How much about security models (Biba, etc.) on SSCP test?

gmr2048

I'm trying to get my head around Clark-Wilson/Biba/Bell-LaPadula/Chinese Wall, etc. How much time should I put into the specifics of each? Are there many questions on the test about them? (I realize each test is probably different, but generally speaking...)

If it matters, I test on Tuesday. I'm currently scoring 90+% on each of the three different practice tests I've taken. But none have really hit on these subjects much.


Thanks!

tedjames

For my test three years ago, I just memorized the model and what it applies to. For example:

Bell-LaPadula - confidentiality/privacy
Biba - integrity
Clark-Wilson - data integrity
Brewer and Nash - prevents conflicts of interest

Things may have changed since then. I don't remember if I was tested on that.

You may try taking some CISSP practice tests to try to cover it. It never hurts to learn more than what's required.

DZA_

I would have a firm understanding on the security model concepts and their rules themselves. I agree that it's abstract and not really practical in the "real world". Kelly Handerhan does a great job explaining the different security rules for each of the models. There were test questions on the goals of security model (see TedJames's post above) and what the rules meant. Beyond that, you're good to go. CCCure has has a pool of questions that relate to this topic if you have that as your study material.

laurieH

I would certainly try and at least get the fundamentals of the models clear in your head. Knowing the relevant read/write - up/down for Biba and Bell LaPadula are easy to write questions for and highlight the difference between protecting confidentiality vs integrity.