The Ten Commandments Of Computer Ethics

The following are the 10 commandments from the Computer Ethics Institute

  1. Thou shall not use a computer in ways that may harm people.
  2. Thou shall not interfere with other people’s computer work.
  3. Thou shall not snoop around in other people’s computer files.
  4. Thou shall not use a computer to steal.
  5. Thou shall not use a computer to false witness
  6. Thou shall not copy or use proprietary software for which you have not paid.
  7. Thou shall not use other people’s computer resources without authorization or proper compensation.
  8. Thou shall not appropriate other people’s intellectual output.
  9. Thou shall think about the social consequences of the program you are writing or the system you are designing.
  10. Thou shall always use a computer in ways that ensure consideration and respect for your fellow humans.


19. Exam Essentials for Physical Security

Without control over the physical environment, you can’t have adequate security with as much administrative or technical/logical control you through at it. If a malicious person can gain physical access to your facility or equipment, they can do whatever they want. destroy, disclose, alter.

Examples of administrative physical security controls are facility construction and selection, site management, personnel controls, awareness training, and emergency response and procedures.

Technical physical controls can be access controls, intrusion detection, alarms, CCTV, monitoring, HVAC, power supplies, and fire detection and suppression.

Physical controls for physical security are fencing, lighting, locks, construction materials, mantraps, dogs, and guards.

The order of controls are: deterrence, then denial, then detection, then delay.

The key elements in making a site selection are visibility, composition of the surrounding area, area accessibility, and the effects of natural disasters. A key element in designing a facility for construction is understanding the level of security needed by your organization and planning for it before construction begins.

There should not be equal access to all locations within a facility. Areas that contain assets of higher value or importance should have restricted access. Valuable and confidential assets should be located in the heart or center of protection provided by a facility. Also, centralized server or computer rooms need be human compatible.

If a facility employs restricted areas to control physical security, then a mechanism to handle visitors is required. Often an escort is assigned to visitors, and their access and activities are monitored closely. Failing to track the actions of outsiders when they are granted access into a protected area can result in malicious activity against the most protected assets.

The security controls to manage physical security are: Administrative, Technical and Physical.

Common threats to physical access controls: Abuse, Masquerading and Piggybacking. TO counter, deploy a guard or other monitoring system.
Abuses of physical access controls are propping open secured doors and bypassing locks or access controls. Masquerading is using someone else’s security ID to gain entry into a facility. Piggybacking is following someone through a secured gate or doorway without being identified or authorized personally.

Audit trails and access logs are useful tools even for physical access control. They may need to be created manually by security guards or they can be generated automatically if sufficiently automated access control mechanisms are in place. Consider monitoring entry points with CCTV and compare the audit trails and access logs with visually recorded history of the events. Useful for reconstructing the events of an intrusion, breach or attack.

Power supplied by electric companies is not always consistent and clean. Most electronic equipment demands clean power in order to function properly. Equipment damage because of power fluctuations is a common occurrence. Many organizations opt to manage their own power through several means. A UPS is a type of self-charging battery that can be used to supply consistent clean power to sensitive equipment. UPSs also provide continuous power even after the primary power source fails. A UPS can continue to supply power for minutes or hours depending on its capacity and the draw of the equipment.

As they relate to power…
Define Fault: In an electric power system, a fault is any abnormal electric current. For example, a short circuit is a fault in which current bypasses the normal load. An open-circuit fault occurs if a circuit is interrupted by some failure. In three-phase systems, a fault may involve one or more phases and ground, or may occur only between phases. In a “ground fault” or “earth fault”, charge flows into the earth. The prospective short circuit current of a fault can be calculated for power systems. In power systems, protective devices detect fault conditions and operate circuit breakers and other devices to limit the loss of service due to a failure.
Define Blackout: A power outage (also known as a power cut, power failure, power loss, or blackout) is a short- or long-term loss of the electric power to an area.
Define Sag: A power is a momentary drop in power. It involves voltages 80 to 85 percent below normal for short periods.
Define Brownout: A brownout is an intentional or unintentional drop in voltage in an electrical power supply system. Intentional brownouts are used for load reduction in an emergency. The reduction lasts for minutes or hours, as opposed to short-term voltage sag or dip.
Define Spike: In electrical engineering, spikes are fast, short duration electrical transients in voltage (voltage spikes), current (current spike), or transferred energy (energy spikes) in an electrical circuit.
Define inrush: Inrush current or input surge current refers to the maximum, instantaneous input current drawn by an electrical device when first turned on.
Define Noise: A steady, interfering power disturbance or fluctuation.
Define Transient: A short duration of line noise disturbance
Define Clean: Non fluctuation pure power
Define Ground: The wire in a circuit that is grounded.

In addition to power considerations, maintaining the environment involves control over the HVAC mechanisms. Rooms containing primarily computers should be kept at 60 to 75 degrees Fahrenheit or 15 to 23 degrees Celsius.

Humidity in a computer room should be maintained between 40 and 60 percent. Too much humidity causes corrosion and too little causes static electricity.

It is possible to generate 20,000 volt static discharge on nonstatic carpeting if the humidity is too low.

Water leakage and flooding should be addressed in your environmental safety policy and procedures. Plumbing leaks are not an everyday occurrence but when they occur they often cause significant damage. Water and electricity don’t mix. Whenever possibly, locate server rooms and critical computer equipment away from any water source or transport pipes.

Fire detection and suppression must not be overlooked. Protecting personnel from harm should always be the most important goal of any security or protection system. In addition to protecting people, fire detection and suppression is designed to keep damage caused by a fire, smoke, heat, and suppression materials to a minimum, especially in regard to the IT infrastructure.

The destructive elements of a fire include smoke and heat but also the suppression medium, such as water or soda acid. Smoke is damaging to most storage devices. Heat can damage any electronic or computer component. Suppression mediums can cause short circuits, initiate corrosion, or otherwise render equipment useless. All of these issues must be addressed when designing a fire response system.

In all circumstances and under all conditions, the most important aspect of security is protecting people. Thus, preventing harm to people is the most important goal for all security solutions.

18. Exam Essentials for Incidents and Ethics

Computer crime is a crime that is directed against, or directly involves, a computer.

Computer crimes are grouped into six categories: military, business, financial, terrorist, grudge, and thrill.

As soon as you discover an incident, you must being to collect evidence and as much information about the incident as possible. The evidence should be treated in a way that it can be legally used in court. Evidence collection can also assist you in determining the extent of damage.

Incidents should be defined in your security policy. Even though specific incidents may not be outlined, the existence of the policy sets the standard for the use of your system. An incident is any event that has a negative outcome affecting the confidentiality, integrity, or availability of an organization’s data.

An incident occurs when an attack or other violation of your security policy is carried out against your system. Incidents can be grouped into four categories: scanning, compromises, malicious code and DoS/DDoS.

Attacks will generate some activity that is not normal. Recognizing abnormal and suspicious activity is the first step toward detecting incidents.

You must have possession of equipment, software, or data to analyze it and use it as evidence. You must acquire the evidence without modifying it or allowing anyone else to modify it.

3 basic alternatives for confiscating evidence.
First, the person who owns the evidence could voluntarily surrender it. Second, a subpoena could be used to compel the subject to surrender the evidence. Thirdly, a search warrant is most useful when you need to confiscate evidence without giving the subject an opportunity to alter it.

Use logging and store it for a reasonable amount of time as it may take some time to actually realize an incident has occurred.

Establish a working relationship with the corporate and law enforcement personnel with whom you will work to resolve an incident. When you have a need to report an incident, gather as much descriptive information as possible and make your report in a timely manner.

To be admissible, evidence must be relevant to a fact at issue in the case, the fact must be material to the case, and the evidence must be competent or legally collected.

Real evidence consists of actual objects that can be brought into the courtroom. Documentary evidence consists of written documents that provide insight into the facts. Testimonial evidence consists of verbal or written statements made by witnesses.

Security practitioners are granted a very high level of authority and responsibility to execute their job functions. The potential for abuse exists, and without a strict code of personal behaviour, security practitioners could be regarded as having unchecked power. Adherence to a code of ethics helps ensure that such power is not abused.

RFC 1087 is about ethics and the (ISC)^2 has a code of ethics that CISSP candidates must subscribe to.

17. Exam Essentials for Laws, Regulations, and Compliance

The differences between criminal law, civil law,and administrative law are:
Criminal law protects society against acts that violate the basic principles we believe in. Violations of criminal law are prosecuted by federal and state governments.

Civil law provides the framework for the transaction of business between people and organizations.

Violations of civil law are brought to the court and argued by the two affected parties. Administrative law is used by government agencies to effectively carry out their day-to-day business.

The computer fraud and abuse act protects computers used by the government or in interstate commerce from a variety of abuses. The computer security act outlines steps the government must take to protect its own systems from attack. The government information security reform act further develops the federal government information security program.

Copyrights protect original works of authorship, such as books, articles, poems, and songs. Trademarks are names, slogans, and logos that identify a company, product, or service. Patents provide protection to the creators of new inventions. Trade secret law protects the operating secrets of a firm.

The digital millennium copyright act prohibits the circumvention of copy protection mechanisms placed in digital media and limits the liability of Internet service providers for the activities of their users.

The economic espionage act provides penalties for individuals found guilty of the theft of trade secrets. Harsher penalties apply when the individual knows that the information will benefit a foreign government.

Contractual license agreements are written agreements between a software vendor and user. Shrink-wrap agreements are written on software packaging and take effect when a user opens the package. Click-wrap agreements are included in a package but require the user to accept the terms during the software installation process.

The uniform computer information transactions act provides a framework for the enforcement of shrink-wrap and click-wrap agreements by federal and state goverments.

Ni high-performance computers or encryption technology may be exported to tier 4 countries. The export of hardware capable of operating in excess of 0.75 weighted teraflops to tier 3 countries must be approved by the department of commerce. New rules permit the easy exporting of “mass market” encryption software.

The united states has a number of privacy laws that affect the government’s use of information as well as the use of information by specific industries, such as financial services companies and health-care organizations that handle sensitive information. The EU has a more comprehensive directive on data privacy that regulates the use and exchange of personal information.

Most organizations are subject to a wide variety of legal and regulatory requirements related to information security. Building a compliance program ensures that you become and remain compliant with these often overlapping requirements.

The expanded use of cloud services by many organizations requires added attention to conducting reviews of information security controls during the vendor selection process and as part of ongoing vendor governance.

16. Exam Essentials for Disaster Recovery Planning

Natural disasters that commonly threaten organizations include earthquakes, floods, storms, fires, tsunamis, and volcanic eruptions.

Explosions, electrical fires, terrorist acts, power outages, other utility failures, infrastructure failures, hardware/software failures, labor difficulties, theft, and vandalism are all common man-made disasters.

The common types of recovery facilities are cold sites, warm sites, hot sites, mobile sites, service bureaus, and multiple sites. Be sure you understand the benefits and drawbacks for each such facility. The better the more expensive.

Mutual assistance agreements (MAAs) provide an inexpensive alternative to disaster recovery sites, but hey are not commonly used because they are difficult to enforce. Organizations participating in MAA may also be shut down by the same disaster, and MAAs raise confidentiality concerns.

Databases benefit from three backup technologies. Electronic vaulting is used to transfer database backups to a remote site as part of a bulk transfer. In remote journaling, data transfers occur on a more frequent basis. With remote mirroring technology, database transactions are mirrored at the backup site in real time.

The five types of disaster recovery plan tests are:

  1. Checklist tests
  2. Structured Walk-throughs
  3. simulation tests
  4. Parallel tests
  5. Full interruption tests.

Checklist tests are purely paperwork exercises, whereas structured walk-throughs involve a project team meeting. Neither has an impact on business operations. Simulation tests may shut down noncritical business units. Parallel tests involve relocating personnel but do not affect day-to-day operations. Full-interruption tests involve shutting down primary systems and shifting responsibility to the recovery facility.

15. Exam Essentials for Business Continuity Planning

Business continuity planning involves four distinct phases: project scope and planning, business impact assessment, continuity planning, and approval and implementation. Each task contributes to the overall goal of ensuring that business operations continue uninterrupted in the face of an emergency situation.

In the business organization analysis, the individuals responsible for leading the BCP process determine which departments and individuals have a stake in the business continuity plan. This analysis is used as the foundation for BCP team selection and, after validation by the BCP team, is used to guide the next stages of BCP development.

The BCP team should contain, at a minimum, representatives from each of the operational and support departments technical experts from the IT department; security personnel with BCP skills; legal representatives familiar with corporate legal, regulatory, and contractual responsibilities; and representatives from senior management. Additional team members depend on the structure and nature of the organization.

Business leaders must exercise due diligence to ensure that shareholder’s interests are protected in the event disaster strikes. Some industries are also subject to federal, state, and local regulations that mandate specific BCP procedures. Many businesses also have contractual obligations to their clients that must be met, before and after a disaster.

The five steps of the business impact assessment proecess are identification of priorities, risk identification, likelihood assessment, impact assessment, and resource prioritization.

During the strategy development phase, the BCP team determines which risks will be mitigated. In the provisions and the processes phase, mechanisms and procedures that will mitigate the risks are designed. The plan must be approved by senior management and implemented. Personnel must be also receive training on their roles in the BCP process.

Committing the plan to writing provides the organization with a written record of the procedures to follow when disaster strikes. It prevents the “it’s in my head” syndrome and ensures the orderly progress of events in an emergency.

14. Exam Essentials for Incident Management

Incident response steps are specifically listed in the CIB as:

  1. Detection
  2. Response
  3. Reporting
  4. Recovery
  5. Remediation and Review

Once an incident is detected, the first response sohould be to limit or contain the scope fo the incident while protecting evidence. Based on governing laws, the incident may need to be reported to official authorities, and if PII is affected, individuals need to be informed. The remediation and review stage includes root cause analysis to determine the cause and recommend a solution to prevent reoccurrence.

Basic preventive measures can prevent many incidents from occurring and they are repeated often. Like keeping systems up-to-date, removing or disabling unneeded protocols and services, using antivirus software, enabling firewalls and using IDSs.

Malicious code is thwarted with a combination of tools. Updated antivirus is the primary tool on each system, at the boundary of the network and on email servers.

Don’t foget about policies enforcing basic security principles such as least privilege to prevent regular users from installing software that may be malicious. Additionally, educating users from installing software that may be malicious. Additionally educating users about the risks and the methods attackers commonly use to spread viruses, helps users understand and avoid dangerous behaviors.

A zero-day exploit is an attack that uses a vulnerability that is either unknown to anyone bu the attacker or known only to a limited group of people. On the surface, it sounds like you can’t protect against an unknown vulnerability, but basic security practices go a long way to preventing zero-day exploits. Removing or disabling unneeded protocols and services reduces the attack surface, enabling firewalls blocks many access points, and using intrusion detection systems helps detect potential attacks. Additionally, using tools such as honeypots and padded cells helps protect live networks.

DoS attacks prevent a system from responding to legitimate requests for service. A common DoS attack still used is the SYN flood attack, which disrupts the TCP three-way handshake. Even though older attacks are not as common today because basic precautions block them, you may still be tested on them because many newer attacks are often variations on older methods. Smurf attacks employ an amplification network to send numerous response packets to a victim. Ping-of-death attacks send numerous oversized ping packets to the victim, causing the victim to freeze, crash, or reboot.

Botnets represent significant threats due to the massive number of computers that can launch attacks, so it’s important to know what they are.

A botnet is a collection of compromised PCs organized in a network controlled by a criminal known as a bot herder. Bot herders use a command and control server to remotely control the zombies and often use the botnet to launch attacks on other systems or send spam or phishing emails. Bot herders also rent botnet access out to other criminals.

A man in the middle attack occurs when a malicious user is able to gain a position between the two endpoints of a communications link. While it takes a significant amount of sophistication on the part of an attacker to complete a man in the middle attack, the amount of data obtained from the attack can be significant.

Malicious insiders can perform sabotage against an organization if they become disgruntled for some reason. Espionage is when a competitor tries to steal information, and they may use an internal employee. Basic security principles and immediately disabling accounts for terminated employees limit the damage from these employees.

IDSs and IPSs are important detective and preventive measures against attacks.

Knowledge based using a database. Behavior based using a baseline to create a normal.

An IDS can respond passively by logging and sending notifications, or actively by changing the environment. Some people refer to an active IDS as an IPS, but its important to recognize that an IPS is placed in line with the traffic and includes the ability to block malicious traffic before it reaches the target.

HIDS can monitor activity on a single system only and can be discovered by attackers and disabled. NIDS can monitor activity on a network and aren’t as visible to attackers.

A honeypot is a system that often uses pseudo flaws and fake data to lure intruders. Administrators can observe the activity of attackers while they are in the honeypot, as long as attackers are in the honeypot, they are not in the live network. Some IDSs have the ability to transfer attackers into a padded cell after detection. While a honeypot and padded cell are similar, note that a honeypot lures the attacker but the attacker is transferred into the padded cell.

Penetration tests start by discovering vulnerabilities and then mimic an attack to identify what vulnerabilities can be exploited. It’s important to remember pen tests should not be done without express consent and knowledge from management.

Additionally, since pen tests can result in damage, they should be done on isolated systems whenver possible. Remember black box vs white box, vs gray box testing.

Fault tolerance is a common method used to eliminate single points of failure and increase availability. RAID protects against disk failures, failover clusters protect against server failuers, and UPS and generators protect against power failures. It’s important to remember that fault tolerance does not negate the need for backups.

13. Exam Essentials for Security Operations

Need to Know & The principle of least privilege are two standard IT security principles implemented in secure networks. They limit access to data and system so that users and other subjects have access only to what they require.
When these principles are not followed, security incidents result in far greater damage to an organization.

Separation of duties is a basic security principle that ensures that no single person can control all the elements of a critical function or system.

Job rotation, employees are rotated into different jobs or tasks are assigned to different employees.

Collusion is an agreement among multiple persons to perform some unauthorized or illegal actions.

Privileged entities are trusted, but they can abuse their privileges, Because of this, it’s important to monitor all assignment of privileges and the use of privileged operations.

Sensitive information is any type of classified information, and proper management helps prevent unauthorized disclousr resulting in a loss of confidentiality.

Proper management includes marking, handling, storing and destroying sensitive information. The two areas where organization often miss the mark are adequately protecting backup media holding sensitive information and sanitizing media or equipment when it is at the end of its life cycle.

record retention policies ensure that data is kept in a usable state while it is needed and destroyed when it is no longer needed. many laws and regulations mandate keeping data for a specific amount of time, but in the absence of formal regulations, organizations specify the retention period within a policy. Audit trail data needs to be kept long enough to reconstruct past incidents, but the organization must identify how far back they want to investigate. A current trend with many organization sis to reduce legal liabilities by implementing short retention policies with email.

Patch management ensures that systems are kept up-to-date with current patches. you should know that an effective patch management program will evaluate, test, approve, and deploy patches. additionally, be aware that system audits verify the deployment of approved patches to systems. Patch management is often intertwined with change and configuration management to ensure that documentation reflects the changes. when an organization does not have a patch management program it will often experience outages and incidents from known issues that could have been prevented.

Vulnerability management includes routine vulnerability scans and periodic vulnerability assessments. Vulnerability scanners are used to detect known security vulnerabilities and weaknesses such as the absence of patches or weak passwords. They are used to generate reports that indicate the technical vulnerabilities of a system and are an effective check for a patch management program. Vulnerability assessments extend beyond just technical scans and can include reviews and audits to detect vulnerabilities.

Many outages and incidents can be prevented with effective configuration and change management programs. Configuration management ensures that systems are configured similarly and the configuration of systems are known and documented. Baselining ensures that systems are deployed with a common baseline or starting point, and imaging is a common baselining method. Change management helps reduce outages or weakened security from unauthorized changes. A change management process requires changes to be requested, approved, and documented. Versioning uses a labeling or numbering system to track changes in updated versions of software.

Security audits and reviews help ensure that management programs are effective and being followed. They are commonly associated with account management practices and prevent violations with least privilege or need to know principles. However, they can also be performed to oversee patch management, vulnerability management, change management, and configuration management programs.

12. Exam Essentials for Security Architecture, Vulnerabilities, Threats, and Countermeasures

What is multitasking? It is the simultaneous execution of more than one application on a computer and is managed by the operating system.
What is multithreading? Multithreading permits multiple concurrent tasks to be performed within a single process.
Multiprocessing? It is the use of more than one processor to increase computing power.
Multiprogramming? It is similar to programming but takes place on mainframe systems and requires specific programming.

Single State Processors are capable of operating at only one security level at a time. Multistate processors can simultaneously operate at multiple security levels.

Four security modes approved by the federal government for processing information are:
Dedicated systems require that all users have appropriate clearance, access permissions, and need to know for all information stored on a system.
System high mode removes the need-to-know requirement and the access permission requirement. Multilevel mode removes all three requirements.

Two layered operating modes used by most modern processors:
User applications operate in a limited instruction set environment known as user mode. the operating system performs controlled operations in privilged mode, also known as system mode, kernel mode, and supervisory mode.

Types of memory in a computer:
ROM, nonvolatile and can’t be written to by the user
PROM, can be written to by the user
EPROM may be erased using ultraviolet light and then can have new data written.
EEPROM can be erased with electrical current and then have new data written on them.
RAM are volatile and lose their contents when the computer is off.

Security issues surrounding memory components:
3 main security issues:
Data may remain on the chip after power is removed.
Memory chips is highly pilferable
Control of access to memory in a multiuser system.

Describe the different characteristics of storage devices used by computers.
Primary storage is the same as memory
Secondary storage consists of magnetic and optical media that must be first read into primary memory before the CPU can use the data.
Random access storage devices can be read at any point, whereas sequential access devices require scanning through all the data physically stored before the desired location.

There are three main security issues surrounding secondary storage devices: removable media can be used to steal data, access controls must be applied to protect data, and data can remain in media after file deletion or media formatting.

Understand security risks that input and output devices can pose.
They are subject to eavesdropping and tapping, used to smuggle data out of an organization or used to create unauthorized, insecure points of entry into an organization’s system and networks. be prepared to recognize and mitigate such vulnerabilities.

Working with legacy PC devices requires some understanding or IRQs, DMA, and memory-mapped I/O. Be prepared to recognize and work around potential address conflicts and misconfigurations and to integrate legacy devices with Plug and Play counterparts.

Firmware is the software stored on a ROM chip. At the computer level, it contains the basic instructions to start a computer. Firmware is used to provide operating instructions in peripheral devices such as printers.

Process isolation ensures that individual processes can access only their own data.
Layering creates different realms of security within a process and limits communication between them.
Abstraction creates “black-box” interfaces for programmers to use without requiring knowledge of an algorithm’s or device’s inner workings.
Data hiding prevents information from being read from a different security level
Hardware segmentation enforces process isolation and physical controls.

The role of a security policy is to inform and guide the design, development, implementation, testing, and maintenance of some particular system.

Cloud computing is a popular term referring to a concept of computing where processing and storage are performed elsewhere over a network connection rather than locally.
AKA Internet-based computing.

Least privilege ensures that only a minimum number of processes are authorized to run in supervisory mode.
Separation of privilege increases the granularity of secure operations. Accountability ensures that an audit trail exists to trace operations back to their source.

Avoiding single points of failure includes incorporating fault-tolerant systems and solutions into an environment’s design. Fault tolerant systems include redundant or mirrored systems, TFTP servers, and RAID. You should also address power issues and maintain a backup solution.

A covert channel is any method that is used to pass information but that is not normally used for information.

A buffer overflow occurs when the programmer fails to check the size of input data prior to writing the data into a specific memory location. In fact, any failure to validate input data could result in a security violation.

In addition to buffer overflows, programmers can leave back doors and privileged programs on a system after it is deployed. Even well-written systems can be susceptible to time-of-check-to-time-of-use (TOCTTOU) attacks. Any state change could be a potential window of opportunity for an attacker to compromise a system.

11. Exam Essentials for Principles of Security Models, Design, and Capabilities

know the details about each of the access control models and their functions:
The state machine model ensures that all instances of subjects accessing objects are secure.
The information flow model is designed to prevent unauthorized, insecure, or restricted information flow.
The noninterference model prevents the actions of one subject from affecting the system state or actions of another subject.
The Take-Grant model dictates how rights can be passed from subject to another or from a subject to an object.
An access control matrix is a table of subjects and objects that indicates the actions or functions that each subject can perform on each object.
Bell-LaPadula subjects have a clearance level that allows them to access only those objects with corresponding classification levels and below, plus its based on need to know at the current level.
Biba prevents subjects w2ith lower security levels from writing to objects at higher security levels.
Clark-Wilson is an integrity model that relies on auditing to ensure that unauthorized subjects cannot access objects and that authorized users access objects properly.
Biba and Clark-Wilson enforce integrity.
Goguen-Meseguer and Sutherland focus on integrity.
Graham-Denning focuses on the secure creation and deletion of both subjects and objects.

Know the definitions of certification and accreditation.
Certification is the technical evaluation of each part of a computer system to assess its concordance with security standards.
Accreditation is the process of formal acceptance of a certified configuration from a designated authority.

Describe open and closed systems
Open systems are designed using industry standards and are usually easy to integrate with other open systems.
Closed systems are generally proprietary hardware and/or software. Their specifications are not nromally published, and they are usually harder to integrate with other systems.

Confinement, Bounds, and Isolation
Confinement restricts a process to reading from and writing to certain memory locations.
Bounds are the limits of memory a process cannot exceed when reading or writing.
Isolation is the mode a process runs in when it is confined through the use of memory bounds.

Objects and Subjects
Subjects are users or processes that make requests for access to a resource
Objects are the resource.
Security controls use access rules to limit access by a subject to an object.

Here is a list of classes of the TCSEC, ITSEC, and Common Criteria.
D F-D+E0 EAL0, EAL1 Minimal/no protection
C1 F-C1+E1 EAL2 Discretionary security mechanisms
C2 F-C2+E2 EAL3 Controlled access protection
B1 F-B1+E3 EAL4 Labeled security protection
B2 F-B2+E4 EAL5 Structured security protection
B3 F-B3+E5 EAL6 Security domains
A1 F-B3+E6 EAL7 Verified security design

A TCB or Trusted Computing Base is the combination of hardware, software, and controls that form a trusted base that enforces the security policy.

A security perimeter is the imaginary boundary that separates the TCB from the rest of the system. TCB components communicate with non-TCB components using trusted paths.

The reference monitor is a logical part of the TCB that confirms whether a subject has the right to sue a resource prior to granting access. The security kernel is the collection of the TCB components that implement the functionality of the reference monitor.

Common security capabilities include memory protection, virtualization, and trusted platform module (TPM).