[Cisspstudy] Databases and cryptography

Mike Archuleta mlarchuleta at gmail.com
Sat Sep 19 19:28:14 EDT 2009 

I remember this question.  It is the most correct answer based on  
wording.  After realizing that answer included placed with autorized  
users.

I think I argued with myself for five minutes.  Who places a database  
near authorized users? I put a database in the data center with aal my  
servers and backup systems.

Sent from my iPhone

On Sep 19, 2009, at 5:19 PM, Andrea Gatta <andrea.gatta at gmail.com>  
wrote:

> Well, same here.
>
> Unfortunately the question is from the official ISC2 guide, page  
> 747  ;-)
>
> Point is, any chance they got it wrong ?
>
> Andrea
>
> On Sun, Sep 20, 2009 at 12:15 AM, Mike Archuleta <mlarchuleta at gmail.com 
> > wrote:
> I would think niether improve or reduce availability.  I don't think  
> if crypto as an availability feature.
>
> Sent from my iPhone
>
>
> On Sep 19, 2009, at 5:06 PM, Andrea Gatta <andrea.gatta at gmail.com>  
> wrote:
>
> Hi there,
> I am wondering if anyone could shed a light on the following  
> question (and answer):
>
> In terms of databases, cryptography can:
>
> - only restrict and reduce availability
>
> - improve availability by allowing data to be easily placed where  
> authorized users can access it
>
> - improve availability by increasing the granularity of the access  
> controls
>
> - neither reduce or improve availability
>
>
> As far as the author of the question is concerned the correct answer  
> is: "improve availability by allowing data to be easily placed where  
> authorized users can access it"
>
> The only reason I can think of for the answer to have a sense is  
> that cryptography protects a resource from unauthorized users access  
> through the mean of concealing its content.
>
> With a very long shot one could say that the resource would be  
> "available" just to authorizaed users. Which means that this  
> question uses "availability" in a very extensive - and I would add  
> divious - way.
>
> As far as I am concerned encryption does provide confidentiality and  
> integrity as natural security services.
>
> Thoughts ?
>
> Thanks
> Andrea
> _______________________________________________
> cisspstudy mailing list
> cisspstudy at cccure.org
> http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>
> _______________________________________________
> cisspstudy mailing list
> cisspstudy at cccure.org
> http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>
> _______________________________________________
> cisspstudy mailing list
> cisspstudy at cccure.org
> http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20090919/06646300/attachment.html>

More information about the cisspstudy mailing list