Week 1 Seminar Exercises Questions

Review Questions
1. A globally interconnected commercial world has emerged from the technical advances that
created the Internet. Has its creation increased or decreased the need for organizations to
maintain secure operation of their systems? Why?

2. List and describe an organization’s three communities of interest that engage in efforts to solve
InfoSec problems. Give two or three examples of who might be in each community.

3. List and describe the specialized areas of security.

4. What is the definition of information security? What essential protections must be in place to
protect information systems from danger?

5. What is the C.I.A. triangle? Define each of its component parts.

6. Why is the C.I.A. triangle significant? Is it widely referenced?

7. Describe the CNSS security model. What are its three dimensions?

8. What is the definition of privacy as it relates to information security? How is this definition of
privacy different from the everyday definition? Why is this difference significant?

9. Define the InfoSec processes of identification, authentication, authorization, and accountability.

10. What is management and what is a manager? What roles do managers play as they execute
their responsibilities?

11. List and describe the extended characteristics of information security management.

12. Explain POLC management Theory.

13. What are the factors that control POLC?

Recommended Exercises Completed in the Lab

1. Using a Web browser and search engine, find the Web site of the Committee on National
Security Systems (CNSS), formerly the National Security Telecommunications and
Information Systems Security Committee (NSTISSC). Locate the documentation library and
browse the index. When was the site last updated? Which one or two documents would be
of most interest to you now?
0. Using the Web, identify the senior executive officer, the chief information officer,
and the chief information security officer for your university or your part time employer.
Note that some organizations may use different titles for these personnel, so look for the
closest approximate that can be found.