You are on page 1of 3

Chapter 1 Principles of Information Security

1. What is the difference between a threat agent and a threat? A threat agent would be something that will cause your computer system/codes to malfunction in order not to operate as intended. A threat would be the actual component that will render the system inoperable. 2. What is the difference between vulnerability and exposure? Exposure will be like leaving your system unlocked. Vulnerability will be like having an open port and unfamiliar operating software. 3. How is infrastructure protection (assuring the security of utility services) related to information security? Reliable information security is needed to ensure that the services being processed or compute within an organization are correct and secured from people not authorized to view or handle the information. 4. What type of security was dominant in the early years of computing? The type of security that was dominant in the early years was mainly from the computer security, which was just a way to protect the system itself. The C.I.A. triangle evolved from that and became the first early modeling of today modern security in computing, namely CNSS. 5. What are the three components of C.I.A. triangle? What are they used for? The three component of the C.I.A. triangle are confidentiality, integrity, and availability. They are used as a basic model for the protection of information. 6. If the C.I.A. triangle is incomplete, why is it so commonly used in security? It is pretty much a basic model that could be expanded upon because it was centered on the important idea of security confidentiality, integrity and being available to the ones that need to have the information only. 7. Describe the critical characteristics of information. How are they used in the study of computer security? The characteristics of information are availability, accuracy authenticity, confidentiality, integrity, utility and possession. Availability is which allows the information to be readily available for them to use. The accuracy is the assurance that the received information is correct and free of mistaken information or errors. Authenticity is when the information that was created has not been tampered with since its creation from something or someone else. Confidentiality is the basic For your eyes only approached, but it is breeched when an unauthorized individual or entity has access to it. Integrity is basically the same idea as confidentiality, but in this instance the information can be changed before it reaches the intended end user. The utility is the when the information that is being seen has a basic use and

8.

9.

10. 11.

value to the user. The possession basically is the person or entity that actually holds the information in their possession or has control over the access of it. Identify the six components of an information system. Which are most directly affected by the study of computer security? Which are most commonly associated with its study? The six component of an information system are Software, Hardware, Data, People, Procedures, and Networks. All are affected directly by the study of computer security, but software and hardware of systems are probably more directed than other due to the constant evolutions of newer hacker techniques. The most commonly associated with the study would be people, data and procedure, due to the fact that these three can have an immediate improvement of security with just the education in lieu of upgrades and patches. What system is the father of almost all modern multiuser systems? The father of modern multiuser systems would be the MULTICS- Multiplexed Information and Computing Services and the ARPANET Advanced Research Project Agency. Which paper is the foundation of all subsequent studies of computer security? The Rand Report R-609 is the foundation papers that lead to the study of computer security. Why is the top-down approach to information security superior to the bottom-up approach? The reason the top-down approach is superior is due to the fact that the managers are more involved and they will most likely delegate the direction of goals and outcome for the purpose of fulfilling the needs of the business and direction of funds will come from them as well.

12. Why is a methodology important in the implementation of information security? How does a methodology improve the process? It is important due to the structured and most often detailed step of ensuring that the system of information will be secure as best as possible. This methodology improves the process by talking small pieces of the information and tweaking it until the best desired results are achieved. 13. Which members of an organization are involved in the security system development life cycle? Who leads the process? Members of the upper management begins by issuing a directive outlining the outcome, then members of the IT department ,managers that are involved, employees, and contractors are put together as a team. 14. How can the practice of information security be described as both an art and a science? How does security as a social science influence its practice? As an art form, the practice of securing the system is allowing enough of a view of the information to be understood what the artist is trying to show. As a science, it is the tried and true methods of previous works and as well as performance levels that have been achieved. The social science is using the information of end users to understand how they interact with information systems. 15. Who is ultimately responsible for the security of information in the organization? All users of the system are ultimately responsible for the security of information within an organization. The only thing that really separates the user is the different responsibilities that

apply to them. An example of this would be an administrator is responsible for the integrity and updated patches for the system whereas an end-user is responsible for logging off and protecting their passwords. 16. What is the relationship between the MULTICS project and the early development of computer security? The MULTIC project introduced the integration of security features within its core function 17. How has computer security evolved into modern information security? Computer securities evolved after a glitch between two administrators were editing files at the same time. This problem was noticed and led to the security to be implemented at various levels within a system. A really good change was when system became networked together forming the internet/ARPANET and vulnerabilities were really shown. This led to the ARPA report which led to a better system security. 18. What was important about the Rand Report R-609? This introduces the need for policies and management responsibilities to computer system that are interconnected ensuring those vulnerabilities of unauthorized uses and the securing of data are addressed. 19. Who decides how and when data in an organization will be used or controlled? Who is responsible for seeing that these wishes are carried out? Usually the administrator are responsible of how and when data are used and controlled, but the CIO,CISO and security managers are responsible for seeing these wishes are carried out. 20. Who should lead a security team? Should the approach to security be more managerial or technical? The CISO should lead the security team. The approach to security needs to both managerial and technical due to the fact that companies ability to operate needs to be implemented as well as what security is available that will work with the companies needs.