1. What is the difference between a menace agent and a menace? A menace agent is the facilitator of an onslaught nevertheless ; a menace is a changeless danger to an plus. 2. What is the difference between exposure and exposure? The differences are: exposure is a mistake within the system. such as package bundle defects. unbarred doors or an unprotected system port. It leaves things unfastened to an onslaught or harm. Exposure is a individual case when a system is unfastened to damage. Vulnerabilities can in bend be the cause of exposure. 3. How is infrastructure protection ( guaranting the security of public-service corporation services ) related to information security?
Information security is the protection of information and it is critical elements. including the systems and hardware that used. shop. and transmit that information. Thus. guaranting the security of public-service corporation services are critical elements in information system. 4. What type of security was dominant in the early old ages of calculating? The type of security was dominant in the early old ages of calculating security was wholly physical security. And MULTICS was foremost notable runing system to incorporate security in to its nucleus system. 5. What are the three constituents of the C. I. A. trigon? What are they used for? The three constituents of the C. I. A trigon are:
Confidentiality: Information’s should merely be accessible to its intended receivers. Integrity: Information arrive the same as it was sent. Handiness: Information should be available to those authorized to utilize it. 6. If the C. I. A. trigon is uncomplete. why is it so normally used in security? The CIA trigon is still used because it addresses the major concerns with the exposure of information systems. It contains three major characteristic confidentiality. unity and handiness which are of import even today. 7. Describe the critical features of information. How are they used in the survey of computing machine security?
The critical features of information are:
Confidentiality-preventing revelation to unauthorised persons
Accuracy-free signifier mistakes ; Utility-has a value for some intent ; Authenticity-genuine and Possession-ownership. 8. Identify the six constituents of an information system. Which are most straight affected by the survey of computing machine security? Which are most normally associated with its survey?
The six constituents are: Software. Hardware. Data. People. Procedures. and web. If there is a defect or inadvertence in any of class it could take to exposure and or exposures. The constituents most associated with the survey of information security are: hardware and package when it views as scientific discipline besides people when it view as societal scientific discipline. 9. What system is the male parent of about all modern multiuser systems?
Mainframe computing machine systems
10. Which paper is the foundation of all subsequent surveies of computing machine security?
The foundation of all subsequent surveies of computing machine security is the Rand Report R-609. 11. Why is the top-down attack to information security higher-up to the bottom-up attack?
Top down has strong upper direction support. dedicated support. clear planning and the chance to act upon organisations civilization. whereas Bottom up lacks a figure of critical characteristics such as participant support and organisational remaining power. 12. Why is a methodological analysis of import in the execution of information security? How does a methodological analysis better the procedure?
A formal methodological analysis ensures a strict procedure and avoids losing stairss. 13. Which members of an organisation are involved in the security system development life rhythm? Who leads the procedure?
14. How can the pattern of information security be described as both an art and a scientific discipline? How does security as a societal scientific discipline influence its pattern?
Information security can be described in Art because there are no difficult and fast regulations particularly with users and policy. Besides. it can be describe in Science because the package is developed by computing machine scientists and applied scientists. Mistakes are a precise interaction of hardware and package that can be fixed given adequate clip. 15. Who is finally responsible for the security of information in the organisation?
The Chief Information Security Officer ( CISO )
16. What is the relationship between the MULTICS undertaking and the early development of computing machine security? It was the first and operating system created with security as its primary end. Shortly after the restructuring of MULTICS. several cardinal applied scientists started working on UNIX which did non necessitate the same degree of security. 17. How has computing machine security evolved into modern information security?
In the early yearss before ARPANET machines were merely physically secured. After ARPANET it was realized that this was merely one constituent. 18. What was of import about Rand Report R-609? RR609 was the first widely recognized published papers to place the function of direction and policy issues in computing machine security. 19. Who decides how and when informations in an organisation will be used or controlled? Who is responsible for seeing that these wants are carried out? Control and usage of informations in the Data proprietors are responsible for how and when informations will be used. Data users are working with the informations in their day-to-day occupations. 20. Who should take a security squad? Should the attack to security be more managerial or proficient?
A undertaking director with information security proficient accomplishments lead the squad. The attack to security should be managerial. exceed down.
