Principles of Security 5th Edition Chapter 1 Review Questions

814 Words4 Pages
Review Questions

1. What is the difference between a threat agent and a threat?
A threat agent is a specific component that represents a danger to an organization’s assets. And a threat is an object, person or entity that represents a constant danger. 2. What is the difference between vulnerability and exposure?
Vulnerability is a weakness is a system that leaves the system open to attacks. Exposure is the known vulnerabilities that make a system weak and open to attacks without protection. 3. How is infrastructure protection (assuring the security of utility services) related to information security?
If the infrastructure of a network is exposed and accessible to anyone this leaves the network vulnerable to damage both
…show more content…
Which are most directly affected by the study of computer security? Which are most commonly associated with its study?
Software, Hardware, Data, People, Procedures, Networks.
Data, software, networks and procedure are the most directly affected by the study of information security. Data and software are the most associated with the study of security. 9. What system is the predecessor of almost all modern multiuser systems?
The mainframe computer system. 10. Which paper is the foundation of all subsequent studies of computer security?
The rand report R-609. 11. Why is the top-down approach to information security superior to the bottom-up approach?
The bottom-up approach lacks support from upper management. The top-down approach offers more upper management support with more funding plus clear planning. 12. Why is a methodology important in the implementation of information security? How does a methodology improve the process?
A methodology is important because it avoids missing any steps to ensure security. 13. Which members of an organization are involved in the security system development life cycle? Who leads the process?
Security professionals are involved in the development life cycle. The date owner with the help of the senior management and the security team lead the projects. 14. How can the practice of information security be described as both an art and a science? How does security
Get Access