搜索
Tutorial11.Whattypeofsecuritywasdominantintheearlyyearsofcomputing?Answer:Intheearlyyearsofcomputingwhensecuritywasaddressedatall,itdealtonlywiththephysicalsecurityofthecomputersthemselvesandnotthedataorconnectionsbetweenthecomputers.2.WhoisknownasthefounderoftheInternet?Towhatprojectdoesittraceitsorigin?Whoinitiatedthisprojectandforwhatpurpose?Answer:LarryRoberts,knownasthefounderoftheInternet.Theoriginoftoday'sInternet,tracestotheARPANETproject.DuringtheColdWar,manymoremainframeswerebroughtonlinetoaccomplishmorecom-plexandsophisticatedtasks.Itbecamenecessaryto_ndawaytoenablethesemainframestocommunicatewitheachbymeansofalesscumbersomeprocessthanmailingmagnetictapesbetweencomputercenters.Inresponsetothisneed,theDepartmentofDefensesAdvancedResearchProjectAgency(ARPA)beganexaminingthefeasibilityofaredundant,networkedcommunicationssystemtosupportthemilitarysexchangeofinformation.3.Whatlayersofsecurityshouldasuccessfulorganizationhaveinplacetoprotectitsoperations?Answer:(a)Security,toprotectphysicalitems,objects,orareasfromunauthorizedaccessandmis-use.(b)Personalsecurity,toprotecttheindividualorgroupofindividualswhoarePhysicalauthorizedtoaccesstheorganizationanditsoperations.(c)Operationssecurity,toprotectthedetailsofaparticularoperationorseriesofactivities.(d)Communicationssecurity,toprotectcommunicationsmedia,technology,andcontent.(e)Networksecurity,toprotectnetworkingcomponents,connections,andcontents.(f)Informationsecurity,toprotectinformationassets.4.WhatarethethreecomponentsoftheCIAtriangle?Whataretheyusedfor?Answer:ThethreecomponentsoftheC.I.A.are:(a)Con_dentiality(assurancethattheinformationissharedonlyamongauthorizedpersonsororganizations);(b)Integrity(assurancethattheinformationiscompleteanduncorrupted);(c)Availability(assurancethattheinformationsystemsandthenecessarydataareavailableforusewhentheyareneeded).Thesethreecomponentshavebeenconsideredastheindustrystandardforcomputersecurity.5.IftheC.I.A.Triangleisincomplete,whyisitsocommonlyusedinsecurity?Answer:TheCIAtriangleiscommonlyusedinsecuritybecauseitaddressesthefundamentalconcernsofinformationsecurity(i.e.con_dentiality,integrity,andavailability).Itisstillusedwhennotcompletebecauseitaddressesallofthemajorconcernswiththevulnerabilityofinformationsystems.6.Describethecriticalcharacteristicsofinformation.Howaretheyusedinthestudyofcom-putersecurity?Answer:Thecriticalcharacteristicsofinformationde_nethevalueofinformation.Changinganyoneofitscharacteristicschangesthevalueoftheinformationitself.Therearesevencharacteristicsofinformation:(a)Availabilityenablesauthorizedusers(i.e.personsorcomputersystems)toaccessinfor-mationwithoutinterferenceorobstruction,andtoreceiveitintherequiredformat.(b)Accuracyoccurswheninformationisfreefrommistakesorerrorsandithasthevaluethattheenduserexpects.(c)Authenticityofinformationisthequalityorstateofbeinggenuineororiginal,ratherthanareproductionorfabrication.Informationisauthenticwhenitisinthesamestateinwhichitwascreated,placed,stored,ortransferred.(d)Con_dentialityisachievedwhendisclosureorexposureofinformationtounauthorizedindividualsorsystemsisprevented.Con_dentialityensuresthatonlythosewiththerightsandprivilegestoaccessinformationareabletodoso.(e)Integrityofinformationismaintainedwhenitiswhole,complete,anduncorrupted.(f)Utilityofinformationisthequalityorstateofthatinformationhavingvalueforsomepurposeorend.Informationhasvaluewhenitservesaparticularpurpose.(g)Possessionofinformationisthequalityorstateofownershiporcontrolofsomeobjectoritem.Informationissaidtobeinonespossessionifoneobtainsit,independentofformatorothercharacteristics.7.Identifythesixcomponentsofaninformationsystem.Whicharemostdirectlyimpactedbythestudyofcomputersecurity?Whicharemostcommonlyassociatedwiththisstudy?Answer:Sixcomponentsofaninformationsystemare:software,hardware,data,people,procedures,andnetworks.Peoplewouldbeimpactedmostbythestudyofcomputersecurity.Peoplecanbetheweakestlinkinanorganization'sinformationsecurityprogram.Andunlesspolicy,educationandtraining,awareness,andtechnologyareproperlyemployedtopreventpeoplefromaccidentallyorintentionallydamagingorlosinginformation,theywillremaintheweakestlink.Socialengineeringcanbeusedtomanipulatetheactionsofpeopletoobtainaccessinformationaboutasystem.Procedures(i.e.writteninstructionsforaccomplishingaspeci_ctask)couldbeanothercomponent,whichwillbeimpacted.Theinformationsystemwillbee_ectivelysecuredbyteachingemployeestobothfollowandsafeguardtheprocedures.Followingprocedurereducesthelikelihoodofemployeeserroneouslycreatinginformationinsecurities.Propereducationabouttheprotectionofprocedurescanavoidunauthorizedaccessgainedusingsocialengi-neering.Hardwareandsoftwarearethecomponentsthatarehistoricallyassociatedwiththestudyofcomputersecurity.However,theIScomponentthatcreatedmuchoftheneedforincreasedcomputerandinformationsecurityisnetworking.Tutorial21.Howisthetopdownapproachtoinformationsecuritysuperiortothebottomupapproach?Answer:Thetop-downapproach,inwhichtheprojectisinitiatedbyupper-levelmanagerswhoissuepolicy,pr