Aggregation versus Inference

 Aggregation & Inference could be confused in CISSP test questions. 

Aggregation is when one can, by simply aggregating data of a lower security level, obtain information of higher security level. For example, if a clerk has access to all transfer individual transfer information of military personnel, using aggregate feature of database, he can also extract the number of personnel in each base. He does not have to deduce anything but just simply aggregate. 

Inference requires a bit of deduction. For example, if a clerk has access to sum of salaries of all personnel in a company in each month, in addition to hire and termination dates of individuals, he can work and infer salaries of each individual whose hire and/or termination date(s) is known to the clerk.   

Air Gapping

 Air gapping is a network security measure that isolates an environment from other environment. 

For example, development, test and production environments could be isolated from each other so that code being developed and in different stages are protected and separated from each other. 

TCSEC (Orange Book) Divisions

 From Wikipedia - Orange book: 

Document	Title	Date	Color
5200.28-STD	DoD Trusted Computer System Evaluation Criteria	August 15, 1983	Orange

Divisions and classes are defined as the following: 

• 2.1D – Minimal protection
• 2.2C – Discretionary protection
• 2.3B – Mandatory protection
• 2.4A – Verified protection
  
  

NOTE: A (verified) has the highest security!

Calculating Annual Loss Expectancy (ALE)

ALE is calculated using the following parameters: 

• Asset value, e.g. the cost of a server or the cost to rebuilt a database. 
• Annualized Rate of Occurrence (ARO). For example, if a a threat, e.g. natural disaster like flood or a man made disaster, intentional or unintentional, like fire, occurs once every 10 years, the rate will be 1/10=0.1
•  Exposure factor: the percentage of damage each time threat occurs. 

Single Loss Expectancy (SLE) = Asset Value * Exposure Factor

ALE= SLE * ARO 

For example, to calculate ALE for a data centre, valued at $100,000 as the result of a flood,  

• in an area where a flood occurs once every 20 years (ARO of 1/20=0.05)
• and if occurs the damage to a data center is 55% (exposure factor of 0.55)

            SLE = $100,00 * 0.55 = $55,000 

            ALE = SLE * 0.05 = $2,750

Metropolitan Area Networks (MANs)

 Metropolitan Area Networks (MANs) usuaully use Synchronous optical networking (SONET) or Fiber Distributed Data Interface (FDDI) technologies as their backbone. 

Both technologies use fiber as their physical medium. 

FDDI was used in local area networks previously to achieve high speeds. However, the use of FDDI has been made obsolete in local networks by Fast Ethernet; Fast Ethernet offers same 100 Mbit/s speeds, but at a much lower cost, since 1998, when Gigabit Ethernet offered Fast Ethernet. 

SONET and synchronous digital hierarchy (SDH) are the same; they are standardized protocols that transfer multiple digital bit streams synchronously over optical fiber. At low transmission rates data can also be transferred via an electrical interface instead of optic. The protocol(s) was developed as a replacement to the plesiochronous digital hierarchy (PDH) system for transporting large amounts of telephone calls and data traffic over the same fiber and overcame the problems of synchronization existed in PDH systems.