Information Aggregation
Question
What is the act of obtaining information of a higher sensitivity by combining information from lower levels of sensitivity?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.C.
Aggregation is the act of obtaining information of a higher sensitivity by combining information from lower levels of sensitivity.
The incorrect answers are: Polyinstantiation is the development of a detailed version of an object from another object using different values in the new object.
Inference is the ability of users to infer or deduce information about data at sensitivity levels for which they do not have access privilege.
Data mining refers to searching through a data warehouse for data correlations.
Sources: KRUTZ, Ronald L.
& VINES, Russel.
D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 7: Applications and Systems Development (page 261)
KRUTZ, Ronald & VINES, Russel, The CISSP Prep Guide: Gold Edition, Wiley Publishing Inc., 2003, Chapter 7: Database Security Issues (page 358).
The act of obtaining information of a higher sensitivity by combining information from lower levels of sensitivity is known as "Inference."
Inference refers to the process of deducing sensitive information based on the analysis of publicly available data or lower classified data. This technique involves the use of logic and reasoning to derive sensitive or classified information from less-sensitive or unclassified information.
In other words, inference is the ability to draw conclusions based on the information that is available. This process can be performed through a variety of techniques such as data mining, statistical analysis, or other means of examining information.
For instance, if a user has access to a particular set of information at a lower classification level, but they are also able to deduce or infer information that is classified at a higher level, it can be considered an inference attack.
Inference attacks can be harmful as they can result in the unauthorized disclosure of sensitive information, which can have significant consequences, such as breaches of confidentiality, integrity, and availability.
Therefore, organizations must implement security controls and policies to prevent unauthorized inference attacks. These measures include access controls, data labeling, and data classification to ensure that sensitive information is not leaked through the inference process.
