K

O
W
M
&
N
D
T
R
U
E
L
A
IC
S
Y
H
P
QUIZ 1.
RODJEAN A. SIMBALLA BSIT -2D

Answer the following questions base on the reading you have have done: Submit your
answer in the google classroom. Just make sure that nobody have the same answer here:

1.From the 12 basic principles of information security how this basic principles help you
determine/develop your skills and apply it to real-life situations.
Answer:
It will develop my skills in real- life situations like for example if someone send me a
malicious link in my fb account or visit a malicious site in web, simply if you know the 12
basic principles of information security, you simply ignorethe malicious link or web. Because
its malicious and danger the hacker will have opportunity to hack you and gather your
personal information. Just ignore it and be aware.
2.Discuss three main security goals metioned.
Answer:


Confidentiality – is to ensures that computer-related asset are accessed only by
authorized parties. Confidentiality is sometimes called secrecy or privacy.
Integrity – it means that assets can be modified only by authorized parties or only in
authorized ways
Availability – it means that assets are accessible to authorized parties at appropriate
times.
3.Design and apply the principle of defense in deph.
Answer:

1
 RODJEAN A. SIMBALLA BSIT -2D

4.How human vulnerabilities in security systems helps you design better solutions in order to
counter them.
Answer:

 Change your security focus – focusing on and reducing these root exploitation
causes while you significantly defeat hackers and malware.
 Better software patching – both hackers and malware look for unpatched software
as a way to break into a environment.
 Better and more social engineering training – another best depense you can
implement isn’t software or a device its training.
 Beef up your password management – add a third password management.

5.Explain the difference between functional requirements and assurance requirements.

Answer:

 Funtional requirements – describe the behavior/execution of the software system

 Assurance requirements – describe the performance or usability of the software

6.How the fallacy of the security through obscurity to avoid using it as a measure of security.
Answer:
Security by obscurity is a weak security control, security should rely on specific
keys/secrets/credentials not being known,
- Split a smaller secret from the rest of the system
- Kerchoff principle
7.Discuss the importance of risk-analysis and risk management tools and techniques for
balancing the needs of business.
Answer:

 Risk Analysis is a proven way of identifying and assessing factors that could
negatively affect the success of a business or project. It allows you yo examine the
risk that you or your organization face, and helps you decide whether or not to move
forward with a decision.

 The purpose of Risk Management is not to eliminate all risks. It is to minimize the
potential negative consequence of risks. By working with risk managers, employees
can make smart risk decisions to improve the chance of reward.

2
 RODJEAN A. SIMBALLA BSIT -2D

8.Determine which side of the open disclosure debate you would take.
Answer:
Risk Management definitely because is very important it allows a business to control – and
often times prevent – the financial, political, social and cultural ramifications associated with
risks. Not only does risk management allow a business to identify potential risks ahead of
time, it also allows a business to react accordingly and minimize or even prevent losses.
Without identifying risks using risk management, a business cannot successfully define
objectives.