Cist 1601 Ch. 1 Hw (Principles of Information Security)

In: Computers and Technology

Submitted By susdawg
Words 690
Pages 3
Chapter 1 - Review Questions

1. What is the difference between a threat agent and a threat?

A threat is a general term used to describe a category of items that present a risk in jeopardizing the safety of an asset. A threat agent is a more specific term used to describe an exact piece of a threat. For example, all kitchen appliances pose a threat to those who use them, while a gas stove is a specific threat agent in this case.

2. What is the difference between vulnerability and exposure?

Vulnerability is a flaw in a system that leaves it open to damage. Exposure occurs when the vulnerability is known, or exposed, to an attacker. A car that is kept unlocked is an example of vulnerability. Exposure occurs when a thief knows that the car is kept unlocked.

3. How is infrastructure protection (assuring the security of utility services) related to information security?

Information security includes the protection of information assets in storage, processing, or transmission. To assure the security of things such as schools, prisons, toads, and power plants, the confidentiality and integrity of information must be protected.

4. What type of security was dominant in the early years of computing?

Physical controls (badges, keys, etc.) were dominant during World War II, because one of the main threats at that time was physical theft of equipment.

5. What are the three components of the CIA triangle? What are they used for?

The three components of the CIA triangle are confidentiality, integrity, and availability of information. These components are used as the industry standard for computer security and they describe the utility of information.

Chapter 1 - Exercises

3. Consider the information stored on your personal computer. For each of the terms listed, find an example and document it: threat, threat agent,…...

Similar Documents

Principles of Information Security: Chapter 1 End-of-Chapter Questions

...Chapter 1 Assignmnet Ryan M. Kethcart INFOST-491 SEC-OL Exercises 1. Look up “the paper that started the study of computer security.” Prepare a summary of the key points. What in this paper specifically addresses security in areas previously unexamined? a. A paper titled the “Rand Report R-609” was sponsored by the Department of Defense and initiated the movement toward security that went beyond protecting physical locations. It attempted to define multiple controls and mechanisms necessary for the protection of a multilevel computer system; identifying the role of management and policy issues in computer security. This report/paper significantly expanded the scope of computer security to include the following: securing the data, limiting random and unauthorized access to said data, and involving personnel from multiple levels of the organization in matters pertaining to information security. 3. Consider the information stored on your personal computer. For each of the terms listed, find an example and document it: threat, threat agent, vulnerability, exposure, risk, attack, and exploit. a. Threat: i. Theft of Media b. Threat Agent: ii. Hacker (Ex: Ima Hacker) c. Vulnerability: iii. Unprotected system port d. Exposure: iv. Using a website monitored by malicious hackers, reveals a vulnerability – i.e. Unprotected system port e. Risk: v. Low level risk – The probability......

Words: 790 - Pages: 4

Principles of Information Security

...Classification: Laptop Security Policy Statement of Policy This policy talks about how to use laptop in secure way where we don’t want student and employees to get the laptop from their home and come here with virus. Laptop computers provide important functionality, allowing Abu Dhabi Women College faculty and employees to have their computing resource at hand in meetings/classes, and each students and staffs has different username and password. Unfortunately, laptops are easily stolen, lost or broken. These procedures address the actions that must be taken in order to minimize the risk of the theft of College owned laptops. Appropriate Use Employees in our college are expected from student to use their laptop in a very careful way. Where they not allow getting their laptop from home because they may lose their password and may they have viruses. In addition, they should not use their laptop to hacker and crack and they should not download any software that you don’t know about it and Keep liquids away from your laptop. Furthermore, you should have available antivirus software would help such as anti-virus. And in cases somebody is not following these rules he will be avail to harm his laptop. Systems Management The laptops in our college are mange by TSD. TSD are responsible to fix the problem and install the software. They had four sections such as network specialist, sewer administers, IT technician and AV technician. If the student and teachers had a problem......

Words: 427 - Pages: 2

Principles of Information Security

...1. What is risk management? Why is the identification of risks, by listing assets and their vulnerabilities, so important to the risk management process? Risk management is the process of identifying risk, as represented by vulnerabilities, to an organization’s information assets and infrastructure, and taking steps to reduce this risk to an acceptable level. Each of the three elements in the C.I.A. triangle, introduced in Chapter 1, is an essential part of every IT organization’s ability to sustain long-term competitiveness. When an organization depends on IT-based systems to remain viable, information security and the discipline of risk management must become an integral part of the economic basis for making business decisions. These decisions are based on trade-offs between the costs of applying information systems controls and the benefits realized from the operation of secured, available systems. 2. According to Sun Tzu, what two key understandings must you achieve to be successful in battle? Know Yourself First, you must identify, examine, and understand the information and systems currently in place within your organization. This is self-evident. To protect assets, which are defined here as information and the systems that use, store, and transmit information, you must know what they are, how they add value to the organization, and to which vulnerabilities they are susceptible. Once you know what you have, you can identify what you are already doing to protect it....

Words: 307 - Pages: 2

Ch1 Principles of Information Security

...1. A threat is a constant danger to an asset, whereas a threat agent is the facilitator of an attack. 2. Vulnerability is a fault within the system, such as software package flaws, unlocked doors or an unprotected system port. Exposure is a single instance when a system is open to damage. 3. Enthusiasts were called hacks or hackers, because they could tear apart the instruction code or even the computer itself to manipulate its output. 4. Early security was entirely physical security. 5. Confidentiality is Information’s should only be accessible to its intended recipients. Integrity is Information that’s there the same time it was sent. Availability is Information should be available to those authorized to use it. 6. The CIA triangle is still used because it addresses the major concerns with the vulnerability of information systems. 7. Availability is Authorised users can access the information, Accuracy is free from errors, Authenticity is genuine, Confidentiality is preventing disclosure to unauthorized individuals, Integrity whole and uncorrupted. Utility has a value for some purpose Possession Ownership. 8. Data, People, Procedures, Hardware,Software. 9. Mainframe computer systems. 10. Rand Report R-609 11. Bottom up lacks a number of critical features such as participant support and organizational staying power, whereas top down has strong upper management support. 12. A formal methodology ensures a rigorous process and avoids missing steps. 13. Security......

Words: 415 - Pages: 2

Principles of Information Security

... Principles of Information Security Fourth Edition Copyright 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. Copyright 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. Principles of Information Security Fourth Edition Michael E. Whitman, Kennesaw State University Ph.D., CISM, CISSP Herbert J. Mattord, CISM, CISSP Australia • Brazil • Japan • Korea • Mexico • Singapore • Spain • United Kingdom • United States Copyright 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed......

Words: 318245 - Pages: 1273

Principles of Information Security

...1. What is the difference between a threat agent and a threat? Answer Threat agent: A specific instance or component that represents a danger to an organization’s assets. Threats can be accidental or purposeful, for example lightning strikes or hackers. Threat: An object, person, or other entity that represents a constant danger to an asset. Or A threat is a constant danger to an asset, whereas a threat agent is the facilitator of an attack. 2. What is the difference between vulnerability and exposure? Vulnerability: A weakness in a controlled system, where controls are not present or no longer effective. Exposure: A single instance of a system being open to damage. Or Vulnerability is a fault within the system, such as software package flaws, unlocked doors or an unprotected system port. It leaves things open to an attack or damage. Exposure is a single instance when a system is open to damage. Vulnerabilities can in turn be the cause of exposure. 3. How is infrastructure protection (assuring the security of utility services) related to information security? Answer Infrastructure protection is related to information in the sense that assets of an organization (infrastructure utility services that is offered to customers) are secured from intrusion, exploitation and threats. 4. What type of security was dominant in the early years of computing? Answer Early security was entirely physical security. 5. What are the three components of......

Words: 6364 - Pages: 26

Principles of Information Security

...important process, people may substitute by doing the process manually or by outsourcing it. If substitution is easy and substitution is viable, then this weakens your power. Threat of New Entry: Power is also affected by the ability of people to enter your market. If it costs little in time or money to enter your market and compete effectively, if there are few economies of scale in place, or if you have little protection for your key technologies, then new competitors can quickly enter your market and weaken your position. If you have strong and durable barriers to entry, then you can preserve a favorable position and take fair advantage of it. These forces can be neatly brought together in a diagram like the one in figure 1 below: Figure 1 – Porter's Five Forces Porter's Five Forces Using the ToolTo use the tool to understand your situation, look at each of these forces one-by-one and write your observations on our free worksheet which you can download here. Brainstorm the relevant factors for your market or situation, and then check against the factors listed for the force in the diagram above. Then, mark the key factors on the diagram, and summarize the size and scale of the force on the diagram. An easy way of doing this is to use, for example, a single "+" sign for a force moderately in your favor, or "--" for a force strongly against you (you can see this in the example below). Then look at the situation you find using this analysis and think through how......

Words: 595 - Pages: 3

Chapter 1-Introduction to Information Security: Principles of Information Security

...Chapter 1-Introduction to Information Security: 1. What is the difference between a threat and a threat agent? A threat is a constant danger to an asset, whereas a threat agent is the facilitator of an attack. 2. What is the difference between vulnerability and exposure? Vulnerability: is a fault within the system, such as software package flaws, unlocked doors or an unprotected system port. It leaves things open to an attack or damage. Exposure: is a single instance when a system is open to damage. Vulnerabilities can in turn be the cause of exposure. 3. How is infrastructure protection (assuring the security of utility services) related to information security? The organization needs to have clear parameters and set regulation when it comes to the protection of itself. Clear goals and objectives when it comes to protection will lead to a better protection on regards to the information security. 4. What type of security was dominant in the early years of computing? Early security was entirely physical security. - EX: Lock and Key 5. What are the 3 components of the CIA triangle and what are they used for? Confidentiality: Information should only be accessible to its intended recipients. Integrity: Information should arrive the same as it was sent. Availability: Information should be available to those authorized to use it. 6. If the CIA triangle is incomplete, why is it so commonly used in security? The CIA triangle is still......

Words: 965 - Pages: 4

Principles of Information Security Ch. 1 Questions

...Review Questions 1. What is the difference between a threat agent and a threat? 2. What is the difference between vulnerability and exposure? 3. How is infrastructure protection (assuring the security of utility services) related information security? 4. What type of security was dominant in the early years of computing? 5. What are the three components of the C.I.A. triangle? What are they used for? 6. If the C.I.A. triangle is incomplete, why is it so commonly used in security? 7. Describe the critical characteristics of information. How are they used in the study computer security? 8. Identify the six components of an information system. Which are most directly affected by the study of computer security? Which are most commonly associated with its study? 9. What system is the father of almost all modern multiuser systems? 10. Which paper is the foundation of all subsequent studies of computer security? 11. Why is the top-down approach to information security superior to the bottom-up approach? 12. Why is a methodology important in the implementation of information security? How does a methodology improve the process? 13. Which members of an organization are involved in the security system development life cycle? Who leads the process? 14. How can the practice of information security be described as both an art and a science? How does security as a social science influence its practice? ...

Words: 326 - Pages: 2

Principles of Information Security

... Principles of Information Security Fourth Edition Copyright 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. Copyright 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. Principles of Information Security Fourth Edition Michael E. Whitman, Herbert J. Mattord, Kennesaw State University Ph.D., CISM, CISSP CISM, CISSP Australia • Brazil • Japan • Korea • Mexico • Singapore • Spain • United Kingdom • United States Copyright 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has......

Words: 318246 - Pages: 1273

Principles of Information Security Chapter 1

...Principles of Information Security, 4th Edition 1 Chapter 1 1 Review Questions 1. What is the difference between a threat agent and a threat? A threat agent is the facilitator of an attack, whereas a threat is a category of objects, persons, or other entities that represents a potential danger to an asset. Threats are always present. Some threats manifest themselves in accidental occurrences and others are purposeful. Fire is a threat; however, a fire that has begun in a building is an attack. If an arsonist set the fire then the arsonist is the threat agent. If an accidental electrical short started the fire, the short is the threat agent. 2. What is the difference between vulnerability and exposure? Vulnerability is a weaknesses or fault in a system or protection mechanism that opens it to attack or damage. Exposure is a condition or state of being exposed. In information security, exposure exists when a vulnerability known to an attacker is present. 3. How is infrastructure protection (assuring the security of utility services) related to information security? The availability of information assets is dependent on having information systems that are reliable and that remain highly available. 4. What type of security was dominant in the early years of computing? In the early years of computing when security was addressed at all, it dealt only with the physical security of the computers themselves and not the data......

Words: 4896 - Pages: 20

Principles of Information-Systems Security

...As an Information Security Engineer for a large multi-international corporation, that has just suffered multiple security breaches that have threatened customers' trust in the fact that their confidential data and financial assets such as Credit-card information; one must implement security measures that will protect the network through a vulnerable wireless connection within the organization, while also providing a security plan that will protect against weak access-control policies within the organization. The first step of protecting against Credit-card information through a vulnerable wireless connection within the organization would be to first protect your wireless broadband from cyber-attacks, which don’t involve any costly measures. One must always remember to lock down the wireless network. By default the password for your panel is often a standard one set-up by the manufacturer (for example ‘admin’). It’s very important that you change this as soon as possible, because it would me that many hackers would already have the password for it. When picking a strong password use a case sensitive combination of alphabets and numbers, six characters and more. Also remember to make it something unique and not the same as something else like your Facebook or Twitter password. Next too consider is the fact that most routers come with a WEP or WPA key built in for good measure, and each router has a different code so there is no need to stress when it comes to this aspect.......

Words: 902 - Pages: 4

Principle of Information Security

...types of packets? A TCP Packet sends information, and reports back to the sender on progress to assure that information has been sent and received. UDP on the other hand is designed more for speed after establishing a connection and is used to strive for the fastest data retrieval rate as possible, but for this type of packet, it’s less important that it reports back. I don’t believe there will be specific transactions that involve both types of packets. But TCP is better for assuring that data is being received completely, but UDP focuses on assuring data is retrieved as quickly as possible. 3. How is an application layer firewall different from a packet-filtering firewall? Why an application layer firewall is sometimes called a proxy server? A packet-filtering firewall only allows “a particular packet with a particular source, destination, and port address to enter”. An application layer firewall is sometimes called a proxy server because it “runs special software that acts as a proxy for a service request” It is more to deal with outgoing connections and making connections within the DMZ zone of an organization. 4. How is static filtering different from dynamic filtering of packets? Which is perceived to offer improved security? Static filtering works with rules that are already designated or “developed and installed with the firewall” and only a person can change it 5. What is stateful inspection? How is state information maintained during a network......

Words: 415 - Pages: 2

Principles of Information Security 4th Ed Chapter 1 Review Questions

...Kevin Kovack Chapter 1 Review Questions 1. What is the difference between a threat agent and a threat? A threat is a constant danger to an asset, whereas a threat agent is the facilitator of an attack. 2. What is the difference between vulnerability and exposure? Vulnerability is a fault within the system, such as software package flaws, unlocked doors or an unprotected system port. It leaves things open to an attack or damage. Exposure is a single instance when a system is open to damage. Vulnerabilities can in turn be the cause of exposure. 3. How is infrastructure protection (assuring the security of utility services) related to information security? You need to have infrastructure protection in order to have effective information security. 4. What type of security was dominant in the early years of computing? Security was entirely physical in the early years because physical access was the primary threat. 5. What are the three components of the C.I.A. triangle? What are they used for? Confidentiality: Information should only be accessible to its intended recipients. Integrity: Information should arrive the same as it was sent. Availability: Information should be available to those authorized to use it. 6. If the C.I.A. triangle is incomplete, why is it so commonly used in security? The CIA triangle is still used because it addresses the major concerns with the vulnerability of information systems. 7. Describe the critical......

Words: 801 - Pages: 4

Principles of Information Security

...organization is different in the way that it communicates internally and with its vendors and customers and in the kinds of information that it sends over the Internet. Practicing strong computer security is a nonnegotiable requirement for organizations doing business today. However, building security into an existing corporate culture is a complex undertaking. Every organization has a security culture, and each is as unique as the organization itself. Security culture can be collaborative or argumentative, structured or unstructured. Security can be an integral part of a process beginning at the project-definition stage, or a separate process added on to an existing project. It can be ingrained or reactive. Information security is the protection of information from a wide range of threats in order to ensure business continuity, minimize business risk, and maximize return on investments and business opportunities. Security issues are unknowingly generated via employees using consumer electronics in their homes. As more consumer communications and devices enter the corporate enterprise security professionals need to consider the risks for business security. Things to consider included IM, gmail, iphones, un-secure home networks, etc. Employees are using these devices at home and in the workplace. . The first and most important strategy is to align information security with business strategy. The higher the value, the bigger the target, the greater the damage and overall......

Words: 953 - Pages: 4