PrepAway - Latest Free Exam Questions & Answers

Data inference violations can be reduced using

Data inference violations can be reduced using

PrepAway - Latest Free Exam Questions & Answers

A.
Polyinstantiation technique.

B.
Rules based meditation.

C.
Multi-level data classification.

D.
Correct-state transformation.

Explanation:
“Polyinstantiation is the development of a detailed version of an object from another
object using different values in the new object. In the database information security, this term is
concerned with the same primary key for different relations at different classification levels being
stored in the same database. For example, in a relational database, the same of a military unit
may be classified Secret in the database and may have an identification number as the primary
key. If another user at a lower classification level attempts to create a confidential entry for another
military unit using the same identification number as a primary key, a rejection of this attempt
would imply to the lower level user that the same identification number existed at a higher level of
classification. To avoid this inference channel of information, the lower level user would be issued
the same identification number for their unit and the database management system would manage
this situation where the same primary key was used for different units.” Pg 352-353 Krutz: The
CISSP Prep Guide: Gold Edition.
“As with aggregation, the best defense against inference attacks is to maintain constant vigilance
over the permissions granted to individual users. Furthermore, intentional blurring of data may be
used to prevent the inference of sensitive information.” – Ed Tittle CISSP Study Guide (sybex)
The other security issue is inference, which is very similar to aggregation. The inference problem
happens when a subject deduces information that is restricted from data he has access to. This is
seen when data at a lower security level indirectly portrays data at a higher level…This problem is
usually dealt with in the development of the database by implementing content and contextdependent classification rules; this tracks the subject’s query requests and restricts patterns that
represent inference.
“Polyinstantiation is a process of interactively producing more detailed versions of objects by
populating variables with values or other variables”- Shon Harris All-in-one CISSP Certification
Guide pg 725-727


Leave a Reply