Cis 170 Chapter 1 Review Questions

1. What is the difference between a threat agent and a threat?

A threat is a constant danger to an asset and a threat agent is the facilitator of the attack.

2. What is the difference between vulnerability and exposure?

Vulnerability is a weakness in the system that allows information to be compromised such as a flaw in software that allows hackers to manipulate system resources. Exposure is when the information system is compromised and is open to potential danger.

3. How is infrastructure protection (assuring the security of utility services) related to information security?

Information security is the protection of information and its crucial elements, including the systems and hardware that are used, store, and transmit that information. That is why assuring the security of utility services are critical elements in information system.

4. What type of security was dominant in the early years of computing?

Physical security was dominant in the early years of computing.

5. What are the three components of the C.I.A. triangle? What are they used for?

Confidentiality, Integrity, and Availability. Confidentiality means that information should only be accessible to its intended recipients. Integrity means that information should be received the same as it was sent. And availability means that information should be available for those authorized to use it.

6. If the C.I.A. triangle is incomplete, why is it so commonly used in security?

The C.I.A. triangle is commonly used because it addresses the major concerns of the vulnerability of information systems.

7. Describe the critical characteristics of information. How are they used in the study of computer security?

Availability, authorized users can access the information. Accuracy, the information is free from errors. Authenticity, the information is genuine. Confidentiality, preventing disclosure to unauthorized individuals. Integrity, the information is whole and...