Last Name: Aurelio First Name: Neri Marie M.I. B.

Course, Year & section: BSIT II-B

Module 1: Activity
1. What is the difference between a threat agent and a threat?
A threat is a persistent hazard to an asset, whereas a threat agent is an attack
facilitator. Threat agents include people who intentionally cause harm, such as
terrorists; groups that provide tools or information to others who would do so,
such as hacktivists; and individuals who possess dangerous skills but who are not
affiliated with any group, such as criminal hackers.
2. What is the difference between vulnerability and exposure? *
A vulnerability is a weakness in a system that leaves it open to potential damage,
interference, hacking, etc. For example, a hard drive of confidential information
with no password protection on it could be considered a vulnerability as anyone
could access the information on it. Exposure, on the other hand, refers to the state
of a vulnerability being present and known to a potential attacker.
3. How is infrastructure protection (assuring the security of utility services)
related to information security? *
Infrastructure protection is assuring the security of utility services. Information
security is the protection of information’s assets, whether in storage, processing,
or transmission, via the application of policy, education, training and awareness
and technology.
4. What type of security was dominant in the early years of computing? *
In the early years of computing, computer security was dominant. Physical
location and the actual computers themselves were the primary focus of this type
of security, unlike today, where threats go beyond attacking the physical aspects
of information processors. When the first computers were developed during
WWII, there were many levels of protection put in place to ensure the security of
classified information. Restricted access to the place that the computers were
located was the main method, with those locations requiring different types of
authorization to access. Computer hardware, magnetic tapes, files, and other
equipment needed to be physically secured to be safe. As technology advanced,
information security became priority over just computer security, as threats
became less and less external.
5. What are the three(3) components of the C.I.A. triad? What are they used
for? *
The three components of the C.I.A triad are Availability, Confidentiality and
Integrity. These are the most crucial components of information security. These
are the guidelines of information security within an organization.
Availability:- It is used for the availability of reliable access to the information by
authorized person. Providing updated software and maintaining the hardware
which is currently functioning in the organization. It safeguards the data loss from
the interruption in connection.
Confidentiality:- It means privacy of data. Confidentiality safeguard the important
and crucial data from wrong people and make sure that right people can easily
get access.
Integrity: - It ensures that confidentiality of the data don't break. All the data
should flow with accuracy and consistency over the period of time. It also detects
any changes in data that might occur as a result of server crash. The Chief
Information Security Officer (CISO) is responsible for the security of information in
the organization.