Cecs6005 Asig1

Review Questions

Chapter 1

1. What is the difference between a threat agent and a threat?

A Threat is a more encompassing danger to an asset and a threat agent is a more specific one.

2. What is the difference between vulnerability and exposure?

A Vulnerability is a fault or weakness in a system that leaves it exposed to attack and Exposure is an instance when the system is open to damage from a threat.

3. How was the definition of “Hack” evolved over the las 30 years?

In the early days of computing, enthusiasts were called hacks or hackers, because they could tear apart the instruction code or even the computer itself. The term hacker at one-time expressed respect for another’s ability. Now it is a synonymous with illegal activity.

4. What type of security was dominant in the early years of computing?

It was of the physical sort since when starting the security need was not important.

5. What are the three components of the C.I.A Triangle? What are they used for?

Confidentiality, Integrity, and Availability. They are the computer standard for mainframe development.

6. If the C.I.A. triangle is incomplete, why is it so commonly used in security?

The CIA triangle is still used because it addresses the major concerns with the vulnerability of information systems and it has just been added on not eliminated.

7. Describe the critical characteristics of information. How are they used in the study of computer security?

* Availability: Authorized users can access the information

* Accuracy: Free from mistakes or errors.

* Authenticity: Original, Not Fake, Genuine

* Confidentiality: Preventing disclosure or exposure to unauthorized individuals.

* Integrity: Whole, Complete and Uncorrupted.

* Utility: Has a value for some Purpose or End.

* Possession: Ownership or Control of some object or item.

8. Identify the five components of an information system. Which are the most directly impacted...