BMIS Computer Security Assignment 1: Answer All Questions (handwritten)

The purpose of Assignment 1 objectives is to test your understanding of the general security concepts and
principles. Due Date: 27/01/2018
Question 1.
We realize that the study of computer security, comes with its rich terminology that must be
under stood from the beginning to grasp the conceptual security frameworks. As a computer
security student, given the above statement could you describe the
Elements in the AAA framework? (3)

Question 2.
Briefly explain the following security models
a) Clark Wilson (3)
b) Biba (3)
c) LapaDula (3)
d) Comprehensive Model (3)

Question 3
Backup is a critical part of disaster recovery.
Explain the following backup types and give appropriate controls applicable on each case
i) Full backup (2)
ii) Incremental Backup (2)
iii) Differential Backup (2)

Question 4
When we consider some of the universal security principles, discuss Principles of
a) Least privilege, (2)
b) minimization, (2)
c) compartmentalization. (2)

Question 5
i) Explain each stage of the security life cycle (prevent, detect, react, and deter) (4)
Question 6
In computer security an application of Defense in depth is very critical could you elaborate
(include diagram.) (6)
Question 7
The words “vulnerability, threat, risk, control and exposure” are often interchanged in computer
security even though they have different meanings. It is important to understand each word’s
definition and their relationships between the concepts.
i)
a)Could you demonstrate that you understand each of the above quoted words [5]
b) Risk has to be identified in computer security could you explain the steps required when
applying risk management (use Viega and McGraw.) (6)
ii) Explain the difference between fabricated and modification attacks. (2)