CISSP Study Guide: The M of N Control Policy | Cybrary (2024)

FAQs

What is the M of N control policy? ›

A protection measure that requires that a minimum number of agents (M) out of the total number of agents (N) work together to perform high-security tasks.

M of N is about sharing the risk and agreeing to use a key

First thing's first — the N represents the number of parts, and the M represents the minimum number of those parts you need to make this process work. The numbers might be three out of four. Or five out of 50.

To apply these measures, controls can be administrative, technical, and physical. Administrative controls are the rules and procedures implemented by the organization. Security awareness training, password administration, background checks are preventive administrative controls.

The term m-of-n describes the precise conditions of a multisig setup, with m being the number of signatures required, and n being the number of authorized keys from which the signatures can come.

To understand access control policies you need to understand four main concepts: users, actions, resources, and relationships. Users are the people who use the system. Resources are objects in the system that need to be protected. Actions are the activities that users can perform on the resources.

At its core, key control refers to the policies, systems, and procedures that govern how keys are issued, tracked, and managed. Key control policies go hand in hand with access control systems because they both ensure only authorized employees or personnel have access to facilities or specific areas.

A master key is a symmetric key that is used to encrypt multiple subordinate keys. Its length will typically be 128 – 256 bits, depending on the algorithm used, and it will have a very long life, possibly even indefinite. It must therefore be well protected, e.g. by using a hardware security module (HSM).

Key escrow (also known as a "fair" cryptosystem) is an arrangement in which the keys needed to decrypt encrypted data are held in escrow so that, under certain circ*mstances, an authorized third party may gain access to those keys.

The three main types of security controls—management, operational, and physical—work together to form a strong security program.

Compensating controls provide contingent or alternative protection to existing controls. For example, PIN code is compensating for the Windows Hello facial recognition.

What are the operational controls for Cissp? ›

A type of security control that focuses on the day-to-day operations of an organization. It includes procedures, policies, and standards that are designed to prevent, detect, and respond to security incidents. Examples of operational controls include access controls, change management, and incident response plans.

The ratio of the sums of m and n terms of an A.P. is m2:n2.

Worked Example: molar mass = mass ÷ moles (M=m/n)

Network access control (NAC), also known as network admission control, is the process of restricting unauthorized users and devices from gaining access to a corporate or private network.

The Control Policy feature provided by the Resource Directory service enables you to manage the permission boundaries of the folders or members in a resource directory in a centralized manner. This feature is implemented based on the resource directory.

Rule-based Access Control allows or denies resource access based on a set of rules and limitations set by the system administrator. For example, Rule-Based Access Control can be used to restrict data access on holidays, or after working hours.