Cist 1601 Ch. 1 Hw (Principles of Information Security)

In: Computers and Technology

Submitted By susdawg
Words 690
Pages 3
Chapter 1 - Review Questions

1. What is the difference between a threat agent and a threat?

A threat is a general term used to describe a category of items that present a risk in jeopardizing the safety of an asset. A threat agent is a more specific term used to describe an exact piece of a threat. For example, all kitchen appliances pose a threat to those who use them, while a gas stove is a specific threat agent in this case.

2. What is the difference between vulnerability and exposure?

Vulnerability is a flaw in a system that leaves it open to damage. Exposure occurs when the vulnerability is known, or exposed, to an attacker. A car that is kept unlocked is an example of vulnerability. Exposure occurs when a thief knows that the car is kept unlocked.

3. How is infrastructure protection (assuring the security of utility services) related to information security?

Information security includes the protection of information assets in storage, processing, or transmission. To assure the security of things such as schools, prisons, toads, and power plants, the confidentiality and integrity of information must be protected.

4. What type of security was dominant in the early years of computing?

Physical controls (badges, keys, etc.) were dominant during World War II, because one of the main threats at that time was physical theft of equipment.

5. What are the three components of the CIA triangle? What are they used for?

The three components of the CIA triangle are confidentiality, integrity, and availability of information. These components are used as the industry standard for computer security and they describe the utility of information.

Chapter 1 - Exercises

3. Consider the information stored on your personal computer. For each of the terms listed, find an example and document it: threat, threat agent…...

Similar Documents

Ch 7 Microecon Hw

...DEREE COLLEGE DEPARTMENT OF ECONOMICS EC 1101 PRINCIPLES OF ECONOMICS II FALL SEMESTER 2002 M-W-F 13:00-13:50 Dr. Andreas Kontoleon Office hours: Contact: a.kontoleon@ucl.ac.uk Wednesdays 15:00-17:00 Homework for Chapter 7 (Answer Sheet) 1. Below is a list of domestic output and national income figures for a given year. All figures are in billions. The questions that follow ask you to determine the major national income measures by both the expenditure and income methods. The results you obtain with the different methods should be the same. | | | |Personal consumption expenditures |$245 | |Net foreign factor income earned |4 | |Transfer payments |12 | |Rents |14 | |Consumption of fixed capital (depreciation) |27 | |Social security contributions...

Words: 1641 - Pages: 7

Information Security Project 1

...Project: Information Security Project 1 Name: Ashiqul Abir Class: NT2580 Date: 02/28/2013 Information security best practice project: The information security best project was housed within the Oxford University computer emergency response team. The project sought build on the knowledge, commentary and information gathered during the 2009 self-assessment exercise. One of the main objectives of the project was to develop an information security toolkit, which includes the policies, guidelines, documentation and education and awareness programmers. Information security: In a devolved environment, such as a collegiate university, it is imperative that policy should not go into retail about how those objectives should be met. It also defines the scope of the policy and identifies roles and responsibilities for security. Information security toolkit: The example polies can be tailored to suit the individual needs of your department, college or hall. The toolkit focuses on some areas like, IT management Operations Network Management Physical Security Building on the 2009 self-Assessment: The 2009 Self-Assessment exercise asked unit within the collegiate university to assess their current approach to IT operations, management and security against recommended best practice guidelines. The information gathered helped the advisory group to understand where further attention, resource, and best......

Words: 280 - Pages: 2

Ch. 10 & 11 Hw

...1.Calculate Invoice price for bond maturing Nov. 15, 2012 (in Excel). Assume today’s date is 1/15/2009 2. Find the duration of a 6% coupon bond making annual coupon payments if it has three years until maturity and a yield to maturity of 10%. 3. A) A zero-coupon bond with face value $1,000 and maturity of 6 years sells for $887.25. What is its yield to maturity? B) What will happen to its YTM if the price goes up to $899.99? 4. Why do bond prices go down when interest rates go up? Don’t investors like high interest rates? 5. A) ABC bond has a 3.5 coupon and 9 years till maturity. Yield to maturity is 2%. If you want to sell this bond what will be the flat price of this bond? B) A bond has a current yield of _________? C) What is the invoice price of this bond if the last interest (coupon) payment was made two months ago? The coupon period has 182 days. 6. A 4.25 coupon bond with maturity of 6 years sells for 113.5. What is the YTM? 7. A callable bond has a par value of $1,000, a time to maturity of 10 years, and a coupon rate of 8% with interest paid annually. Bond is callable in 3 years at a call price of $1100. A) If the current market price is 114 percent of the par value, what is the YTM? B) What is the yield to call?...

Words: 259 - Pages: 2

Psy/315 Ch. 11 Hw

...11. List the five steps of hypothesis testing, and explain the procedure and logic of each. Step 1: Restate the Question as a Research Hypothesis and a Null Hypothesis about the Populations. You want to restate the question as research hypothesis and null hypothesis about the populations because it allows you to think of two different samples. The research hypothesis and the null are opposite of each other. One is true and the other is not. The researcher predicts something and researches it and the null hypothesis says there will be no difference if what the researcher predicts. The logic is figuring out the probability of getting a particular result if the null hypothesis is true. Step 2: Determine the Characteristics of the Comparison Distribution In the hypothesis-testing process, you compare the actual sample’s score to this comparison distribution. The comparison distribution is the distribution that represents the population situation if the null hypothesis is true. If the null is true both samples will have a normal curve. Step 3: Determine the Cutoff Sample Score on the Comparison Distribution at Which the Null Hypothesis Should Be Rejected You will need Z scores and percentages, if a researcher decides that the score is lower than a certain percent then they would reject the null. Psychology researchers use a cutoff on the comparison distribution with a probability of 5% that a score will be at least that extreme if the null hypothesis were true. They are...

Words: 940 - Pages: 4

Information Security Chap 1-2

...Principles of Information security textbook problems Chapter 1 & 2 … Study this se t o nline at: http://www.cram.co m/cards/136 20 58 What is the dif f erence between a threat and a threat agent? A threat is a constant danger to an asset, whereas a threat agent is the facilitator of an attack. What is the dif f erence between vulnerability and exposure? Vu l n e r a b i l i ty i s a fa u l t wi ti n th e s ys te m , s u ch a s s o ftwa r e p a cka g e fl a ws , u n l o cke d d o o r s o r a n u n p r o te cte d s ys te m p o r t. It l e a ve s th i n g s o p e n to a n a tta ck o r d a m a g e . Exp o s u r e i s a s i n g l e i n s ta n ce wh e n a s ys te m i s o p e n to d a m a g e . Vu l n e r a b i l i ti e s ca n i n tu r n b e th e ca u s e o f e xp o s u r e . Who has the def inition of hack evolved over the last 30 years? In te e a r l y d a ys o f co m p u ti n g , e n th u s i a s ts we r e ca l l e d h a cks o r h a cke r s , b e ca u s e th e y co u l d te a r a p a r t th e i n s tr u cti o n co d e o r e ve n th e co m p tu e r i ts e l f to m a n i p u l a te i ts o u tp u t. Th e te r m h a cke r a t o n e ti m e e xp r e s s e d r e s p e ct fo r a n o th e r s a b i l i ty. In r e ce n t ye a r s th e a s s o ci a ti o n wi th a n i l l i g a l a cti vi ty h a s n e g a ti vl y ti n g e d th e te r m . What type of security was dominant in the early years of computing? Early security was entirely physical security. C o n fi d e n...

Words: 3982 - Pages: 16

Ch. 18 Hw

...Case 18.1 Wilson Sporting Goods Co. v. U.S. Golf and Tennis Centers, Inc. 1. What is the perfect tender rule? The perfect tender rule is under the common law, the seller is obligated to deliver goods that conformed to the terms of the contract in every detail. 2. According to the UCC, what are a buyer’s options if the goods do not conform to the contract? Does a buyer have those same options if the goods conform in every respect? Explain. The buyer’s options if the goods do not conform to the contract, the buyer or lessee may accept the goods, reject the entire shipment, or accept part and reject part. If the goods conform in every respect the buyer or lessee does not have a right to reject the goods because the buyer or lessee is obligated to accept and pay for the goods according to the terms of the contract (UCC 2-507). 3. In this case, what provision in the parties’ contract was at the heart of their dispute? The provision in the contract that was at the heart of their dispute was “that the price charged be the lowest available price.” 4. What did the court rule on the dispute between these parties? Why? The court ruled that the seller (Wilson) fully performed, but the buyer, the company, failed to make any payments. The agreed contract terms, including purchase price were clear. Therefore, the court ruled that the defendant (US Golf and Tennis Centers, Inc.) were liable for the goods they received and upheld the contract. Case 18.2 Maple Farms...

Words: 1113 - Pages: 5

Ch 8 Hw Solutions

... Notes Receivable 4,400 Accounts Receivable—Russo 4,400 31 Interest Receivable 277 Interest Revenue* 277 *Calculation of interest revenue: Jeanne’s note: $15,000 X 9% X 2/12 = $225 Sharbo’s note: 6,750 X 8% X 20/360 = 30 Russo’s note: 4,400 X 12% X 15/360 = 22 Total accrued interest $277 (b) 2015 Nov. 1 Cash 16,350 Interest Receivable 225 Interest Revenue* 1,125 Notes Receivable 15,000 *($15,000 X 9% X 10/12) PROBLEM 8-1A | (a) 1. Accounts Receivable 3,315,000 Sales Revenue 3,315,000 2. Sales Returns and Allowances 50,000 Accounts Receivable 50,000 3. Cash 2,810,000 Accounts Receivable 2,810,000 4. Allowance for Doubtful Accounts 90,000 Accounts Receivable 90,000 5. Accounts Receivable 29,000 Allowance for Doubtful Accounts 29,000 Cash 29,000 Accounts Receivable 29,000 (b) | Accounts Receivable | | Allowance for Doubtful Accounts | | Bal.   960,000  (1) 3,315,000  (5)    29,000  | (2)    50,000 (3) 2,810,000 (4)    90,000 (5)    29,000 | | (4) 90,000  | Bal. 70,000 (5) 29,000 | | Bal. 1,325,000  | | | | Bal.  9,000 | PROBLEM 8-1A......

Words: 951 - Pages: 4

Chapter 1-Introduction to Information Security: Principles of Information Security

...Chapter 1-Introduction to Information Security: 1. What is the difference between a threat and a threat agent? A threat is a constant danger to an asset, whereas a threat agent is the facilitator of an attack. 2. What is the difference between vulnerability and exposure? Vulnerability: is a fault within the system, such as software package flaws, unlocked doors or an unprotected system port. It leaves things open to an attack or damage. Exposure: is a single instance when a system is open to damage. Vulnerabilities can in turn be the cause of exposure. 3. How is infrastructure protection (assuring the security of utility services) related to information security? The organization needs to have clear parameters and set regulation when it comes to the protection of itself. Clear goals and objectives when it comes to protection will lead to a better protection on regards to the information security. 4. What type of security was dominant in the early years of computing? Early security was entirely physical security. - EX: Lock and Key 5. What are the 3 components of the CIA triangle and what are they used for? Confidentiality: Information should only be accessible to its intended recipients. Integrity: Information should arrive the same as it was sent. Availability: Information should be available to those authorized to use it. 6. If the CIA triangle is incomplete, why is it so commonly used in security? The CIA triangle is still...

Words: 965 - Pages: 4

Chapter 1 Information Security

... candidate for a job with access to sensitive computer information. Risks, Threats, and Vulnerabilities Commonly Found in the User Domain The User Domain is the weakest link in an IT infrastructure. Anyone responsible for computer security must understand what motivates someone to compromise an organization’s system, applications, or data. Table 1-1 lists the risks and threats commonly found in the User Domain and plans you can use to prevent them. Risks, threats, vulnerabilities, and mitigation plans for the User Domain. Risk, ThReaT, oR VulneRabiliTY | MiTigaTion | Lack of user awareness | Conduct security awareness training, display security awareness posters, insert reminders in banner greetings, and send e-mail reminders to employees. | User apathy toward policies | Conduct annual security awareness training, implement acceptable use policy, update staff manual and handbook, discuss during performance reviews. | Security policy violations | Place employee on probation, review AUP and employee manual, discuss during performance reviews | User inserts CDs and USB drives with personal photos, music, and videos. | Disable internal CD drives and USB ports. Enable automatic antivirus scans for inserted media drives, files, and e-mail attachments. An antivirus scanning system examines all new files on your computer’s hard drive for viruses. Set up antivirus scanning for e-mails with attachments. | User downloads photos, music, and videos. | Enable content...

Words: 12482 - Pages: 50

Principles of Information Security Ch. 1 Questions

...Review Questions 1. What is the difference between a threat agent and a threat? 2. What is the difference between vulnerability and exposure? 3. How is infrastructure protection (assuring the security of utility services) related information security? 4. What type of security was dominant in the early years of computing? 5. What are the three components of the C.I.A. triangle? What are they used for? 6. If the C.I.A. triangle is incomplete, why is it so commonly used in security? 7. Describe the critical characteristics of information. How are they used in the study computer security? 8. Identify the six components of an information system. Which are most directly affected by the study of computer security? Which are most commonly associated with its study? 9. What system is the father of almost all modern multiuser systems? 10. Which paper is the foundation of all subsequent studies of computer security? 11. Why is the top-down approach to information security superior to the bottom-up approach? 12. Why is a methodology important in the implementation of information security? How does a methodology improve the process? 13. Which members of an organization are involved in the security system development life cycle? Who leads the process? 14. How can the practice of information security be described as both an art and a science? How does security as a social science influence its practice? ......

Words: 326 - Pages: 2

Unit 1 - Information Security Policy

... understanding what can be at risk and how to deal with those risk factors by using the policy that was established. References Mattord, H. J. & Whitman, M. E., (2012). Principles of Information Security, 4th ed. Boston, MA: Course Technology. APA Rules 1. Overall APA Paper Format Rules 2. APA Rules For In-Text Citation of Sources 3. Compiling and Formatting the APA Reference List Each of the above sections below contains a link to an actual sample pages of of the format being discussed. Overall Paper Format - APA * The paper should be typed and double-spaced, on standard 8 ½” x 11”, 20-pound white paper. * All four outside margins should be set at 1 inch. * As many as applicable of the following sections should appear in the paper, each one beginning on a separate page: abstract, text, references, appendices, author identification notes, footnotes, tables, figure captions, figures. Each section should have a running header on the first line of the page, flush right. * The manuscript title on the first page should begin about 1/3 of the way down the page. The title block on that page should include: full title (one or more lines), writer's name, course name and number, instructor's name, and the date - all centered on double-spaced lines * A running header with consecutive page numbering should appear flush right in the upper right-hand corner of each page, including the manuscript title page. This running......

Words: 2121 - Pages: 9

Accounting Ch 5 Hw

...Miles Cohen 701465100 Chapter 5 Auditing homework Review Checkpoints (1-17, 19-22, 24-32) 1) The 3 goals of an internal control system according to COSO is (1) Reliability of financial reporting, (2) Effectiveness and efficiency of operations, (3) compliance w/ applicable laws and regulations 2) Human error due to mistakes in judgment, fatigue and carelessness can still occur 3) Reasonable assurance recognizes that the costs of controls should not exceed the benefits that are expected from the controls 4) * Management is responsible for establishing and maintaining adequate internal control over financial reporting, Auditors are responsible for evaluating and finding any risk for the internal control effectiveness 5) Control risk is the probability that an entity’s controls will fail to prevent or detect material misstatement due to error or frauds. 6) To see if the client’s internal control is effective at controlling control risk. 7) Control risk adversely affects all 3 aspects 8) 5 components of management’s internal control (1) control environment, (2) Risk assessment, (3) control activities, (4) Monitoring and (5) information and communication 9) The control environment is the tone set for the organization as the foundation for all other components of internal control 10) Audit committee is a subcommittee of the BOD that is generally composed of 3-6 independt members in the entity’s day-to-day management of the organizations BOD. 11) Risk...

Words: 717 - Pages: 3

Finance Ch 7 Hw

...CHAPTER 7 INTEREST RATES AND BOND VALUATION Answers to Concepts Review and Critical Thinking Questions 1. No. As interest rates fluctuate, the value of a Treasury security will fluctuate. Long-term Treasury securities have substantial interest rate risk. 2. All else the same, the Treasury security will have lower coupons because of its lower default risk, so it will have greater interest rate risk. 3. No. If the bid price were higher than the ask price, the implication would be that a dealer was willing to sell a bond and immediately buy it back at a higher price. How many such transactions would you like to do? 4. Prices and yields move in opposite directions. Since the bid price must be lower, the bid yield must be higher. 5. There are two benefits. First, the company can take advantage of interest rate declines by calling in an issue and replacing it with a lower coupon issue. Second, a company might wish to eliminate a covenant for some reason. Calling the issue does this. The cost to the company is a higher coupon. A put provision is desirable from an investor’s standpoint, so it helps the company by reducing the coupon rate on the bond. The cost to the company is that it may have to buy back the bond at an unattractive price. 6. Bond issuers look at outstanding bonds of similar maturity and risk. The yields on such bonds are used to establish the coupon rate necessary for a particular issue to initially sell for par value. Bond...

Words: 7828 - Pages: 32

Government Accounting Hw Ch.8

...1. The four basic differences between the information content of the fund financial statements and the government-wide financial statements are: In the fund financial statements, the current financial resources measurement focus and modified accrual basis of accounting are used. In the governmental type funds the measurement for those funds are converted to the economic resources measurement focus and accrual basis of accounting. The second difference is that the fund statements concentrate on individual major governmental and enterprise funds. A third difference is that fund statements include the fiduciary funds but exclude the discretely presented component units. The government wide statements exclude the fiduciary funds but include the discretely presented component units. 2. The column headings generally used in governmental wide statement of net position are governmental activities; business type activities; total of those two columns; discretely presented component units. 3. The three components of net assets in the government wide statement of net position are: 4. The purpose of a classified statement of net position is to be able to realize which statements are restricted, unrestricted or invested in capital assets. 5. The three categories of revenues that are deducted from expenses to compute the net expenses or revenues for each function or program shown in the government wide statement of activities are: Charges for services; Program-specific operating...

Words: 464 - Pages: 2

Principle of Information Security

... that acts as a proxy for a service request” It is more to deal with outgoing connections and making connections within the DMZ zone of an organization. 4. How is static filtering different from dynamic filtering of packets? Which is perceived to offer improved security? Static filtering works with rules that are already designated or “developed and installed with the firewall” and only a person can change it 5. What is stateful inspection? How is state information maintained during a network connection or transaction? Stateful inspection keeps track of each network connection between internal and external system using a state table. A state table track the context and state of each packet in the conversation by recording which station sent the packet and when it was dent . 6. What is a circuit gateway, and how does it differ from the other forms of firewalls? Operates at transport layer. Prevents direct connections between one network and another. It’s the transport. 7. What special function does a cache server perform? Why is this useful for large...

Words: 415 - Pages: 2