Information Security Review
A limited time offer! Get a custom sample essay written according to your requirements urgent 3h delivery guaranteedOrder Now
Answer each question completely. This information is from Chapter 1 in your textbook. Submit your completed file through the ASGN_C1 assignment in Blackboard. For information on how to submit assignments, refer to SUBMITTING ASSIGNMENTS IN BLACKBOARD located in Course Materials.
1. What is the difference between a threat agent and a threat?
A threat is a general term used to describe a category of items that present a risk in jeopardizing the safety of an asset. A threat agent is a more specific term used to describe an exact piece of a threat. For example, all kitchen appliances pose a threat to those who use them, while a gas stove is a specific threat agent in this case.
2. What is the difference between vulnerability and exposure?
Vulnerability is a flaw in a system that leaves it open to damage. Exposure occurs when the vulnerability is known, or exposed, to an attacker. A car that is kept unlocked is an example of vulnerability. Exposure occurs when a thief knows that the car is kept unlocked.
3.How is infrastructure protection (assuring the security of utility services) related to information security?
Information security includes the protection of information assets in storage, processing, or transmission. To assure the security of things such as schools, prisons, toads, and power plants, the confidentiality and integrity of information must be protected.
4.What type of security was dominant in the early years of computing?
Physical controls (badges, keys, etc.) were dominant during World War II, because one of the main threats at that time was physical theft of equipment.
5. What are the three components of the CIA triangle? What are they used for?
The three components of the CIA triangle are confidentiality, integrity, and availability of information. These components are used as the industry standard for computer security and they describe the utility of information.
6.If the C.I.A. triangle is incomplete, why is it so commonly used in security?
The C.I.A. triangle is commonly used because it has grown into “a collection of events, including accidental or intentional damage, destruction, theft, unintended or unauthorized modification, or other misuse from human or nonhuman threats”, to reflect a continuously changing environment.
7.Describe the critical characteristics of information. How are they used in the study of computer security?
Availability gives users access to information without interference and in the required format.
Accuracy means that the information meets the user’s expectations and has no errors.
Authenticity provides users with original information that is not a reproduction.
Confidentiality occurs when information is only available to authorized users.
Integrity means that the information is free from corruption or damage.
Utility is when information has value and can serve a purpose.
Possession means having ownership of an item.
The critical characteristics of information give value to the information.
8. Identify the six components of an information system. Which are most directly affected by the study of computer security? Which are most commonly associated with its study?
The six components of an information system are software, hardware, data, people, procedures, and networks. The most directly affected by the study of computer security are hardware, people, procedures, and networks. The most commonly associated are software, hardware, and data. 9.What system is the father of almost all modern multiuser systems?
10. Which paper is the foundation of all subsequent studies of computer
Rand Report 609
11. Why is the top-down approach to information security superior to the bottom-up approach?
The top-down approach is initiated by upper management and is successful because it has strong upper-management support. The bottom-up approach lacks participant support and organizational staying power.
12.Why is a methodology important in the implementation of information security? How does a methodology improve the process?
A methodology helps establish key milestones and goals. It ensures a rigorous process and increases the probability of success.
13.Which members of an organization are involved in the security system development life cycle? Who leads the process? The members involved in the security system development life cycle are the Chief Information Officer, Chief Information Security Officer, Champion, Team Leader, Security Policy Developer, Risk Assessment Specialist, Security Professional, System Administrators, and End Users. Senior management has the overall lead in the process, but delegations may be made to the Champion or Team Leader.
14.How can the practice of information security be described as both an art and a science? How does security as a social science influence its practice?
Information security can be described as an art because no hard rules apply and there are many solutions that are universally accepted. It can be described as a science because it deals with high performance technology and almost every malfunction is a result of the interaction between specific hardware and software. Security as a social science looks at the way people interact with the system. From these observations, security administrators can lower the level of risk caused by the end user.
15. Who is ultimately responsible for the security of information in the organization? The Chief Information Security Officer
16.What is the relationship between the MULTICS project and early development of computer security? MULTICS had planned security with multiple security levels and passwords.
17.How has computer security evolved into modern information security? Constantly changing environments create a need for revision and modernizing of information security.
18.What was important about Rand Report R-609?
Rand Report R-609 aimed to define multiple means of protection for multilevel computer systems.
19. Who decides how and when data in an organization will be used and or controlled? Who is responsible for seeing these wishes are carried out?
The Chief Information Officer, the Chief Information Security Officer, and the Information Security Project Team
20.Who should lead a security team? Should the approach to security be more managerial or technical?
The champion or team leader should lead the security team. The approach should be more managerial so that there is accountability.