org">cisspstudy@cccure.org</a><br>
<a href="http://cccure.org/mailman/listinfo/cisspstudy_cccure.org"
target="_blank">http://cccure.org/mailman/listinfo/cisspstudy_cccure.org</a><o:p></o:p></p>
</div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
</body>
</html>