Which of the following security mode of operation does NOT require all users to have the clearance for all information processed on the system?
Click on the arrows to vote for the correct answer
A. B. C. D.B.
The multilevel security mode permits two or more classification levels of information to be processed at the same time when all the users do not have the clearance of formal approval to access all the information being processed by the system.
In dedicated security mode, all users have the clearance or authorization and need-to-know to all data processed within the system.
In system-high security mode, all users have a security clearance or authorization to access the information but not necessarily a need-to-know for all the information processed on the system (only some of the data)
In compartmented security mode, all users have the clearance to access all the information processed by the system, but might not have the need-to-know and formal access approval.
Generally, Security modes refer to information systems security modes of operations used in mandatory access control (MAC) systems.
Often, these systems contain information at various levels of security classification.
The mode of operation is determined by: The type of users who will be directly or indirectly accessing the system.
The type of data, including classification levels, compartments, and categories, that are processed on the system.
The type of levels of users, their need to know, and formal access approvals that the users will have.
Dedicated security mode - In this mode of operation, all users must have: Signed NDA for ALL information on the system.
Proper clearance for ALL information on the system.
Formal access approval for ALL information on the system.
A valid need to know for ALL information on the system.
All users can access ALL data.
System high security mode - In this mode of operation, all users must have: Signed NDA for ALL information on the system.
Proper clearance for ALL information on the system.
Formal access approval for ALL information on the system.
A valid need to know for SOME information on the system.
All users can access SOME data, based on their need to know.
Compartmented security mode - In this mode of operation, all users must have: Signed NDA for ALL information on the system.
Proper clearance for ALL information on the system.
Formal access approval for SOME information they will access on the system.
A valid need to know for SOME information on the system.
All users can access SOME data, based on their need to know and formal access approval.
Multilevel security mode - In this mode of operation, all users must have: Signed NDA for ALL information on the system.
Proper clearance for SOME information on the system.
Formal access approval for SOME information on the system.
A valid need to know for SOME information on the system.
All users can access SOME data, based on their need to know, clearance and formal access approval.
REFERENCES: WALLHOFF, John, CBK#6 Security Architecture and Models (CISSP Study Guide), April 2002 (page 6)
and http://en.wikipedia.org/wiki/Security_Modes.
The security modes of operation are different approaches to managing security in information systems. Each mode has its own set of rules and policies to control access to information based on the user's clearance level.
A. Compartmented security mode (also known as compartmented mode or compartmentation) is a security mode where information is divided into compartments based on its level of sensitivity or classification. Access to each compartment is restricted to users who have been granted a specific clearance for that compartment. In this mode, all users must have clearance for all information processed on the system.
B. Multilevel security mode (MLS) is a security mode that allows users with different clearance levels to access the same system and information. In this mode, users are only granted access to information that matches their clearance level. For example, a user with a "Secret" clearance can access information classified as "Secret" or "Unclassified", but not "Top Secret".
C. System-high security mode is a security mode that limits access to a system to users with the same clearance level. This means that all users must have the same level of clearance to access any information on the system.
D. Dedicated security mode is a security mode where each system is dedicated to a specific level of sensitivity or classification. In this mode, users are only granted access to information that matches the sensitivity or classification of the system they are accessing. For example, a user with a "Secret" clearance can only access information on a "Secret" system, and not on an "Unclassified" or "Top Secret" system.
Therefore, based on the above explanations, the security mode that does NOT require all users to have the clearance for all information processed on the system is Multilevel security mode (B).