What is the act of obtaining information of a higher sensitivity by combining information from lower levels of
sensitivity?

A.
Polyinstantiation

B.
Inference

C.
Aggregation

D.
Data mining

Explanation:
Aggregation is the act of combining information from separate sources. The combination of the data forms new
information, which the subject does not have the necessary rights to access. The combined information has a
sensitivity that is greater than that of the individual parts.
Incorrect Answers:
A: Polyinstantiation enables a table, which is also known as a relation, to contain multiple tuples with the same
primary keys, with each instance distinguished by a security level. At a lower security level the tuple will not
contain sensitive data and it will effectively be hidden from users who do not have the appropriate access
permissions.
B: Inference is the intended result of aggregation. The inference problem happens when a subject deduces the
full story from the pieces he learned of through aggregation. This is seen when data at a lower security level
indirectly portrays data at a higher level.
D: Data mining is about finding new information in a lot of data. Sensitivity or security is not related to data
mining.

Conrad, Eric, Seth Misenar and Joshua Feldman, CISSP Study Guide, 2nd Edition, Syngress, Waltham, 2012,
p. 1183
Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 1186, 1188