Page 561 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 561
In Figure 9.2, the process scheduler manages the processes awaiting
execution in the ready and waiting states and decides what happens to
running processes when they transition into another state (ready,
waiting, or stopped).
Security Modes The US government has designated four approved
security modes for systems that process classified information. These
are described next. In Chapter 1, “Security Governance Through
Principles and Policies,” we reviewed the classification system used by
the federal government and the concepts of security clearances and
access approval. The only new term in this context is need to know,
which refers to an access authorization scheme in which a subject’s
right to access an object takes into consideration not just a privilege
level but also the relevance of the data involved in the role the subject
plays (or the job they perform). This indicates that the subject requires
access to the object to perform their job properly or to fill some
specific role. Those with no need to know may not access the object, no
matter what level of privilege they hold. If you need a refresher on
those concepts, please review them in Chapter 1 before proceeding.
Three specific elements must exist before the security modes
themselves can be deployed:
A hierarchical mandatory access control (MAC) environment
Total physical control over which subjects can access the computer
console
Total physical control over which subjects can enter into the same
room as the computer console
You will rarely, if ever, encounter the following modes
outside of the world of government agencies and contractors.
However, you may discover this terminology in other contexts, so
you’d be well advised to commit the terms to memory.
Dedicated Mode Dedicated mode systems are essentially equivalent
to the single-state system described in the section “Processing Types”
