expand for answer

Resource encapsulation

Method by which the reference monitor mediates accesses to an information system resource. Resource is protected and not directly accessible by a subject. Satisfies requirement for accurate auditing of resource usage.

Similar items:
(1) An access control concept that refers to an abstract machine that mediates all accesses to objects by subjects. (2) A system component that mediates usage of all objects by all subjects, enforcing the intended access controls. A portion of the security kernel that validates user requests against the system’s access control mechanisms. Concept of an abstract machine that enforces Target of Evaluation (TOE) access control policies.
Hardware, firmware, and software elements of a trusted computing base implementing the reference monitor concept. Security kernel must mediate all accesses, be protected from modification, and be verifiable as correct. The central part of a computer system (hardware, software, or firmware) that implements the fundamental security procedures for controlling access to system resources. The core set of operating system services that handles all user/application requests for access to system resources.
<p><b>1.&nbsp;Initiation and planning</b><br> At this stage, the administration initiates and plans the implementation of the program. A C&amp;A implementation expert lays out the documentation (including the business case and requirement documents) and presents it to the administration in the form of a comprehensive C&amp;A package.<br> &nbsp;</p> <p><b>2. Certification</b><br> At this stage, an external auditing team analyzes the C&amp;A package and the information security systems of the organization. The audits will include running vulnerability scans, conducting interviews, and checking if everything complies with the accepted standards and norms.<br> &nbsp;</p> <p><b>3. Accreditation</b><br> In the accreditation stage, the certifying authority will review the compiled C&amp;A package and will also go through the recommendations put forward by the auditing team. Before granting the accreditation, the authority will make its examination and see if there is a possibility of accepting non-remedied risks in the system.<br> &nbsp;</p> <p><b>4. Periodic monitoring</b><br> The system, the personnel, and the whole organization in general will be monitored periodically by a team whose sole responsibility is to ensure that the program stays operational as it should. Any risks, vulnerabilities, or threats that might arise during the monitoring stage will also have to be dealt with by the security enforcers of the organization.<br> &nbsp;</p>
A form of testing that attempts to verify that a system satisfies the stated criteria for functionality and possibly also for security capabilities of a product. It is used to determine whether end users or customers will accept the completed product. The formal testing conducted to determine whether a software system satisfies its acceptance criteria, enabling the customer to determine whether to accept the system.
A collection of procedures and data objects that is protected in a domain of its own so that the internal structure of a data object is accessible only to the procedures of the encapsulated subsystem and that those procedures may be called only at designated domain entry points. Encapsulated subsystem, protected subsystem and protected mechanisms of the TCB are terms that may be used interchangeably.

There are no comments yet.

Authentication required

You must log in to post a comment.

Log in