Cis 462 Midterm

CIS 462 – Midterm Exam

1. Define Confidentiality, Integrity, and Availability.

•

Confidentiality – Is the ideal that information or technological access is given to users in

the right amount. That is that users have enough privileges to do their job an no more.

There can be different, ascending levels of secrecy and typically upper levels gain access

to levels below them.

•

Integrity – The ideal to keep data sources untampered with and trustworthy. Systems

such as backups, shadow copies and they like help prevent accidental or willful deletions

and changes. The goal of integrity systems is to prevent unauthorized users access to

data, prevent authorized users from performing potential malicious actions and to

maintain data consistency.

•

Availability – The ideal that data and resources are available to users at all times. This

would include times of power loss, emergencies or natural disasters. System wear and

tear is a concern as obsolete equipment is replaced and data is maintained. In addition,

protection from hackers and their denial and damaging attacks.

2. Describe the major element of a policy.

A major element of a policy is the statement of purpose, or minimum requirements of a

policy. It identifies at the lowest level the goals of a particular policy. It also identifies

why the policy is be implemented and what problems it is trying to counteract

3. Describe the method to assess and manage risk.

Risk analysis is performed as a part of risk management. This can be performed either

quantitatively or qualitatively. In the former, statistics are produced quantifying loss

expectancy and the probability of an event occurring. Threats and controls are weighed

as well and a relationship between the two is finely tuned to avoid waste. In qualitative

analysis, threats and vulnerabilities are identified. Once these are known and

understood, proper controls can then be implemented to mitigate any potential future

problems....