consider the threat of "theft/breach proprietary of confidential information held ih key data files on the system." One method by which such a breach might occur is the accidental/deliberate e-mailing of information to a user outside to the organization. A possible countermeasure to this is to require all external e-mail to be given a sensitivity tag (classification if you like) in its subject and for external e-mail to have the lowest sensitivity tag. Discuss how this measure could be implemented in a firewall and what components and architecture would be needed to do this.

consider the threat of "theft/breach proprietary of confidential information held ih key data files on the system." One method by which such a breach might occur is the accidental/deliberate e-mailing of information to a user outside to the organization. A possible countermeasure to this is to require all external e-mail to be given a sensitivity tag (classification if you like) in its subject and for external e-mail to have the lowest sensitivity tag. Discuss how this measure could be implemented in a firewall and what components and architecture would be needed to do this.

Management Of Information Security

6th Edition

ISBN:9781337405713

Author:WHITMAN, Michael.

Publisher:WHITMAN, Michael.

Chapter2: Compliance: Law And Ethics

Section: Chapter Questions

Problem 1EDM

See similar textbooks

Similar questions

Consider a piece of software that allows a surgeon in one area to help in the conduct of an operation in another through the internet. Who would agree to this? What type of damage do they want to inflict? In what ways may they harm you? Is it possible that such vulnerabilities might do harm even in the absence of an active threat actor?
Think about a scenario where a threat actor changes the extension of files to avoid it being considered for investigation. What steps will you take to ensure a proper investigation can be carried out? Also state your plan of action in the case where you found a formatted HD? How will data be stored on it? What is a slack space?
Provide an example of a scenario involving registration administration. As many distinct authentication methods as feasible should be recorded. Do you think passwords will become antiquated in the near future?
A case study of a recent occurrence involving a flaw in access control or authentication might be very instructive. Is there a difference in how the firm operates now as a result? Can you tell me whether there have been any losses at this company and what they were?
Consider a hypothetical scenario pertaining to the management of user authentication credentials. Identify various approaches to verifying one's identity. Is the use of passwords becoming outdated in the contemporary digital landscape?
Let us consider an application where we need to run a secure Information Management System.We are to receive very confidential information from our customers and keep them save in our system. These information are sent to us in the softcopy forms. We are to protect our customers’ confidentiality even from ourselves, we are not to see the information they bring to us, or else the confidentiality is compromised.Your job as computer security officer is to verify the authenticity of the important document received in order to save them under the appropriate users. Mind you; you have no access to the users’ usernames and passwords, you can store but cannot retrieve except the user himself.Secondly, you are to protect the passwords and usernames to make impossible for everyone (including the system administrators) except the users themselves to access even if the whole database is hacked or stolen.2. Which cryptographic mechanisms would you implement in order to protect the usernames and…
Let us consider an application where we need to run a secure Information Management System.We are to receive very confidential information from our customers and keep them save in our system. These information are sent to us in the softcopy forms. We are to protect our customers’ confidentiality even from ourselves, we are not to see the information they bring to us, or else the confidentiality is compromised.Your job as computer security officer is to verify the authenticity of the important document received in order to save them under the appropriate users. Mind you; you have no access to the users’ usernames and passwords, you can store but cannot retrieve except the user himself.Secondly, you are to protect the passwords and usernames to make impossible for everyone (including the system administrators) except the users themselves to access even if the whole database is hacked or stolen.1. Based on your knowledge in computer security, which cryptographic mechanisms would you…
Provide an example of a hypothetical situation requiring the management of logins. Develop a range of unique techniques for confirming identity. Could passphrases ultimately take the place of passwords?
Think about a piece of software that, via the use of the internet, enables a surgeon in one location to assist in the performance of an operation in another. Who exactly would sign up? What kind of harm do they anticipate causing? What specific ways may they hurt you? Are such vulnerabilities capable of causing damage even in the absence of a live threat?
Provide an example of a made-up situation in which user credentials have to be managed. Determine several forms of authentication. Do you understand the need for a password?
What exactly is a poison package attack, and what exactly does it imply? Please provide two instances of this kind of assault.
A recent incident involving a security weakness in authentication or access control may make for a fascinating topic for a case study if it was written up. Is there going to be a change in the way that the company functions as a consequence of this? I was wondering if you could tell me whether or whether this firm has ever gone bankrupt, and if so, how much money was lost.