24 Questions
What is a characteristic of Primary Security Services?
They are wholly embedded within a domain element
What is the purpose of Secondary Security Services?
To secure the communications between elements in a domain
What is an example of Primary Security Services?
A service that provides confidentiality to an application element
What is a key difference between Primary and Secondary Security Services?
Primary services operate within an element, while secondary services operate between elements
What is the scope of Primary Security Services?
Within a single element
What is the deployment characteristic of Secondary Security Services?
Has a secondary deployment such as in layer 7 of the OSI stack
What is an example of the functionality provided by Primary Security Services?
Confidentiality
What is the primary focus of Secondary Security Services?
Securing the communication between elements
What is implied by an authorisation service?
An authentication service, mechanisms, components, and activities
What is the primary purpose of user authentication for external connections?
To control access by remote users and associate domains
At how many different domain levels should appropriate authentication methods be implemented?
At least three different domain levels
What is necessary for inter-domain security?
A means of associating the domains together
Which of the following is a component of an authorisation service?
Mechanisms, components, and activities
What is the purpose of authentication mechanisms in an authorisation service?
To authenticate users and authorise access
What is the primary characteristic of implicit security services?
They secure the domain from within
What is an example of an explicit security service?
Requesting service from common services domain through an API
What is the role of application adaptors in the context of an enterprise common security API?
To convert the calls from 3rd party applications into those of the ECSS
What is the difference between primary and secondary services in the context of implicit security services?
Both primary and secondary services are implicit
How do explicit security services interact with other domains?
They are explicitly requested from one domain to another
What is the purpose of an enterprise common security API?
To enable cross-domain security services
What is an example of a domain that may request explicit security services?
Applications domain
How do implicit security services differ from explicit security services?
Implicit services are requested from one domain to another, while explicit services secure the domain from within
What is the benefit of using an enterprise common security API?
It enables cross-domain security services
What is the relationship between domains in the context of explicit security services?
One domain requests service from another domain
Study Notes
Implicit Security Services
- Implicit security services secure the domain from within
- They are not explicitly requested from one domain to another
- Example: Providing 'application security' from within the applications domain
Explicit Security Services
- Explicit security services are explicitly requested from one domain to another
- They secure one domain by delivering service from another domain
- Example: Applications domain requests service from common services domain through an API
Enterprise Common Security API
- Application Adaptors are software modules that convert calls from 3rd party applications into those of the ECSS
- They enable communication between Enterprise Applications and Third-Party Vendors
Primary Security Services
- Primary security services are wholly embedded within a domain element
- They provide security functionality that secures the element
- Example: A primary service wholly contained within an application element secures the application to specified functionality (such as confidentiality)
Secondary Security Services
- Secondary security services operate between elements in a domain
- They secure the communications between the elements
- Example: A secondary service between elements in an application domain secures the communication between them to specified functionality (such as confidentiality)
Additional Security Concepts
- Authentication services are required to control access by remote users and to associate domains together
- Appropriate authentication methods should be used to control access by remote users
- Authentication mechanisms should be implemented on at least three different domain levels (external users & networks, & internal networks)
This quiz covers implicit security services that secure a domain from within. It's an important concept in the field of information security.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free
