[Cisspstudy] Databases and cryptography

Andrea Gatta andrea.gatta at gmail.com
Sat Sep 19 19:41:36 EDT 2009 

So I guess I should actually watch out for these sort of questions in the
real exam...

Andrea

On Sun, Sep 20, 2009 at 12:28 AM, Mike Archuleta <mlarchuleta at gmail.com>wrote:

> I remember this question.  It is the most correct answer based on wording.
>  After realizing that answer included placed with autorized users.
>
> I think I argued with myself for five minutes.  Who places a database near
> authorized users? I put a database in the data center with aal my servers
> and backup systems.
>
> Sent from my iPhone
>
> On Sep 19, 2009, at 5:19 PM, Andrea Gatta <andrea.gatta at gmail.com> wrote:
>
> Well, same here.
>
> Unfortunately the question is from the official ISC2 guide, page 747  ;-)
>
> Point is, any chance they got it wrong ?
>
> Andrea
>
> On Sun, Sep 20, 2009 at 12:15 AM, Mike Archuleta < <mlarchuleta at gmail.com>
> mlarchuleta at gmail.com> wrote:
>
>> I would think niether improve or reduce availability.  I don't think if
>> crypto as an availability feature.
>>
>> Sent from my iPhone
>>
>>
>> On Sep 19, 2009, at 5:06 PM, Andrea Gatta < <andrea.gatta at gmail.com>
>> andrea.gatta at gmail.com> wrote:
>>
>>  Hi there,
>>> I am wondering if anyone could shed a light on the following question
>>> (and answer):
>>>
>>> In terms of databases, cryptography can:
>>>
>>> - only restrict and reduce availability
>>>
>>> - improve availability by allowing data to be easily placed where
>>> authorized users can access it
>>>
>>> - improve availability by increasing the granularity of the access
>>> controls
>>>
>>> - neither reduce or improve availability
>>>
>>>
>>> As far as the author of the question is concerned the correct answer is:
>>> "improve availability by allowing data to be easily placed where authorized
>>> users can access it"
>>>
>>> The only reason I can think of for the answer to have a sense is that
>>> cryptography protects a resource from unauthorized users access through the
>>> mean of concealing its content.
>>>
>>> With a very long shot one could say that the resource would be
>>> "available" just to authorizaed users. Which means that this question uses
>>> "availability" in a very extensive - and I would add divious - way.
>>>
>>> As far as I am concerned encryption does provide confidentiality and
>>> integrity as natural security services.
>>>
>>> Thoughts ?
>>>
>>> Thanks
>>> Andrea
>>> _______________________________________________
>>> cisspstudy mailing list
>>>  <cisspstudy at cccure.org>cisspstudy at cccure.org
>>>  <http://cccure.org/mailman/listinfo/cisspstudy_cccure.org>
>>> http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>>>
>>
>> _______________________________________________
>> cisspstudy mailing list
>>  <cisspstudy at cccure.org>cisspstudy at cccure.org
>>  <http://cccure.org/mailman/listinfo/cisspstudy_cccure.org>
>> http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>>
>
> _______________________________________________
> cisspstudy mailing list
> cisspstudy at cccure.org
> http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>
>
> _______________________________________________
> cisspstudy mailing list
> cisspstudy at cccure.org
> http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20090920/48e1919b/attachment-0001.html>

More information about the cisspstudy mailing list