Division for Discretionary Protection (Need-to-Know)
Question
Which division of the Orange Book deals with discretionary protection (need-to-know)?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.B.
C deals with discretionary protection.See matric below:
/answer/img0011200001.png)
TCSEC Matric - The following are incorrect answers: D is incorrect.D deals with minimal security.
B is incorrect.B deals with mandatory protection.
A is incorrect.A deals with verified protection.
Reference(s) used for this question: CBK, p.
329330 - and Shon Harris, CISSP All In One (AIO), 6th Edition , page 392-393
The Orange Book is a set of guidelines for security in computer systems, established by the United States Department of Defense (DoD). The Orange Book is also known as the Trusted Computer System Evaluation Criteria (TCSEC). It provides a way to evaluate the security of computer systems, with levels ranging from D (minimal protection) to A (maximum protection).
The Orange Book divides security requirements into several divisions, including A, B, C, D, and E. Each division describes a different level of security protection.
In particular, Division B deals with mandatory protection, while Division C deals with discretionary protection.
Mandatory protection means that the system enforces a set of rules that limit access to data and resources based on the user's security clearance. On the other hand, discretionary protection means that the system allows the owner of a resource to specify who can access that resource.
Therefore, the correct answer to the question is B, as Division C of the Orange Book deals with discretionary protection, which is also known as the "need-to-know" principle.