Principles of Information Security, 4th Edition

10 June 2016

Robert Cyze

Chapter 1 – Review questions

2 - Vulnerability is a weakness or fault in a system that leaves the system open to an attack or damage.

Exposure is when a system has been opened to allow for intrusion or damage.

Vulnerability can lead to an exposure.

4 - Early security was built around the physical control of the hardware and space it occupied.

6 - The C.I.A. triangle is so commonly used in security because it addresses the major concerns with the vulnerability of information systems. The three components of the triangle (confidentiality, integrity and availability) give value to organizations and are as important today as it has always been.

8 - The six components of an information system are:

Software, hardware, date, people, procedures and networks

All of the components are directly affected by the study of computer security, however the components that are commonly associated with the study are hardware, software and networks.

10 - Rand Report R-609is the paper that is the foundation of all subsequent studies of computer security.

13 - Many members of an organization are involved in the SecSDLC from Senior Management to members of the project team which include people experienced in one or more aspects of the required technical and nontechnical areas of the project.

Senior Management is the key component and the vital force for a successful implementation of an information security program.

16 - MULTICS was the first operating system to integrate security into its core function

19 - Data owners (senior management) decide how and when data will be used or controlled. Data custodians are responsible for seeing that those decisions are carried out.