Principles of Information Security 4th Ed Chapter 1 Review Questions

Decent Essays
Kevin Kovack

Chapter 1 Review Questions

1. What is the difference between a threat agent and a threat? A threat is a constant danger to an asset, whereas a threat agent is the facilitator of an attack.

2. What is the difference between vulnerability and exposure?
Vulnerability is a fault within the system, such as software package flaws, unlocked doors or an unprotected system port. It leaves things open to an attack or damage. Exposure is a single instance when a system is open to damage. Vulnerabilities can in turn be the cause of exposure.

3. How is infrastructure protection (assuring the security of utility services) related to information security? You need to have infrastructure protection in order to have
…show more content…
It is also a science because the software is developed by computer scientists and engineers. Faults are a precise interaction of hardware and software that can be fixed given enough time.

15. Who is ultimately responsible for the security of information in the organization?
The Chief Information Security Officer (CISO)

16. What is the relationship between the MULTICS project and the early development of computer security?
It was the first and operating system created with security as its primary goal. Shortly after the restructuring of MULTICS, several key engineers started working on UNIX which did not require the same level of security.

17. How has computer security evolved into modern information security?
In the early days before ARPANET machines were only physically secured. After ARPANET it was realized that this was just one component.

18. What was important about Rand Report R-609?
R-609 was the first widely recognized published document to identify the role of management and policy issues in computer security.

19. Who decides how and when data in an organization will be used or controlled? Who is responsible for seeing that these wishes are carried out?
Control and use of data in the Data owners are responsible for how and when data will be used, Data users are working with the data in their daily jobs.

20. Who should lead a security team? Should the approach to security be more managerial or technical?
A project
Get Access