If an internal database holds a number of printers in every department and this equals the total number of
printers for the whole organization recorded elsewhere in the database, it is an example of:
A.
External consistency of the information system.
B.
Differential consistency of the information system.
C.
Internal consistency of the information system.
D.
Referential consistency of the information system.
Explanation:
Internal consistency ensures that internal data is consistent, the subtotals match the total number of units in the
data base. Internal Consistency, External Consistency, Well formed transactions are all terms related to the
Clark-Wilson Model. The Clark-Wilson model was developed after Biba and takes some different approaches
to protecting the integrity of information. This model uses the following elements:
Users Active agents
Transformation procedures (TPs) Programmed abstract operations, such as read, write, and modify
Constrained data items (CDIs) Can be manipulated only by TPs
Unconstrained data items (UDIs) Can be manipulated by users via primitive read and write operations
Integrity verification procedures (IVPs) Check the consistency of CDIs with external reality
Although this list may look overwhelming, it is really quite straightforward. When an application uses the ClarkWilson model, it separates data into one subset that needs to be highly protected, which is referred to as a
constrained data item (CDI), and another subset that does not require a high level of protection, which is called
an unconstrained data item (UDI). Users cannot modify critical data (CDI) directly. Instead, the subject (user)
must be authenticated to a piece of software, and the software procedures (TPs) will carry out the operations
on behalf of the user. For example, when Kathy needs to update information held within her company’s
database, she will not be allowed to do so without a piece of software controlling these activities. First, Kathy
must authenticate to a program, which is acting as a front end for the database, and then the program will
control what Kathy can and cannot do to the information in the database. This is referred to as access triple:
subject (user), program (TP), and object (CDI). A user cannot modify CDI without using a TP. Well Formed
Transactions A well-formed transaction is a series of operations that are carried out to transfer the data from
one consistent state to the other. If Kathy transfers money from her checking account to her savings account,
this transaction is made up of two operations: subtract money from one account and add it to a different
account. By making sure the new values in her checking and savings accounts are accurate and their integrity
is intact, the IVP maintains internal and external consistency. The Clark-Wilson model also outlines how to
incorporate separation of duties into the architecture of an application. If we follow our same example of
banking software, if a customer needs to withdraw over $ 10,000, the application may require a supervisor to
log in and authenticate this transaction. This is a countermeasure against potential fraudulent activities. The
model provides the rules that the developers must follow to properly implement and enforce separation of
duties through software procedures.
Incorrect Answers:A: External consistency is where the data matches the real world. If you have an automated inventory system
the numbers in the data must be consistent with what your stock actually is.
Harris, Shon (2012-10-25). CISSP All-in-One Exam Guide, 6th Edition (Kindle Locations 8146-
8159). McGrawHill. Kindle Edition.
Harris, Shon (2012-10-25). CISSP All-in-One Exam Guide, 6th Edition (Kindle Locations 8188-8195). McGrawHill. Kindle Edition.
Harris, Shon (2012-10-25). CISSP All-in-One Exam Guide, 6th Edition, Security Architecture and Design Ch 4,
Pg, 374-376 AIO 6th Edition. McGraw-Hill.