1. Distinguish between vulnerability, threat, and control.
A vulnerability is any weakness in a system that can be exploited and cause data loss or harm. A threat is any potential harm or attack that can exploit a vulnerability. A control is any measure that can be put in place to prevent or remove an attack or threat from exploiting a vulnerability. 2. Give an example of each type of asset in a computer system. There are three types: hardware, software, and data Examples: Hardware: disk drives Software: Operating Systems Data: photos 3. State three threats that exists in relation to a computer system. Three types of threats are interception, interruption, and modification. 4. Differentiate between interception and modification. Interception is when an attacker can view the information or packets being communicated between a party but not to change its contents, whereas in modification the attacker not only view the data that is being transmitted but can change its state or modify its contents. 5. State what is meant by the CIA triad and briefly describe each of these aspects as they relate to a computer system. The CIA triad stands for Confidentiality, Integrity, and Availability.
Confidentiality means the only authorized persons should have
access to this information. Integrity is ensuring that the contents of the information can only be changed by those who are authorized to. Availability means the information upon request is available to authorized persons when requested. 6. It has been stated that weak encryption can actually be worse than no encryption at all. Explain why this statement may be true. This statement is false. Encryption is the process of making readable text undecipherable to unauthorized persons. Thus, a text can be plain- readable to anyone that views it texts such as “Hello” and encrypted known as cipher text which is only readable to whom it is intended to. Thus, if a text is transmitted in its plain form, it is susceptible to attacks because it has no encryption. Having encryption even if it is not as strong is better because it ups the difficulty of deciphering the information, hence weak encryption is in fact better than none. 7. List two types of controls that are available and give an example of each type. Two types are hardware and software controls which can be a physical firewall and an antivirus such Norton Security. 8. As it relates to computer security, define the term Authentication. List the three general methods of authentication. Authentication is the process of proving that a user is whom they claim to be, by presenting something they (user) know, have, and something they are. 9. You are tasked with creating a policy for passwords to be used on the company’s network. Describe three points that you will focus on to minimize possible vulnerabilities. Three points are one the who as in which persons can access the information or is authorized to, what objects (devices) that can be used to access the network, and how being the method that the user will use to access the network for example the using the method of authentication. 10.What are two goals of access policies? Two access policies are one is to check every access made and enforce least privilege so that not everyone will have the same level of access. 11.Describe the key difference between symmetric and Asymmetric cryptography. Symmetric cryptograph is where one key is used to encrypt the message being sent to the other user, which is the public key, but anyone can use their public key to decipher the message. Whereas asymmetric key uses two keys to encrypt the message the public and private key which can only be used to decipher the message, thus unless you have the private key that is intended for the specific party you cannot decipher the message. 12.How is cryptanalysis different from brute-force attack? Cryptoanalysis is the process of deciphering coded or hidden messages without the need to know the password of the victim to gain access to their information while brute force attacks rely on an array or numerous simultaneously entered guessed passwords, phrases, or dictionary words with the hope that one of them with grant access to the victim’s information. 13.Do digital signatures provide confidentiality? Explain. Yes, digital signatures do provide confidentiality because they contain that only the user can make which is a method of authentication that confidentiality requires. 14.What is a Trojan horse attack? A trojan attack that has undocumented, or never before recorded functions that makes it unexpected or untraced attack that has other additional unknown functions to perform.