Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

please help with questions in picture Review Questions 1. What is the difference

ID: 3911145 • Letter: P

Question

please help with questions in picture

Review Questions 1. What is the difference between a threat agent and a threat? 2. What is the difference between vulnerability and exposure? 3. How is infrastructure protection (assuring the security of utility services) related to information security? 4. What type of security was dominant in the early years of computing? 5. What are the three components of the C.I.A. triad? What are they used for? 6. If the C.L.A. triad is incomplete, why is it so commonly used in security? 7. Describe the critical characteristics of information. How are they used in the study of computer security? 8. Identify the six components of an information system. Which are most directly affected by the study of computer security? Which are most commonly associated with its study? 9. What system is the predecessor of almost all modern multiuser systems? 10. Which paper is the foundation of all subsequent studies of computer security? 11. Why is the top-down approach to information security superior to the bottom-up approach? 12. Why is a methodology important in the implementation of information security? How does a methodology improve the process? 13. Which members of an organization are involved in the security systems development life cycle? Who leads the process? 14. How can the practice of information security be described as both an art and a science? How does the view of security as a social science influence its practice? 15. Who is ultimately responsible for the security of information in the organization? 16. What is the relationship between the MULTICS project and the early development of computer security?

Explanation / Answer

1) The word “threat” usually stands for a category of things that pose a potential danger. Viruses, worms, and other types of malware, for example, are threats. A “threat agent,” by contrast, is a specific threat, or a specific type of virus, worm, or other malware. For example, the Blaster Worm is a threat agent.

2) A vulnerability, according to MITRE’s CVE Terminology, is a mistake in software that can be used by a hacker to gain access to a system. A vulnerability:

An exposure is defined by MITRE’s CVE Terminology as a system configuration issue or a mistake in software that allows access to information or capabilities that can be used by a hacker as a stepping-stone into a system or network. An exposure:

3) The availability of information assets is dependent on having information systems that are reliable and that remain highly available.

4) In the early years of computing when security was addressed at all, it dealt only with the physical security of the computers themselves and not the data or connections between the computers. This led to circumstances where most information being stored on computers was vulnerable since information security was often left out of the design phase of most systems.

5)

The three components of the C.I.A. are:

Confidentiality (assurance that the information is shared only among authorized persons or organizations);

Integrity (assurance that the information is complete and uncorrupted); and

Availability (assurance that the information systems and the necessary data are available for use when they are needed).

These three components are frequently used to conveniently articulate the objectives of a security program that must be used in harmony to assure an information system is secure and usable.

6) The CIA triangle is commonly used in security because it addresses the fundamental concerns of information: confidentiality, integrity, and availability. It is still used when not complete because it addresses all of the major concerns with the vulnerability of information systems.

7)

The critical characteristics of information define the value of information. Changing any one of its characteristics changes the value of the information itself. There are seven characteristics of information:

- Availability enables authorized users - either persons or computer systems - to access information without interference or obstruction, and to receive it in the required format.

- Accuracy occurs when information is free from mistakes or errors and it has the value that the end user expects.

- Authenticity of information is the quality or state of being genuine or original, rather than a reproduction or fabrication. Information is authentic when it is in the same state in which it was created, placed, stored, or transferred.

- Confidentiality is achieved when disclosure or exposure of information to unauthorized individuals or systems is prevented. Confidentiality ensures that only those with the rights and privileges to access information are able to do so.

- Integrity of information is maintained when it is whole, complete, and uncorrupted.

- Utility of information is the quality or state of that information having value for some purpose or end. Information has value when it serves a particular purpose.

- Possession of information is the quality or state of ownership or control of some object or item. Information is said to be in one's possession if one obtains it, independent of format or other characteristics.

8)

The six components are software, hardware, data, people, procedures, and networks.

People would be impacted most by the study of computer security. People can be the weakest link in an organization's information security program. And unless policy, education and training, awareness, and technology are properly employed to prevent people from accidentally or intentionally damaging or losing information, they will remain the weakest link. Social engineering can prey on the tendency to cut corners and the commonplace nature of human error. It can be used to manipulate the actions of people to obtain access information about a system.

Procedures, written instructions for accomplishing a specific task, could be another component, which will be impacted. The information system will be effectively secured by teaching employees to both follow and safeguard the procedures. Following procedure reduces the likelihood of employees erroneously creating information insecurities. Proper education about the protection of procedures can avoid unauthorized access gained using social engineering. Hardware and software are the components that are historically associated with the study of computer security. However, the IS component that created much of the need for increased computer and information security is networking.

9) MULTICS

10) Rand Report R-609, sponsored by the Department of Defense.

Related Questions

please help with all questions if possible A 28-year-old graduate student compla
Question #253771
please help with all questions on page 2. Which of the following is a r test sta
Question #3326085
please help with answers for (c) mine are incorrect Homework: HOMEWORK 2, CHAPTE
Question #3275214
please help with answers for (c) mine are incorrect Homework: HOMEWORK 2, CHAPTE
Question #3301823
please help with attached Determine whether the random variable is discrete or c
Question #3438875
please help with b 1. Your boss tells you to load a VERY heavy box onto a truck.
Question #1321087
please help with both parts and i will rate! thank you! You work at a garden sto
Question #1529297
please help with both parts of the question :) A reaction of importance in the f
Question #532153

Navigate

Previous
please help with questions C. Short-Answer Questions ? Narneat least five surtac
Next
please help with requirements 3 and 4! Chapter 6 Fall 2017 (- ezto.mheducation.c

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.