Senior management

They are responsible for security of the organization and the protection of its
assets.
The following answers are incorrect because :
Data owner is incorrect as data owners should not decide as to what security measures
should be applied.
Auditor is also incorrect as auditor cannot decide as to what security measures should beapplied.
The information security specialist is also incorrect as they may have the technical
knowledge of how security measures should be implemented and configured , but they
should not be in a position of deciding what measures should be applied.
Reference : Shon Harris AIO v3 , Chapter-3: Security Management Practices , Page : 51.

Value

Information classification should be based on the value of the information to
the organization and its sensitivity (reflection of how much damage would accrue due to
disclosure).
Age is incorrect. While age might be a consideration in some cases, the guiding principles
should be value and sensitivity.
Useful life. While useful lifetime is relevant to how long data protections should be applied,
the classification is based on information value and sensitivity.
Personal association is incorrect. Information classification decisions should be based on
value of the information and its sensitiviry.
References
CBK, pp. 101 - 102.

Unauthorized persons or processes.

Confidentiality assures that the information is not disclosed to unauthorized
persons or processes.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the
Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 31.

Dual Control

The question mentions clearly "operating together". Which means the BEST
answer is Dual Control.
Two mechanisms necessary to implement high integrity environments where separation of
duties is paramount are dual control or split knowledge.
Dual control enforces the concept of keeping a duo responsible for an activity. It requires
more than one employee available to perform a task. It utilizes two or more separate
entities (usually persons), operating together, to protect sensitive functions or information.Whenever the dual control feature is limited to something you know., it is often called split
knowledge (such as part of the password, cryptographic keys etc.) Split knowledge is the
unique “what each must bring” and joined together when implementing dual control.
To illustrate, let say you have a box containing petty cash is secured by one combination
lock and one keyed lock. One employee is given the combination to the combo lock and
another employee has possession of the correct key to the keyed lock. In order to get the
cash out of the box both employees must be present at the cash box at the same time. One
cannot open the box without the other. This is the aspect of dual control.
On the other hand, split knowledge is exemplified here by the different objects (the
combination to the combo lock and the correct physical key), both of which are unique and
necessary, that each brings to the meeting.
This is typically used in high value transactions / activities (as per the organizations risk
appetite) such as:
Approving a high value transaction using a special user account, where the password of
this user account is split into two and managed by two different staff. Both staff should bepresent to enter the password for a high value transaction. This is often combined with the
separation of duties principle. In this case, the posting of the transaction would have been
performed by another staff. This leads to a situation where collusion of at least 3 people are
required to make a fraud transaction which is of high value.
Payment Card and PIN printing is separated by SOD principles. Now the organization can
even enhance the control mechanism by implementing dual control / split knowledge. The
card printing activity can be modified to require two staff to key in the passwords for
initiating the printing process. Similarly, PIN printing authentication can also be made to be
implemented with dual control. Many Host Security modules (HSM) comes with built in
controls for dual controls where physical keys are required to initiate the PIN printing
process.
Managing encryption keys is another key area where dual control / split knowledge to be
implemented.
PCIDSS defines Dual Control as below. This is more from a cryptographic perspective, still
useful:
Dual Control: Process of using two or more separate entities (usually persons) operating in
concert to protect sensitive functions or information. Both entities are equally responsible for the physical protection of materials involved in vulnerable transactions. No single
person is permitted to access or use the materials (for example, the cryptographic key). For
manual key generation, conveyance, loading, storage, and retrieval, dual control requires
dividing knowledge of the key among the entities. (See also Split Knowledge).
Split knowledge: Condition in which two or more entities separately have key components
that individually convey no knowledge of the resultant cryptographic key.
It is key for information security professionals to understand the differences between Dual
Control and Separation of Duties. Both complement each other, but are not the same.
The following were incorrect answers:
Segregation of Duties address the splitting of various functions within a process to different
users so that it will not create an opportunity for a single user to perform conflicting tasks.
For example, the participation of two or more persons in a transaction creates a system of
checks and balances and reduces the possibility of fraud considerably. So it is important foran organization to ensure that all tasks within a process has adequate separation.
Let us look at some use cases of segregation of duties
A person handling cash should not post to the accounting records
A loan officer should not disburse loan proceeds for loans they approved
Those who have authority to sign cheques should not reconcile the bank accounts
The credit card printing personal should not print the credit card PINs
Customer address changes must be verified by a second employee before the change
can be activated.
In situations where the separation of duties are not possible, because of lack of staff, thesenior management should set up additional measure to offset the lack of adequate
controls.
To summarise, Segregation of Duties is about Separating the conflicting duties to reduce
fraud in an end to end function.
Need To Know (NTK):
The term "need to know", when used by government and other organizations (particularly
those related to the military), describes the restriction of data which is considered very
sensitive. Under need-to-know restrictions, even if one has all the necessary officialapprovals (such as a security clearance) to access certain information, one would not be
given access to such information, unless one has a specific need to know; that is, access
to the information must be necessary for the conduct of one's official duties. As with most
security mechanisms, the aim is to make it difficult for unauthorized access to occur,
without inconveniencing legitimate access. Need-to-know also aims to discourage
"browsing" of sensitive material by limiting access to the smallest possible number of
people.
EXAM TIP: HOW TO DECIPHER THIS QUESTION
First, you probably nototiced that both Separation of Duties and Segregation of Duties are
synonymous with each others. This means they are not the BEST answers for sure. That
was an easy first step.
For the exam remember:
Separation of Duties is synonymous with Segregation of Dutiesare
synonymous with each others. This means they are not the BEST answers for sure. That
was an easy first step.
For the exam remember:
Separation of Duties is synonymous with Segregation of Duties
Dual Control is synonymous with Split Knowledge
Reference(s) used for this question:
Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third
Edition ((ISC)2 Press) (Kindle Locations 16048-16078). Auerbach Publications. Kindle
Edition.and
http://www.ciso.in/dual-control-or-segregation-of-duties/

Data diddling

Data diddling involves alteration of existing data and is extremely common. It
is one of the easiest types of crimes to prevent by using access and accounting controls,
supervision, auditing, separation of duties, and authorization limits. It is a form of active
attack. All other choices are examples of passive attacks, only affecting confidentiality.
Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-
Hill/Osborne, 2002, Chapter 10: Law, Investigation, and Ethics (page 645)

Complex Instruction Set Computers (CISC)

Complex Instruction Set Computer (CISC) uses instructions that perform
many operations per instruction. It was based on the fact that in earlier technologies, the
instruction fetch was the longest part of the cycle. Therefore, by packing more operations
into an instruction, the number of fetches could be reduced. Pipelining involves overlapping
the steps of different instructions to increase the performance in a computer. Reduced
Instruction Set Computers (RISC) involve simpler instructions that require fewer clock
cycles to execute. Scalar processors are processors that execute one instruction at a time.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the
Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 5: Security
Architectures and Models (page 188).

The security perimeter

The security perimeter is the imaginary line that separates the trusted
components of the kernel and the Trusted Computing Base (TCB) from those elements that
are not trusted. The reference monitor is an abstract machine that mediates all accesses to
objects by subjects. The security kernel can be software, firmware or hardware
components in a trusted system and is the actual instantiation of the reference monitor.
The reference perimeter is not defined and is a distracter.
Source: HARE, Chris, Security Architecture and Models, Area 6 CISSP Open Study Guide,
January 2002.

A fault-tolerant system

A fault-tolerant system is capable of detecting that a fault has occurred and
has the ability to correct the fault or operate around it. In a fail-safe system, program
execution is terminated, and the system is protected from being compromised when a
hardware or software failure occurs and is detected. In a fail-soft system, when a hardware
or software failure occurs and is detected, selected, non-critical processing is terminated.
The term failover refers to switching to a duplicate "hot" backup component in real-time
when a hardware or software failure occurs, enabling processing to continue.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the
Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 5: Security
Architecture and Models (page 196).

People

The Answer: People. The other choices can be strengthened and counted on
(For the most part) to remain consistent if properly protected. People are fallible and
unpredictable. Most security intrusions are caused by employees. People get tired,
careless, and greedy. They are not always reliable and may falter in following defined
guidelines and best practices. Security professionals must install adequate prevention and
detection controls and properly train all systems users Proper hiring and firing practices can
eliminate certain risks. Security Awareness training is key to ensuring people are aware of
risks and their responsibilities.
The following answers are incorrect:Software. Although software exploits are major threat
and cause for concern, people are the weakest point in a security posture. Software can be
removed, upgraded or patched to reduce risk.
Communications. Although many attacks from inside and outside an organization use
communication methods such as the network infrastructure, this is not the weakest point in
a security posture. Communications can be monitored, devices installed or upgraded to
reduce risk and react to attack attempts.
Hardware. Hardware components can be a weakness in a security posture, but they are
not the weakest link of the choices provided. Access to hardware can be minimized by
such measures as installing locks and monitoring access in and out of certain areas.
The following reference(s) were/was used to create this question:
Shon Harris AIO v.3 P.19, 107-109
ISC2 OIG 2007, p.51-55

Be tailored to meet organizational security goals.

In general, IT security measures are tailored according to an organization's
unique needs. While numerous factors, such as the overriding mission requirements, and
guidance, are to be considered, the fundamental issue is the protection of the mission or
business from IT security-related, negative impacts. Because IT security needs are not
uniform, system designers and security practitioners should consider the level of trust when
connecting to other external networks and internal sub-domains. Recognizing the
uniqueness of each system allows a layered security strategy to be used - implementing
lower assurance solutions with lower costs to protect less critical systems and higher
assurance solutions only at the most critical areas.
The more complex the mechanism, the more likely it may possess exploitable flaws.
Simple mechanisms tend to have fewer exploitable flaws and require less maintenance.
Further, because configuration management issues are simplified, updating or replacing a
simple mechanism becomes a less intensive process.
Security designs should consider a layered approach to address or protect against a
specific threat or to reduce a vulnerability. For example, the use of a packet-filtering router
in conjunction with an application gateway and an intrusion detection system combine to
increase the work-factor an attacker must expend to successfully attack the system. Addinggood password controls and adequate user training improves the system's security posture
even more.
The need for layered protections is especially important when commercial-off-the-shelf
(COTS) products are used. Practical experience has shown that the current state-of-the-art
for security quality in COTS products does not provide a high degree of protection against
sophisticated attacks. It is possible to help mitigate this situation by placing several controlsin series, requiring additional work by attackers to accomplish their goals.
Source: STONEBURNER, Gary & al, National Institute of Standards and Technology
(NIST), NIST Special Publication 800-27, Engineering Principles for Information
Technology Security (A Baseline for Achieving Security), June 2001 (pages 9-10).