Submitted by: Submitted by cliffbanta
Views: 82
Words: 269
Pages: 2
Category: Business and Industry
Date Submitted: 09/07/2014 05:28 AM
Exercise 1 and 3
Clifford Banta
ABTU Online
Date 8-24-2014
Instructor
Robert Rupocinski
Exercise 1
A paper titled the “Rand Report R - 609” was sponsored by the Department of Defense and initiated the movement toward security that went beyond protecting physical locations. It attempted to define multiple controls and mechanisms necessary for the protection of a multilevel computer system; identifying the role of management and policy issues in computer security. This report/paper significantly expanded the scope of computer security to include the following: securing the data, limiting random and unauthorized access to said data, and involving personnel from multiple levels of the organization in matters pertaining to information security.
Exercise 3
a. Threat:
i. Theft of Media
b. Threat Agent:
i. Hacker (Ex: Ima Hacker)
c. Vulnerability:
i. Unprotected system port
d. Exposure:
i. Using a website monitored by malicious hackers, reveals a vulnerability
– i.e. Unprotected system port
e. Risk:
i. Low level risk – The probability that theft of media will occur is low
f. Attack:
i. Hacker is made aware of system vulnerability (unprotected system port) by monitoring the website mediamadness.com. The hacker then navigates to and enters the exposed port; the hackers continues to steal media files from the user’s computer. This results in the user experiencing a loss.
g. Exploit:
i. Hacker uses software tools to gain access to the unprotected system port; gaining
access to the user’s computer.
References
Published for the Office of the Secretary of Defense
Edited by Willis H. Ware
R-609-1
Reissued October 1979
Rand
SANTA MONICA, CA. 90406
APPROVED FOR PUBLIC RELEASE; DISTRIBUTION UNLIMITED