Chapter 1 Review Questions and E5
1. what is the difference between a threat agent and a threat?
Threat: a category of objects, persons, or other entities that presents a danger to an asset
Threat agent: the specific instance or component of a threat
2. what is the difference between vulnerability and exposure?
Vulnerability: a weakness or fault in a system or protection mechanism that opens it to attack or damage.
Exposure: a condition or state of being exposed. It exists when a vulnerability known to an attacker is present.
3. how is infrastructure protection (assuring the security of utility services) related to information security?
Information security is the protection of information and it is critical elements,
including the systems and hardware that used, store, and transmit that information, Thus,
assuring the security of utility services are critical elements in information system.
4. what type of security was dominant in the early years of computing?
The type of security was dominant in the early years of computing security was entirely
physical security. And MULTICS was first noteworthy operating system to integrate
security in to its core system.
5. what are the three components of the C.I.A triangle? what are they used for?
1. confidentiality: protect information from disclosure or exposure to unauthorized individuals or systems
2. integrity: when information is whole, complete and uncorrupted
3. availiability: allows authorized users to access information without intereference or obstruction and to
receive it in the required format
C.I.A. : the industry standard for computer security since the development of the mainframe
6. if the C.I.A. triangle is incomplete, why is it so commonly used in security?
The CIA triangle is still used because it addresses the major concerns with the vulnerability
of information systems. It contains three major characteristic confidentiality, integrity and
availability which are important even today.
7. describe the critical characteristics of information. how are they used in the study of computer security?
Availability: Authorised users can access the information
Accuracy: free from errors
Confidentiality: preventing disclosure to unauthorized individuals.
Integrity: whole and uncorrupted.
Utility: has a value for some purpose
8. Identifiy the six components of an information system. which are most directly affected by the study of computer security? which are most commonly associated with its study?
9. what system is the father of almost all modern multiuser systems?
Mainframe computer systems
10. which paper is the foundation of all susbsequent studies of computer security?
Rand Report R-609
11. why is the top-down approach to information security superior to the bottom-up approach?
Bottom up lacks a number of critical features such as participant support and
organizational staying power, whereas top down has strong upper management
support, dedicated funding, clear planning and the oppertunity to influence organizations culture.
12. why is a methodology important in the implementation of information security? how does a methodology improve the process?
A formal methodology ensures a rigorus process and avoids missing steps.
13. which members of an organization are involved in the security system development life cycle? who leads the procees?
Security professionals are involved in the SDLC. Senior magagement, security project team and data owners are
leads in the project.
14. How can the practice of information security be described as both an art and a science? how does security as a social science influence its practice?
Art because there are no hard and fast...
Please join StudyMode to read the full document