Orange Book Minimal Protection Division

A.

The criteria are divided into four divisions: D, C, B, and A ordered in a hierarchical manner with the highest division (A) being reserved for systems providing the most comprehensive security.

Each division represents a major improvement in the overall confidence one can place in the system for the protection of sensitive information.

Within divisions C and B there are a number of subdivisions known as classes.The classes are also ordered in a hierarchical manner with systems representative of division C and lower classes of division B being characterized by the set of computer security mechanisms that they possess.

Assurance of correct and complete design and implementation for these systems is gained mostly through testing of the security- relevant portions of the system.

The security-relevant portions of a system are referred to throughout this document as the Trusted Computing Base (TCB)

Systems representative of higher classes in division B and division A derive their security attributes more from their design and implementation structure.

Increased assurance that the required features are operative, correct, and tamperproof under all circumstances is gained through progressively more rigorous analysis during the design process.

TCSEC provides a classification system that is divided into hierarchical divisions of assurance levels: Division D - minimal security - Division C - discretionary protection Division B - mandatory protection Division A - verified protection Reference:page 358 AIO V.5 Shon Harris also Source: KRUTZ, Ronald L.

& VINES, Russel.

D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, page 197

Also: THE source for all TCSEC "level" questions: http://csrc.nist.gov/publications/secpubs/rainbow/std001.txt.

The TCSEC (Trusted Computer System Evaluation Criteria), also known as the Orange Book, is a standard for evaluating the security of computer systems. It defines several security divisions, each representing a different level of security protection.

The minimal protection division is known as Division D. It is the lowest level of protection defined by the TCSEC and provides only minimal security measures.

Division D systems are designed to protect against casual or inadvertent attempts to breach security, but they are not intended to protect against deliberate attempts by knowledgeable attackers. These systems have limited security features and rely on basic access controls, such as passwords or simple encryption, to protect data and system resources.

In contrast, the higher divisions (C, B, and A) provide increasingly stronger security protections, such as mandatory access controls, multi-level security, and formal security models.

To summarize, the correct answer to the question is A. Division D is defined in the TCSEC as minimal protection.