Informational Securities Chapter One Questions

1. The paper is titled the “Rand Report R-609.” It was sponsored by the DOD and it was focused on initiating security for more than the physical. It addressed and attempted to define the levels of security and management of necessary for computer systems. It addressed a wide variety of topics such as: limiting data access, securing data, involvement of personnel, etc. The paper was an eye opener for every industry that involved computer systems in day to day operations, especially those that had a strong reliance on them.

2.

a. Threat- theft of personal data

b. Threat agent- hacker or worm

c. Vulnerability- unprotected or outdated firewall and malware system

d. Exposure- use of an unprotected website that can be viewed by hackers

e. Risk- risk level (possibility that _______ will occur)

f. Attack- act of a hacker taking advantage of a lack of security to steal or gain access to data

g. Exploit- using malicious programs to gain access to a users data and thus steal or distribute the data, media, files, etc

3. Kevin Mitnik is a famous hacker that was able to access the phone systems of companies as well as computer networks. He was arrested by the FBI on Feb 15, 1995 for computer hacking and wire fraud. He used cloned phones, false information, and phone codes, to access private systems of corporations such as Pacific Bells voice mail computers. He was put in solitary confinement for eight months due to, as stated by Mitnick, law enforcements fear of him using his knowledge to access military systems through phone lines. As of 2000, he works as a security consultant for fortune 500 companies helping to increase their cyber security to prevent the same attacks that Kevin himself used to perpetrate.