Module 1: Activity 1. What is the difference between a threat agent and a threat? A threat is a persistent hazard to an asset, whereas a threat agent is an attack facilitator. Threat agents include people who intentionally cause harm, such as terrorists; groups that provide tools or information to others who would do so, such as hacktivists; and individuals who possess dangerous skills but who are not affiliated with any group, such as criminal hackers. 2. What is the difference between vulnerability and exposure? * A vulnerability is a weakness in a system that leaves it open to potential damage, interference, hacking, etc. For example, a hard drive of confidential information with no password protection on it could be considered a vulnerability as anyone could access the information on it. Exposure, on the other hand, refers to the state of a vulnerability being present and known to a potential attacker. 3. How is infrastructure protection (assuring the security of utility services) related to information security? * Infrastructure protection is assuring the security of utility services. Information security is the protection of information’s assets, whether in storage, processing, or transmission, via the application of policy, education, training and awareness and technology. 4. What type of security was dominant in the early years of computing? * In the early years of computing, computer security was dominant. Physical location and the actual computers themselves were the primary focus of this type of security, unlike today, where threats go beyond attacking the physical aspects of information processors. When the first computers were developed during WWII, there were many levels of protection put in place to ensure the security of classified information. Restricted access to the place that the computers were located was the main method, with those locations requiring different types of authorization to access. Computer hardware, magnetic tapes, files, and other equipment needed to be physically secured to be safe. As technology advanced, information security became priority over just computer security, as threats became less and less external. 5. What are the three(3) components of the C.I.A. triad? What are they used for? * The three components of the C.I.A triad are Availability, Confidentiality and Integrity. These are the most crucial components of information security. These are the guidelines of information security within an organization. Availability:- It is used for the availability of reliable access to the information by authorized person. Providing updated software and maintaining the hardware which is currently functioning in the organization. It safeguards the data loss from the interruption in connection. Confidentiality:- It means privacy of data. Confidentiality safeguard the important and crucial data from wrong people and make sure that right people can easily get access. Integrity: - It ensures that confidentiality of the data don't break. All the data should flow with accuracy and consistency over the period of time. It also detects any changes in data that might occur as a result of server crash. The Chief Information Security Officer (CISO) is responsible for the security of information in the organization.