Kevin Kovack
Chapter 1 Review Questions
1. What is the difference between a threat agent and a threat? A threat is a constant danger to an asset, whereas a threat agent is the facilitator of an attack.
2. What is the difference between vulnerability and exposure?
Vulnerability is a fault within the system, such as software package flaws, unlocked doors or an unprotected system port. It leaves things open to an attack or damage. Exposure is a single instance when a system is open to damage. Vulnerabilities can in turn be the cause of exposure.
3. How is infrastructure protection (assuring the security of utility services) related to information security? You need to have infrastructure protection in order to have
…show more content…
It is also a science because the software is developed by computer scientists and engineers. Faults are a precise interaction of hardware and software that can be fixed given enough time.
15. Who is ultimately responsible for the security of information in the organization?
The Chief Information Security Officer (CISO)
16. What is the relationship between the MULTICS project and the early development of computer security?
It was the first and operating system created with security as its primary goal. Shortly after the restructuring of MULTICS, several key engineers started working on UNIX which did not require the same level of security.
17. How has computer security evolved into modern information security?
In the early days before ARPANET machines were only physically secured. After ARPANET it was realized that this was just one component.
18. What was important about Rand Report R-609?
R-609 was the first widely recognized published document to identify the role of management and policy issues in computer security.
19. Who decides how and when data in an organization will be used or controlled? Who is responsible for seeing that these wishes are carried out?
Control and use of data in the Data owners are responsible for how and when data will be used, Data users are working with the data in their daily jobs.
20. Who should lead a security team? Should the approach to security be more managerial or technical?
A project
|What is the manager’s |Accuracy in acquiring the data is essential to management. It is the responsibility of the manager to take control and ensure all numbers and data collections add up. It is also the |
1.3 – All members of staff have different responsibilities and levels of authority when processing customer information. Because dealing with data relative to recruitment, compensation and management is highly sensitive. Therefore only employees with given clearance can access and update certain data to ensure they maintain a professional attitude as if there was not any levels of authority then the information could be prone to being misused to commit fraud and other violations.
Threat: An action or event that might compromise security. A threat is a potential violation of security.
* Identify risks, threats, and vulnerabilities in the 7 domains of a typical IT infrastructure
Security and ethical employees will continue to be a vital aspect of ensuring the success of an organization. There will always be a need for ethical IT security professional as hackers will continue to force organizations to make adjustments in their business models to protect their employees, data and customers. Many organizations and managers believe application security requires simply installing a perimeter firewall, or taking a few configuration measures to prevent applications or operating systems from being attacked. This is a risky misconception. By understanding threats and respect impacts, organizations will be equipped to maintain confidentiality, availability and
To start off with I chose to go with our banking or financial industry. The banking industry is constantly getting attacked by various methods on a daily basis. I chose this industry because I happen to know someone who works in the security sector at Wells Fargo Bank, he was a good person to get information on what he sees on a daily or weekly basis. This paper is the opinion of myself and with gathered information from various resources.
According to Berson and Dubov (2011), there are four typical categories of drivers that explain the need for data management: Business Development, Sales and Marketing; Customer Service; Risk, Privacy, Compliance and Control; and Operational
A computer is secure if you can depend on it and its software to behave as you expect I this assignment I will writer about how Linux provides security to you information. The major technical areas of computer security are usually represented by CIA confidentiality, integrity, and authentication or availability. It means that information cannot access by unauthorized people.
Consider your case-study industry and the security discussions that are taking place there. Consider the security discussions that are taking place in this seminar. Delve into the models that have been explored and articulate what you and your colleagues think of these conceptual frameworks. Assess the overall value of models and frameworks to your industry's security environment. Reference sources and the interview will be essential to the success of this particular assignment.
Wm. Arthur Conklin, G. W. (2012). Principles of Computer Security: CompTIA Security+™ and Beyond (Exam SY0-301), Third Edition. In G. W. Wm. Arthur Conklin, _Principles of Computer Security: CompTIA Security+™ and Beyond (Exam SY0-301), Third Edition_ (p. Chapter 20). McGraw-Hill Company.
1. What are some of the emerging IT security technologies that should be considered in solving the Problem related to the case?
us of data and information. It is therefore the responsibility of organisations to have data and
[1] Why Organisations Need Data - College Essays - Oluwatayo. 2014. Why Organisations Need Data - College Essays - Oluwatayo. [ONLINE] Available at: http://www.studymode.com/essays/Why-Organisations-Need-Data-1001107.html. [Accessed 30 December 2014].
Threat: a category of objects, persons, or other entities that presents a danger to an asset
A threat agent is a specific component that represents a danger to an organization’s assets. And a threat is an object, person or entity that represents a constant danger.