Page 1031 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1031

data, the system denies them access to the associated data. The MAC

               model is more secure than the DAC model, but it isn’t as flexible or
               scalable.

               Security classifications indicate a hierarchy of sensitivity. For example,
               if you consider the military security labels of Top Secret, Secret,
               Confidential, and Unclassified, the Top Secret label includes the most
               sensitive data and unclassified is the least sensitive. Because of this
               hierarchy, someone cleared for Top Secret data is cleared for Secret

               and less sensitive data. However, classifications don’t have to include
               lower levels. It is possible to use MAC labels so that a clearance for a
               higher-level label does not include clearance for a lower-level label.



                          A key point about the MAC model is that every object and


                  every subject has one or more labels. These labels are predefined,
                  and the system determines access based on assigned labels.



               Classifications within a MAC model use one of the following three
               types of environments:

               Hierarchical Environment A hierarchical environment relates
               various classification labels in an ordered structure from low security
               to medium security to high security, such as Confidential, Secret, and
               Top Secret, respectively. Each level or classification label in the

               structure is related. Clearance in one level grants the subject access to
               objects in that level as well as to all objects in lower levels but prohibits
               access to all objects in higher levels. For example, someone with a Top
               Secret clearance can access Top Secret data and Secret data.

               Compartmentalized Environment In a compartmentalized
               environment, there is no relationship between one security domain

               and another. Each domain represents a separate isolated
               compartment. To gain access to an object, the subject must have
               specific clearance for its security domain.

               Hybrid Environment A hybrid environment combines both
               hierarchical and compartmentalized concepts so that each hierarchical
               level may contain numerous subdivisions that are isolated from the
   1026   1027   1028   1029   1030   1031   1032   1033   1034   1035   1036