Information Security Chap 1-2

In: Other Topics

Submitted By cjfavor4406
Words 3982
Pages 16
Principles of Information security textbook problems Chapter 1 & 2 …
Study this se t o nline at: http://www.cram.co m/cards/136 20 58

What is the dif f erence between a threat and a threat agent?

A threat is a constant danger to an asset, whereas a threat agent is the facilitator of an attack.

What is the dif f erence between vulnerability and exposure?

Vu l n e r a b i l i ty i s a fa u l t wi ti n th e s ys te m , s u ch a s s o ftwa r e p a cka g e fl a ws , u n l o cke d d o o r s o r a n u n p r o te cte d s ys te m p o r t. It l e a ve s th i n g s o p e n to a n a tta ck o r d a m a g e . Exp o s u r e i s a s i n g l e i n s ta n ce wh e n a s ys te m i s o p e n to d a m a g e . Vu l n e r a b i l i ti e s ca n i n tu r n b e th e ca u s e o f e xp o s u r e .

Who has the def inition of hack evolved over the last 30 years?

In te e a r l y d a ys o f co m p u ti n g , e n th u s i a s ts we r e ca l l e d h a cks o r h a cke r s , b e ca u s e th e y co u l d te a r a p a r t th e i n s tr u cti o n co d e o r e ve n th e co m p tu e r i ts e l f to m a n i p u l a te i ts o u tp u t. Th e te r m h a cke r a t o n e ti m e e xp r e s s e d r e s p e ct fo r a n o th e r s a b i l i ty. In r e ce n t ye a r s th e a s s o ci a ti o n wi th a n i l l i g a l a cti vi ty h a s n e g a ti vl y ti n g e d th e te r m .

What type of security was dominant in the early years of computing?

Early security was entirely physical security.
C o n fi d e n ti a l i ty: In fo rma ti o n s s h o u l d o n l y b e a c c e s s i b l e to i ts i n te n d e d re c i p i e n ts . In te g ri ty: In fo rma ti o n s h o u l d a rri ve th e s a me a s i t wa s s e n t. Ava i l a b l i l i ty: In fo rma ti o n s h o u l d b e a va i l a b l e to th o s e a u th o ri z e d to u s e i t.

What re the tree components of te CIA triangle and what are they used…...

Similar Documents

Information Security Project 1

...Project: Information Security Project 1 Name: Ashiqul Abir Class: NT2580 Date: 02/28/2013 Information security best practice project: The information security best project was housed within the Oxford University computer emergency response team. The project sought build on the knowledge, commentary and information gathered during the 2009 self-assessment exercise. One of the main objectives of the project was to develop an information security toolkit, which includes the policies, guidelines, documentation and education and awareness programmers. Information security: In a devolved environment, such as a collegiate university, it is imperative that policy should not go into retail about how those objectives should be met. It also defines the scope of the policy and identifies roles and responsibilities for security. Information security toolkit: The example polies can be tailored to suit the individual needs of your department, college or hall. The toolkit focuses on some areas like, IT management Operations Network Management Physical Security Building on the 2009 self-Assessment: The 2009 Self-Assessment exercise asked unit within the collegiate university to assess their current approach to IT operations, management and security against recommended best practice guidelines. The information gathered helped the advisory group to understand where further attention, resource, and best......

Words: 280 - Pages: 2

Information Security Chap 4 Review

...1. What is risk management? Why is the identification of risks, by listing assets and their vulnerabilities, so important to the risk management process? Risk management is the process of identifying risk, as represented by vulnerabilities, to an organization’s information assets and infrastructure, and taking steps to reduce this risk to an acceptable level. Each of the three elements in the C.I.A. triangle, introduced in Chapter 1, is an essential part of every IT organization’s ability to sustain long-term competitiveness. When an organization depends on IT-based systems to remain viable, information security and the discipline of risk management must become an integral part of the economic basis for making business decisions. These decisions are based on trade-offs between the costs of applying information systems controls and the benefits realized from the operation of secured, available systems. 2. According to Sun Tzu, what two key understandings must you achieve to be successful in battle? Know Yourself First, you must identify, examine, and understand the information and systems currently in place within your organization. This is self-evident. To protect assets, which are defined here as information and the systems that use, store, and transmit information, you must know what they are, how they add value to the organization, and to which vulnerabilities they are susceptible. Once you know what you have, you can identify what you are already doing to protect it....

Words: 3053 - Pages: 13

Chap 1 , 2 3,

...Chapter 1,2,4 Homework Jake Fischer BUS- 340 Mr. Ryan Kelly Jake Fischer BUS-340 Oct 2, 2013 Ryan Kelly Chapter 1,2,4 Online Research: Common Law Common law, system of law that prevails in England and in countries colonized by England. The name is derived from the medieval theory that the law administered by the king's courts represented the common custom of the realm, as opposed to the custom of local jurisdiction that was applied in local or manorial courts. In its early development common law was largely a product of three English courts—King's Bench, Exchequer, and the Court of Common Pleas—which competed successfully against other courts for jurisdiction and developed a distinctive body of doctrine. The term "common law" is also used to mean the traditional, precedent-based element in the law of any common-law jurisdiction, as opposed to its statutory law or legislation (see statute), and also to signify that part of the legal system that did not develop out of equity, maritime law, or other special branches of practice.  Chapter 2 - Problems and Problem Cases: Problem 6  Gray v. Tyson Background Jerrie Gray worked at the Tyson Foods facility in Marshall, Missouri from August 6, 1993 to March 16, 1995. During that time, plaintiff was exposed to comments, gestures, and physical contact that she found to be offensive and believed constituted sexual harassment. On February 6, 1997, plaintiff filed suit in this court seeking recovery under both Title......

Words: 446 - Pages: 2

Principles of Information Security Chapter 2 Review Questions

...1. Management is responsible for implementing information security to protect the ability of the organization to function. They must set policy and operate the organization in a manner that complies with the laws that govern the use of technology. Technology alone cannot solve information security issues. Management must make policy choices and enforce those policies to protect the value of the organization’s data. 2. Data is important to an organization because without it an organization will lose its record of transactions and/or its ability to furnish valuable deliverables to its customers. Other assets that require protection include the ability of the organization to function, the safe operation of applications, and technology assets. 3. Both general management and IT management are responsible for implementing information security. 4. The implementation of networking technology has created more risk for businesses that use information technology because business networks are now connected to the internet and other networks external to the organization. This has made it easier for people to gain unauthorized access to the organization’s networks. 5. Information extortion is when an attacker steals information from a computer system and demands compensation for its return or for an agreement not to disclose it. One example could be someone that gains access to PII such as SSN’s through a company’s database and ransoms the information for money. If not paid, he......

Words: 1112 - Pages: 5

Chapter 1-Introduction to Information Security: Principles of Information Security

...Chapter 1-Introduction to Information Security: 1. What is the difference between a threat and a threat agent? A threat is a constant danger to an asset, whereas a threat agent is the facilitator of an attack. 2. What is the difference between vulnerability and exposure? Vulnerability: is a fault within the system, such as software package flaws, unlocked doors or an unprotected system port. It leaves things open to an attack or damage. Exposure: is a single instance when a system is open to damage. Vulnerabilities can in turn be the cause of exposure. 3. How is infrastructure protection (assuring the security of utility services) related to information security? The organization needs to have clear parameters and set regulation when it comes to the protection of itself. Clear goals and objectives when it comes to protection will lead to a better protection on regards to the information security. 4. What type of security was dominant in the early years of computing? Early security was entirely physical security. - EX: Lock and Key 5. What are the 3 components of the CIA triangle and what are they used for? Confidentiality: Information should only be accessible to its intended recipients. Integrity: Information should arrive the same as it was sent. Availability: Information should be available to those authorized to use it. 6. If the CIA triangle is incomplete, why is it so commonly used in security? The CIA triangle is still......

Words: 965 - Pages: 4

Chapter 1 Information Security

...event that has an effect on an asset. In the context of IT security, an asset can be a computer, a database, or a piece of information. Examples of risk include the following: • Losing data • Losing business because a disaster has destroyed your building • Failing to comply with laws and regulations A threat is any action that could damage an asset. Information systems face both natural and human-induced threats. The threats of flood, earthquake, or severe storms require organizations to have plans to ensure that business operation continues and that the organization can recover. A business continuity plan (BCP) gives priorities to the functions an organization needs to keep going. A disaster recovery plan (DRP) defines how a business gets back on its feet after a major disaster like a fire or hurricane. Human-caused threats to a computer system include viruses, malicious code, and unauthorized access. A virus is a computer program written to cause damage to a system, an application, or data. Malicious code or malware is a computer program written to cause a specific action to occur, such as erasing a hard drive. These threats can harm an individual, business, or organization. ability Availability is a common term in everyday life. For example, you probably pay attention to the availability of your satellite TV service, your cell phone service, or a business colleague for a meeting. In the context of information security, availability is generally expressed as the......

Words: 12482 - Pages: 50

Nt2580: Introduction to Information Security Week 2 Essay

...Week 2 Essay Johnathan Terrance NT2580: Introduction to Information Security Brian Alley May 10, 2014 I have been given the task of designing a remote access control policy for establishing secure access between remote offices across several different states. Establishing this policy will protect the company and employees against attacks that may cost them tons of money and even their jobs. The policy will define several different security practices that employees need to adhere to in order to keep the network safe. These policies will be dictated through an AUP and signed by all employees with access to the network. The employees will also have to go through initial information security training before gaining access to the network. This training will also be required annually in order to maintain their access to the network. The AUP will dictate the requirements for passwords. The requirements will include an eight character alphanumeric password, two uppercase letters, two lowercase letters, two special characters, and two numbers. This will make it more difficult for the password to be breached. The AUP will also state that the company systems will only be used for work related purposes. All social networking sites and many other miscellaneous sites will be blocked. The user will also have to consent to monitoring when signing the AUP. Users will only be given access to files they need through the use of an ACL. This way if a password is breached the hacker will...

Words: 617 - Pages: 3

Summary of Hrm Chap 1 and 2

...Summary of Chapter 1: Introduction to HRM The book further provides a detailed explanation of the Line Managers’ Human Resource Duties like placing the right person on the right job, starting new employees in the organization (orientation), training employees for jobs that are new to them, improving the job performance of each person etc. In order to carry out this specialized assistance, the HR managers carries out three distinct functions, A line function, A coordinative function and Staff function. New approaches to Organizing HR have also been discussed with four specific points, the transactional HR, corporate HR, embedded HR and the centers of expertise, these are four groups within which the employees try to organize themselves. To further clear the concept of new approaches three different examples have also been shared. Then the chapter proceeds to how some trends are shaping up the HR management. Trends like, globalization, competition, technological innovations etc. are drastically changing the whole human resource management system. Due to globalization, trade groups like NAFTA, SAARC are formed which requires partnerships, job offshoring and more employment, this leads to training the employees to learn the culture and tradition of foreign countries to work in a congenial environment. Technological trends has enabled the introduction of high-tech jobs, new service jobs requiring technological expertise encouraging the knowledge workers and thus increasing the......

Words: 1209 - Pages: 5

Principles of Information Security Ch. 1 Questions

...Review Questions 1. What is the difference between a threat agent and a threat? 2. What is the difference between vulnerability and exposure? 3. How is infrastructure protection (assuring the security of utility services) related information security? 4. What type of security was dominant in the early years of computing? 5. What are the three components of the C.I.A. triangle? What are they used for? 6. If the C.I.A. triangle is incomplete, why is it so commonly used in security? 7. Describe the critical characteristics of information. How are they used in the study computer security? 8. Identify the six components of an information system. Which are most directly affected by the study of computer security? Which are most commonly associated with its study? 9. What system is the father of almost all modern multiuser systems? 10. Which paper is the foundation of all subsequent studies of computer security? 11. Why is the top-down approach to information security superior to the bottom-up approach? 12. Why is a methodology important in the implementation of information security? How does a methodology improve the process? 13. Which members of an organization are involved in the security system development life cycle? Who leads the process? 14. How can the practice of information security be described as both an art and a science? How does security as a social science influence its practice? ...

Words: 326 - Pages: 2

Unit 1 - Information Security Policy

...Head: UNIT 1 ASSIGNMENT Unit 1 - Information Security Policy Regina Sykes Kaplan University Abstract ------------------------------------------------- This paper will provide information on the purpose of a security policy and components of a security policy. Additionally, this paper contains information on a specific organization and the unique important items the organization choose to establish security policies around. Lastly, this paper provides information around the major areas of concern, missing or incomplete information in the policy and areas that are ill-advised in an identified organization’s security policy. Unit 1 - Information Security Policy Introduction Many organizations rely on the use of networks and computers to manage the business. Along with the use of networks and computers to manage the business there is also the need to establish a plan to secure the technology both the network and computers . A security policy is the plan developed with instructions from senior leadership instructing decision makers in the organization on how to protect the organization’s assets (Mattord & Whitman, 2012). There are various components of a security policy which include, statement of policy, equipment usage and access control, prohibited uses regarding equipment, who manages the systems, policies around violations of the policy, modifications and review section and lastly, limits of liability (Mattord & Whitman, 2012). Part 1 Wells......

Words: 2121 - Pages: 9

Chapter 2 Review Questions Principles of Information Security

...1. Information security is more of a management issue because it is up to management to decide what end users should have access to and what they should not. Also technology can only do what it is told to do but if management sets up training to teach end users about the threats of say opening an unknown email then the company is safer. 2. Without data an organization loses its record of transactions and/or its ability to deliver value to its customers. Page 42 Principles of Information Security 3. Both general and It management 4. It has created more and the reason why is it is much easier to spread viruses, worms, etc. now that the can get from system to system without having to attach to a physical disc. 5. Information extortion occurs when an attacker or trusted insider steals information from a computer system and demands compensation for its return or for an agreement not to disclose it. Page 60 Principles of Information Security. An example would be if someone would steal the latest album from a well-known artist before its release date and demanded to be paid or it would be released onto the internet. 6. Employees are one of the biggest threats for several reasons the can accidently allow someone access to the system by installing a back door or it is possible for them to become angry with the company and just hand out IP to rival companies. It is also possible that they could accidently delete valuable data from the system that has no backup. 7. Make sure......

Words: 908 - Pages: 4

Principles of Information Security Chapter 1

...Principles of Information Security, 4th Edition 1 Chapter 1 1 Review Questions 1. What is the difference between a threat agent and a threat? A threat agent is the facilitator of an attack, whereas a threat is a category of objects, persons, or other entities that represents a potential danger to an asset. Threats are always present. Some threats manifest themselves in accidental occurrences and others are purposeful. Fire is a threat; however, a fire that has begun in a building is an attack. If an arsonist set the fire then the arsonist is the threat agent. If an accidental electrical short started the fire, the short is the threat agent. 2. What is the difference between vulnerability and exposure? Vulnerability is a weaknesses or fault in a system or protection mechanism that opens it to attack or damage. Exposure is a condition or state of being exposed. In information security, exposure exists when a vulnerability known to an attacker is present. 3. How is infrastructure protection (assuring the security of utility services) related to information security? The availability of information assets is dependent on having information systems that are reliable and that remain highly available. 4. What type of security was dominant in the early years of computing? In the early years of computing when security was addressed at all, it dealt only with the physical security of the computers themselves and not the data......

Words: 4896 - Pages: 20

Mac10 Review Chap 1 2 3

...Chapter 1+2+3 f ( x)  sin  2  x 2 1. Find the range of A. [0,1] B. [1,1] C. [  ,  ] 9. Find horizontal asymptotes of 3x 2  x  1 x2  x  2 D. [0,  ] 2. Describe how the graph of y = f(x-2)+1 is obtained from graph of y = f(x). A. 2 left, then 1 up. Bộ môn Toán, ĐH FPT Hà Nội B. 2 right, then 1up. A. x = -1 C. y = -3 D. y = 3 10. Find c so that the function is continuous on R  x 2  cx  c  1 if  g ( x)   x 1 2 if x  1  C. 2 right, then 1 down. D. 2 left, then 1 down. 3. Let B. x = 2 f ( g ( x))  2x  3. Then: A. f ( x)  x , g ( x)  2x  3. A. 0 B. f ( x)  2x  3, g ( x)  x. 11. If C. f ( x)  2x , g ( x)  x  3. f ’(1)=27, find h’(1). D. f ( x)  x  3, g ( x)  2x. x 1 A. 3 4. Find limit A. -1/4 x 3 B. 4 C. 1/4 D. -4 s = 3t2 -2t+7. Find average velocity over [2, 4]. B. 24 C. -16 A. (i) (ii) x4-x3+1 (iii) cos x (iv) x4 – x2 B. (iii), (iv) 8. Find limit lim x  3 A. -1 B. ∞ C. (iii) x( x  2) x3 C. -∞ C. 9/4 D. 0 D. 8/27 B. y = 2x-3 C. y = (1/2)x D. y = (-1/2)x + 2 13. The base of a triangle is increasing at a rate of 1cm/s while the area is increasing at 2cm2/s. At what rate is the altitude changing when the base is 5cm and the area is 100cm2? A. -7.2 B. 7.2 C. 40 D. -40 14. Find linear approximation for tan x at a=0. D. (i), (iv) A. L(x) = -x+1 B.......

Words: 731 - Pages: 3

Sp 2750 Key Terms, Chap 1 & 2

...John Doe Week 1 Homework - SP2750 Chapter 1 1. Group - a number of individuals who join together to achieve a goal, several individuals who are interdependent in some way, a number of individuals who are interacting with one another, a social unit consisting of two or more persons who perceive as belonging to a group, a collection of individuals whose interactions are structured roles and norms, a collection of individuals who influence each other, and a collection of individuals who are trying to satisfy some personal need through their joint association. 2. Group dynamics - the scientific study of the nature of groups, behavior in groups, group development, and the interrelations between groups and individuals, other groups, and larger entities. 3. Group effectiveness - the ability of a group to accomplish its goals effectively. 4. Interdependence - the idea that in a group an event that affects one of them affects them all. 5. Role - expectation of the appropriate behavior of an occupant of a position toward other related positions. 6. Norm - common belief regarding group members’ appropriate behavior, attitudes, and perceptions; rules, implicit or explicit, that regulate the behavior of group members. 7. Status - the degree to which an individual’s contribution is crucial to the success and prestige of the group, how much power and control over outcomes that individual has, and the extent to which the person embodies some idealized or admired......

Words: 576 - Pages: 3

Intro to Computer Security Chap 2 Review Questions

...Linda Fernandez Chap 2 Review Questions 1. Why is information security a management problem? What can management do that technology cannot? Both management and IT management are responsible for the protection necessary to secure information. They are the ones who make the decisions regarding the appropriate security system and what level of security will work for the system. 2. Why is data the most important asset an organization possesses? What other assets in the organization require protection? Data is important because it keeps a record of all changes and activity. Without data, the company or organization may fail because they have no records, and therefore be of no good use. 3. Which management groups are responsible for implementing information security to protect the organizations’ ability to function? General Management and IT Management are responsible because it has to be set up for that specific system. If one part fails, then they are the ones to fix it and make it usable 4. Has the implementation of networking technology created more or less risk for businesses that use information technology? Why? Networking has caused more risk for businesses using information technology because it made it much easier for attackers to breach the security systems. They are even more of a target with the internet connection. 5. What is information extortion? Describe how such an attack can cause losses, using an example not found in the......

Words: 1293 - Pages: 6