Which of the following is the most crucial element used in the mandatory access control? (Wentz QOTD)
A. Access control matrix
B. Capability table
C. Access control list
D. Security clearance

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is D. Security clearance.

Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams and an informative reference for security professionals.

A picture is worth a thousand words. The Access Control Matrix can be treated as the logical “repository” of authorization data (rights and permissions), composed of access control lists from the object’s perspective and capability tables from the subject’s perspective. It reflects the owner’s discretion at authorization. However, not every system implements a full construct of the access control matrix. For example, Microsoft’s Printer, Shared Folders, and NTFS permissions are ACL-based.

On the contrary, a mandatory access control mechanism typically relies on matching “labels,” aka lattice-based. After being classified, a resource or object is marked for identification and labeled for access control in a trusted computer system. A user or subject is granted a security clearance after a formal background check or investigation. The security clearance is transformed to a label in a trusted computing system so that labels of subjects and objects can be matched for authorization.

Reference

• Clearance
• System high mode

---

以下哪個是強制訪問控制(MAC)中使用的最關鍵的元素？ (Wentz QOTD)
A. 訪問控制矩陣
B. 能力表
C. 訪問控制列表
D. 安全許可