What principle focuses on the uniqueness of separate ob…

What principle focuses on the uniqueness of separate objects that must be joined together to perform a task? It
is sometimes referred to as “what each must bring” and joined together when getting access or decrypting a
file. Each of which does not reveal the other.

What principle focuses on the uniqueness of separate objects that must be joined together to perform a task? It
is sometimes referred to as “what each must bring” and joined together when getting access or decrypting a
file. Each of which does not reveal the other.

A.
Dual control

B.
Separation of duties

C.
Split knowledge

D.
Need to know

Explanation:
Split knowledge involves encryption keys being separated into two components, each of which does not reveal
the other. Split knowledge is the other complementary access control principle to dual control. In cryptographic
terms, one could say dual control and split knowledge are properly implemented if no one person has access to
or knowledge of the content of the complete cryptographic key being protected by the two processes. The
sound implementation of dual control and split knowledge in a cryptographic environment necessarily means
that the quickest way to break the key would be through the best attack known for the algorithm of that key. The
principles of dual control and split knowledge primarily apply to access to plaintext keys. Access to
cryptographic keys used for encrypting and decrypting data or access to keys that are encrypted under a
master key (which may or may not be maintained under dual control and split knowledge) do not require dual
control and split knowledge. Dual control and split knowledge can be summed up as the determination of any
part of a key being protected must require the collusion between two or more persons with each supplying
unique cryptographic materials that must be joined together to access the protected key. Any feasible method
to violate the axiom means that the principles of dual control and split knowledge are not being upheld. Split
knowledge is the unique “what each must bring” and joined together when implementing dual control. To
illustrate, a box containing petty cash is secured by one combination lock and one keyed lock. One employee is
given the combination to the combo lock and another employee has possession of the correct key to the keyed
lock. In order to get the cash out of the box both employees must be present at the cash box at the same time.
One cannot open the box without the other. This is the aspect of dual control. On the other hand, split
knowledge is exemplified here by the different objects (the combination to the combo lock and the correct
physical key), both of which are unique and necessary, that each brings to the meeting. Split knowledge
focuses on the uniqueness of separate objects that must be joined together Dual control has to do with forcing
the collusion of at least two or more persons to combine their split knowledge to gain access to an asset. Both
split knowledge and dual control complement each other and are necessary functions that implement the
segregation of duties in high integrity cryptographic environments. The following are incorrect answers: Dual
control is a procedure that uses two or more entities (usually persons) operating in concert to protect a system
resource, such that no single entity acting alone can access that resource. Dual control is implemented as a
security procedure that requires two or more persons to come together and collude to complete a process. In a
cryptographic system the two (or more) persons would each supply a unique key, that when taken together,
performs a cryptographic process. Split knowledge is the other complementary access control principle to dual
control Separation of duties – The practice of dividing the steps in a system function among different individuals,
so as to keep a single individual from subverting the process The need-to-know principle requires a user having
necessity for access to, knowledge of, or possession of specific information required to perform official CISSP
tasks or services.

Schneiter, Andrew (2013-04-15).Official (ISC)2 Guide to the CISSP CBK, Third Edition : Cryptography (Kindle
Locations 1621-1635). . Kindle Edition.
Schneiter, Andrew (2013-04-15). Official (ISC)2 Guide to the CISSP CBK, Third Edition : Cryptography (Kindle
Locations 1643-1650). Kindle Edition.
Shon Harris, CISSP All In One (AIO), 6th Edition , page 126



Leave a Reply 0

Your email address will not be published. Required fields are marked *