Computer Security Chapter 2 Review

In: Computers and Technology

Submitted By theunborn
Words 1872
Pages 8
Nguyen Dinh

Computer Security

Assignment 2

1. Both general management and IT management are responsible for implementing information security to protect the ability of the organization to function.

Decision-makers in organizations have to set policy and operate their organization in a manner that complies with the complex, shifting political legislation on the use of technology. Management is responsible for informed policy choices and the enforcement of decisions that affect applications and the IT infrastructures that support them. Management can also implement an effective information security program to protect the integrity and value of the organization’s data.

2. Data is mostly important in the organization because without it, an organization will lose its record of transactions and/or its ability to deliver value to its customers. Since any business, educational institution, or government agency that is functional within the modern social context of connected and responsive service depends on information systems to support these services, protecting data in motion and data at rest are both critical.

Other assets that require protection include the ability of the organization to function, the safe operation of applications, and technology assets.

3. Both general management and IT management are responsible for implementing

information security that protects the organization’s ability to function. Although many business and government managers shy away from addressing information security because they perceive it to be a technically complex task, in fact, implementing information security has more to do with management than with technology. Just as managing payroll has more to do with management than with mathematical wage computations, managing information security has more to do with policy and its…...

Similar Documents

Computer Security

...ACADEMIC YEAR 2011/2012, SEMESTER TWO, TEST TWO. COURSE NAME: COMPUTER SECURITY COURSE CODE: CSC3207 Instructions: Answer all questions. Duration: 1hour. Date sat. 15th April 2012 Test is out of 40marks. 1. Is magnetic media safe for data storage? Elaborate on your answer. 6mks NO. - It is volatile. - A lot of vigilance is required (no exposure to heat, sun light etc) - Forensics (data recovery tools undermine some operations like delete) YES, if care and precautions are adhered to. (state those precautions here) 2. State two technical challenges of the FLASH architecture 5mks -The number of read/write cycles -The power MUST-BE-ON requirement - Erasure failures Read page 414 of “Hardware Based Security” 3. A good security practice is to continuously review and appropriately modify misuse case presentations of a system. What approaches would you consider to maintain an up-to-date misuse case presentation for a given system? 6mks Consider using a team for periodical review and analysis and different design and implementation sections of the system. - Periodically review the existing use-case based on the pre-existing knowledge base. - Brainstorm on the basis of existing system resources and identify representative risks. - Redefining the use-cases and mis-use cases incase of new threats Sources of...

Words: 376 - Pages: 2

Principles of Information Security Chapter 3 Review

...Chapter 3 Review 1. What is the difference between law and ethics? The difference between law and ethics is that law is a set of rules and regulations that are universal and should be accepted and followed by society and organizations. Ethics on the other hand was derived from the latin word mores and Greek word Ethos means the beliefs and customs that help shape the character of individuals and how people interact with one another 2. What is civil law, and what does it accomplish? A wide variety of laws that govern a nation or state and deal with the relationships and conflicts between organisational and entities and people. 3. What are the primary examples of public law? Criminal, administrative and constitutional law. 4. Which law amended the Computer Fraud and Abuse Act of 1986, and what did it change? The National Information Infrastructure Protection of 1996 amended the Computer Fraud and Abuse Act of 1986. It modified several sections of the CFA Act, and increased the penalties for selected crime. 5. Which law was specifically created to deal with encryption policy in the United States? The Security and Freedom through Encryption Act of 1999. 6. What is privacy in an information security context? Privacy is not absolute freedom from observation, but rather it is a more precise “State of being free from unsanctioned intrusion”. 7. What is another name for the Kennedy-Kassebaum Act(1996), and why is it important to organisations...

Words: 1285 - Pages: 6

Chapter 2 Review Question

...chapter 2 1. Why is information security a management problem? What can management do that Technology cannot? Management is an information problem due to the fact that policymaking and training of securing systems from users fall into the responsibility of their role. These responsibilities can include limiting access as well as disabling certain functions that are not related to the organizations’ function. Management can set policies that may arise due to improper uses or manipulations of systems and asses the threats that are unknown due to the introduction of new hardware and software. 2. Why is data the most important asset an organization possesses? What other assets in the organization require protection? The integrity of the data is most important because it relates to the overall company operations. Securing the data from people not authorized to see or change it ensures that the correct information about the company is being generated without interference or manipulations of data. Other important assets that requires protection are the computer terminals, networking infrastructure, which need to be protected from misuse from internal and external threats whether intentional or not. 3. Which management groups are responsible for implementing information security to protect the organization’s ability to function? The responsibility relies on several management groups such as CIO, who is responsible for the overall protection of system, but the...

Words: 1762 - Pages: 8

Unit 2 Assignment 2: Computer Basics Review

...Tiffany Ostarly NT1210 Introduction to Networking Unit 2 Assignment 2: Computer Basics Review Chapter Review 1. A,C | 2. B | 3. C,D | 4. C,D | 5. D | 6. D | 7. B | 8. B | 9. A,C,D | 10. B,D | 11. D | 12. A,C | 13. C | 14. A | 15. A,D | 16. C,D | 17. D | 18. C | 19. A | 20. D | Key Terms Computer networking – the gerund form of the term computer network. Computer network – a combination of many components that work together so that many different devices can communicate. Application – a function on any kind of computer or electronic device that is useful to the user, which can give the user a reason to want to own and use the device. More specifically, software that performs some useful function for the user. Email – electronic mail. An application in which the user can type text and attach other files to create an electronic equivalent of a postal letter, and send the email to another person using his email address. Voice call – a more modern term for a telephone call that does not use the word telephone, instead emphasizing the fact that the traffic that flows between the end points is voice. Video frame – a grid of pixel locations of a chosen width by height that contains the lights/colors to be shown in a video at a single point in time. Web server – software that stores web pages and web objects, listens for requests for those pages, and sends the contents of those pages/objects to...

Words: 598 - Pages: 3

Principles of Information Security Chapter 2 Review Questions

...1. Management is responsible for implementing information security to protect the ability of the organization to function. They must set policy and operate the organization in a manner that complies with the laws that govern the use of technology. Technology alone cannot solve information security issues. Management must make policy choices and enforce those policies to protect the value of the organization’s data. 2. Data is important to an organization because without it an organization will lose its record of transactions and/or its ability to furnish valuable deliverables to its customers. Other assets that require protection include the ability of the organization to function, the safe operation of applications, and technology assets. 3. Both general management and IT management are responsible for implementing information security. 4. The implementation of networking technology has created more risk for businesses that use information technology because business networks are now connected to the internet and other networks external to the organization. This has made it easier for people to gain unauthorized access to the organization’s networks. 5. Information extortion is when an attacker steals information from a computer system and demands compensation for its return or for an agreement not to disclose it. One example could be someone that gains access to PII such as SSN’s through a company’s database and ransoms the information for money. If not paid, he...

Words: 1112 - Pages: 5

Computer Security

... copyright law. No part of this publication may be reproduced without prior permission in writing from Course Technology. Some of the product names and company names have been used for identification purposes only and may be trademarks or registered trademarks of their respective manufactures and sellers. Authorities said that once Jaschen realized the havoc the Sasser worm was causing, he tried to author a new version that reversed the damage. His real intent, they said, had simply been to gain fame 68 as a programmer and perhaps to increase business for his mother, who owned a computer shop in his hometown. Although Jaschen’s sentence seemed like a crime to many in the IT industry, the real injustice occurred just a few months after Jaschen’s indictment, when Securepoint, a German IT security company, hired Jaschen as a programmer. It appeared that the teen responsible for 70 percent of all computer virus infections during the first six months of 2004 got exactly what he wanted all along.1, 2, 3, 4 LEARNING OBJECTIVES As you read this chapter, consider the following questions: 1. 2. 3. 4. What key trade-offs and ethical issues are associated with the safeguarding of data and information systems? Why has there been a dramatic increase in the number of computerrelated security incidents in recent years? What are the most common types of computer security attacks? What are some characteristics of common computer criminals, including their objectives,......

Words: 18526 - Pages: 75

Nt1210 Computer Basics Chapter Review

...Chapter Review Activities 1. C: Represents one binary digit 2. D: Kilobyte 3. C: 64 bits per quadruple word 4. A: Used for short-term memory C: Used to process data 5. A: The CPU tells the RAM which address holds the data that the CPU wants to read. 6. C: Character set 7. D: The binary equivalent of decimal 123456789 8. A: An actuator arm 9. B: Provides a convenient way to name a set of data for easier operations like copying and moving C: Name give users an easy way to reference the data D: Gives the CPU an easy way to identify the data it wants to read from RAM 10. C: By reading the files and auto generating directory structure for the files, for use on your classmate’s local computer 11. C: Changing the disk’s surface so that later the light will reflect differently for 0 or 1 12. B: Used for long-term memory D: Connects to the CPU over a bus using a cable 13. A: Actuator arm C: Platters 14. A: RAM D:USB flash drive 15. D: The binary equivalent of decimal 123456789 16. D: By closing an electrical circuit connected to the key when the key is pressed 17. B: Two dimensions: movement as two numbers: one in the direction of the X axis of an X,Y graph and the other on the y axis. 18. C: Input of commands that control the computer 19. A: 1280 is the number of items top to bottom in a grid on the screen. D: 1024 is the number of items top to bottom in a grid on the screen. 20. A...

Words: 647 - Pages: 3

Chapter 2 Review Questions Principles of Information Security

...1. Information security is more of a management issue because it is up to management to decide what end users should have access to and what they should not. Also technology can only do what it is told to do but if management sets up training to teach end users about the threats of say opening an unknown email then the company is safer. 2. Without data an organization loses its record of transactions and/or its ability to deliver value to its customers. Page 42 Principles of Information Security 3. Both general and It management 4. It has created more and the reason why is it is much easier to spread viruses, worms, etc. now that the can get from system to system without having to attach to a physical disc. 5. Information extortion occurs when an attacker or trusted insider steals information from a computer system and demands compensation for its return or for an agreement not to disclose it. Page 60 Principles of Information Security. An example would be if someone would steal the latest album from a well-known artist before its release date and demanded to be paid or it would be released onto the internet. 6. Employees are one of the biggest threats for several reasons the can accidently allow someone access to the system by installing a back door or it is possible for them to become angry with the company and just hand out IP to rival companies. It is also possible that they could accidently delete valuable data from the system that has no backup. 7. Make sure...

Words: 908 - Pages: 4

Nt1210 Chapter Review Unit 2

...Chapter review unit 2 – Nate Bell 1. Which of the following terms is the closest synonym to the term computer networking? c. Datacom 2. Ann uses her email address,, to send an email to Bob, whose email address is The message contains a few paragraphs of text. Which of the following will be important to the process of making sure that Bob receives this email? b. Bob’s incoming email server 3. According to this chapter, which of the following concepts happens in a modern-day, end-to- end voice call between two business telephones sitting in the same office building in the United States? (Choose two answers.) b. The call uses only digital electrical signals. d.The call represents short sounds as a unique set of bits. 4. According to this chapter, which of the following concepts happens in a modern-day, end-to-end voice call between two home telephones in the United States? (Choose two answers.) c. The call uses both analog and digital electrical signals. d. The call represents short sounds as a unique set of bits. 5. A student makes a video recording of a professor teaching a class. The student posts the video to a website. The answers list information that the student used or chose on the computer on which he was processing the video. Which of the following answers is the least likely to impact the size of the video file? a. A character set 6...

Words: 1002 - Pages: 5

Chapter 2 Review Question

...Gunther Documet 9/14/2015 Applications in Info Security Chapter 4 Review Questions: 1)It might depend on the risk, although all risks should be addressed. The conditions that an organization might have is if they don't have a risk management plan or if they don't have the money to identify and mitigate the risk 2) 3)Alignment is important because it can align organizational goals with ICT works. The benefits to an organization as a whole is that it can align security processes with business goals. 4)Evaluation is important because it can determine if your team is achieving the objectives and this is usually done through gathering data and then analyzing it. Organizations benefit by collecting quantitative data because it can be used to evaluate the options and implications of a decision. 5)A contract is an agreement between a customer and a supplier, while the RFP is technically a bid solicitation. 6)Typically a subcontractor role is to perform specific tasks given by a general contractor. They can be controlled by the supplier to follow the right procedures that are given in the contract. 7)The problem resolution is important because it involves two parties in agreeing that all problems are identified, analyzed, managed, and controlled to resolution. 8)There are two types of reviews: Formal Reviews Informal Reviews In a formal review, the ICT is presented to a team or to an individual before the actual review. In the other hand the informal......

Words: 334 - Pages: 2

Chapter 2 Review Questions

...Chapter 2 Review Questions 1. Why is information security a management problem? What can management do that technology cannot? Managing information security has more to do with policy and enforcement rather than technology. Management must address information security in terms of business impact and the cost. 2. Why is data the most important asset an organization possesses? What other assets in the organization require protect? Data in an organization represents its transaction records and its ability to deliver to its customer. Without this the organization would not be able to carry out day to day work. 3. Which management groups are responsible for implementing information security to protect the organization’s ability to function? Both management and IT management are responsible for implementing security to protect an organizations ability to function. 4. Has the implementation of networking technology created more or less risk for businesses that use information technology? Why? Networking is usually considered to have created more risk for businesses that use information security. The reason is that potential attackers have reader access to the information system. 5. What is information extortion? Describe how such an attack can cause losses, using an example not found in the text Information extortion is the act of an attacker or trusted insider who steals information from a computer system and demand compensation for its return or for an...

Words: 1152 - Pages: 5

Computer Security

... cryptography requires. In your own words, explain each control. | | Question #06: What is the main idea behind cryptography?Question #07: What is the main problem with symmetric cryptography?Question #08: What is the basic idea in asymmetric cryptography?Question #09: What does key length have to do with security?Question #10: What is a one-way hash function? Why is it used? SHA-1 is discussed by Bruce, but has been replaced by what current standard (you’ll have to search the Internet for this one)? | | OptionalCorrectly answer both questions is required to received 1 bonus point.We discussed the Caesar cipher in class. The offset in a Caesar cipher can be referenced several ways. For example, Caesar Cipher with an offset of 13 (is sometimes called ROTate by 13 places or ROT-13). 1) Decrypt this ROT-4 cipher text to clear / plain text:Fi e psriv. Xlex kmziw csy xmqi xs asrhiv, xs wievgl jsv xli xvyxl. - Epfivx Imrwximr 2) Encrypt this plain text using to Rot-4 cipher text:All truth passes through three stages. First, it is ridiculed. Second, it is violently opposed. Third, it is accepted as being self-evident. ― Arthur Schopenhauer | ANSWER(s) For all questions, cite the page number(s) where you found your answers. Question #01: At the end of Chapter 4, we meet Roy Eskapa who handles Kevin’s psychological counseling (as part of his rehabilitation for hacking into the phone company). Kevin will years later get into more trouble and Roy writes a......

Words: 1379 - Pages: 6

Computer Security

... software applications and to what extent they can make changes to vital system files such as the Registry. By restricting access to certain areas of the computer system the Administrator will be able to ensure the smooth running of your PC’s. While advances in information technology produce numerous advantages, these same advances are leading to increases in computer security vulnerabilities and incidents. The rapid growth of the Internet and readily available hacking tools has heightened the risk of hackers crashing computers, attacking network and causing harm to systems. Security vulnerabilities in Microsoft Windows based systems can allow hackers to gain remote access to systems through connections to the internet. The importance of implementing proactive measures to guard against the unauthorized access of computer systems is increasing because intrusion attempts are constantly growing in numbers and complexity.   Summary In summary, common sense, some simple rules and a few pieces of technology can help protect your computer and home network from unauthorized users. Remember to always use protection software “anti-virus software” and keep it updated, always use hard-to-guess password and protect your computer from intruders by using a personal firewall. By protecting your computer system you are also protecting other computer systems.   References 1. Thurrott, P. (2002). Windows XP Home Networking. Wiley Publishing, Inc. 2. Internet......

Words: 1909 - Pages: 8

Chapter 2 Review Questions

...Chapter 1 PLD Review questions Multiple choice 1. A program is a set of instructions that a computer follows to perform a task. 2. The physical devices that a computer is made of are referred to as Hardware. 3. The part of a computer that runs programs is called the CPU. 4. Today, CPUS are small chips known as Microprocessors. 5. The computer stores a program while the program is running, as well as the data that the program is working with, in Main memory. 6. This is a volatile type of memory that is used only for temporary storage while a program is running. A. RAM 7. A type of memory that can hold data for long periods of time—even when there is no power to the computer—is called Secondary storage. 8. A component that collects data from people or other devices and sends it to the computer is called an input device. 9. A video display is a(n)output device. 10. A byte is enough memory to store a letter of the alphabet or a small number. 11. A byte is made up of eight bits. 12. In a binary numbering system, all numeric values are written as sequences of 0s and 1s. 13. A bit that is turned off represents the following value: 0 14. A set of 128 numeric codes that represent the English letters, various punctuation marks, and other characters is ASCII. 15. An extensive encoding scheme that can represent the characters of many of the languages in the world is Unicode. 16. Negative...

Words: 727 - Pages: 3

Computer Security

...Discussion Questions - Unit 1 1. Consider the information stored on your personal computer. Do you, at this moment, have information stored in your computer that is critical to your personal life? If that information became compromised or lost, what effect would it have on you? (150 - 200 words) I do have personal information stored on my computer that is very critical to my personal life. My personal computer holds credit card numbers, bank account details, passwords, medical information, websites I have visited, personal family pictures, some private letters and all my business ideas. Basically my whole life is on my personal computer and if it fell into the wrong hands someone might use it to commit fraud against me. I will have to take action quickly to minimize the potential for the theft of my identity. I will have to close compromised credit card accounts immediately and put an initial fraud alert on my credit report. I will have to place new passwords on old and new accounts that I open. I think getting my personal information compromised would leave me very paranoid and I will be watching for signs that my information is being misused and I think at the end it will leave me feeling much violated. 2. What is a mission statement? What is a vision statement? What is a values statement? Why are they important? What do they contain? Provide an example of one of the three. (150 - 200 words) A mission statement is a clear definition of what an organization is...

Words: 651 - Pages: 3