Principles of Information Security, 4 Th Edition Chapter 1 Solutions

Principles of Information Security, 4th Edition Chapter 1 Review Questions

1. What is the difference between a threat agent and a threat? A threat agent is the facilitator of an attack, whereas a threat is a category of objects, persons, or other entities that represents a potential danger to an asset. Threats are always present. Some threats manifest themselves in accidental occurrences and others are purposeful. Fire is a threat; however, a fire that has begun in a building is an attack. If an arsonist set the fire then the arsonist is the threat agent. If an accidental electrical short started the fire, the short is the threat agent. 2. What is the difference between vulnerability and exposure? Vulnerability is a weaknesses or fault in a system or protection mechanism that opens it to attack or damage. Exposure is a condition or state of being exposed. In information security, exposure exists when a vulnerability known to an attacker is present. How is infrastructure protection (assuring the security of utility services) related to information security? The availability of information assets is dependent on having information systems that are reliable and that remain highly available. What type of security was dominant in the early years of computing? In the early years of computing when security was addressed at all, it dealt only with the physical security of the computers themselves and not the data or connections between the computers. This led to circumstances where most information being stored on computers was vulnerable since information security was often left out of the design phase of most systems. 5. What are the three components of the CIA triangle? What are they used for? The three components of the C.I.A. are:  confidentiality (assurance that the information is shared only among authorized persons or organizations);  integrity (assurance that the information is complete and uncorrupted); and  availability (assurance that the information systems...