Premium Essay

Principles of Security 5th Edition Chapter 1 Review Questions

In: Computers and Technology

Submitted By mofles
Words 829
Pages 4
Review Questions

1. What is the difference between a threat agent and a threat?
A threat agent is a specific component that represents a danger to an organization’s assets. And a threat is an object, person or entity that represents a constant danger. 2. What is the difference between vulnerability and exposure?
Vulnerability is a weakness is a system that leaves the system open to attacks. Exposure is the known vulnerabilities that make a system weak and open to attacks without protection. 3. How is infrastructure protection (assuring the security of utility services) related to information security?
If the infrastructure of a network is exposed and accessible to anyone this leaves the network vulnerable to damage both to hardware and software. The infrastructure must be protected to allow only authorized user to have access to the network. 4. What type of security was dominant in the early years of computing?
Physical security. 5. What are the three components of the C.I.A. triangle? What are they used for?
Confidentiality, Integrity and availability are the three components of the C.I.A triangle. They are used as a standard for computer security. 6. If the C.I.A. triangle is incomplete, why is it so commonly used in security?
The C.I.A triangle provides a basic standard of what is needed to keep information secured. 7. Describe the critical characteristics of information. How are they used in the study of computer security?
Availability ensures that only authorized user have access to information.
Accuracy makes sure that the date it has no errors.
Authenticity ensures that the data is genuine.
Prevents unauthorized user from have access to information.
Integrity ensures that information is not damaged or change by unauthorized user.
Utility ensures that all date with value/purpose gets identifies and protected.…...

Similar Documents

Premium Essay

Pricinples of Information Security, Chapter 5 Review Questions

...1. How can a security framework assist in the design and implementation of a security infrastructure? Designing a working plan for securing the organization s information assets begins by creating or validating an existing security blueprint for the implementation of needed security controls to protect the information assets.  A framework is the outline from which a more detailed blueprint evolves.  The blueprint is the basis for the design, selection, and implementation of all subsequent security policies, education and training programs, and technologies.  The blueprint provides scaleable, upgradeable, and comprehensive security for the coming years.  The blueprint is used to plan the tasks to be accomplished and the order in which to proceed. What is information security governance? Governance is “the set of responsibilities and practices exercised by the board and executive management with the goal of providing strategic direction, ensuring that objectives are achieved, ascertaining that risks are managed appropriately and verifying that the enterprise’s resources are used responsibly.”1 Governance describes the entire process of governing, or controlling, the processes used by a group to accomplish some objective. Just like governments, corporations and other organizations have guiding documents—corporate charters or partnership agreements—as well as appointed or elected leaders or officers, and planning and operating procedures. These elements in combination......

Words: 4589 - Pages: 19

Premium Essay

Chapter 4 Review Questions 1-5

...Chapter 4 “IT Infrastructure: Hardware and Software” Review Questions 1-5 1. What are the components of IT infrastructure? • Define information technology (IT) infrastructure and describe each of its components. IT infrastructure consists of the shared technology resources that provide the platform for the firm’s specific information system applications. Major IT infrastructure components include computer hardware, software, data management technology, networking and telecommunications technology, and technology services. 2. What are the major computer hardware, data storage, input, and output technologies used in business? * Computer Hardware: Mainframes, midrange computers, PC’s, workstations, and supercomputers. * Data Storage: Magnetic disk, optical disc, magnetic tape and storage networks. * Input devices: Keyboards, computer mice, touch screens (including those with multitouch), magnetic ink and optical character recognition devices, pen-based instruments, digital scanners, sensors, audio input devices, and radio-frequency identification devices. * Output devices: Display monitors, printers, and audio output devices. • List and describes the various type of computers available to businesses today. * Mainframes are a large-capacity, high-performance computer that can process large amounts of data very rapidly. * Midrange computers are servers computers are specifically optimized to support a computer network, enabling users to share......

Words: 3229 - Pages: 13

Premium Essay

Chapter 10 Exercises Review Questions 1-10

...Chapter 10 Exercises Review Questions 1-10 1. Define the term system architecture. Define the term scalability, and explain why it is important to consider scalability in system design. System architecture translates the logical design of an information system into a physical structure that includes hardware, software, network support, and processing methods. Then, Scalability is the measure of a system’s ability to expand, change, or downsize easily to meet the changing needs of a business enterprise. Scalability is important to consider in implementing systems that are volume related, such as transaction processing systems. 2. When selecting an architecture, what items should a systems analyst consider as part of the overall design checklist? Before selecting a system architecture, the analyst must consider the following issues: Enterprise resource planning (ERP) Initial cost and (TCO) Scalability Web integration Legacy system interface requirements Processing options Security issues 3. What is enterprise resource planning (ERP)? What is supply chain management? Enterprise resource planning (ERP) defines a specific architecture, including standards for data, processing, network, and user interface design. It is important because it describes a specific hardware and software environment that ensures hardware connectivity and easyintegration of future applications, including in house software and commercial packages. ERP also can extend to suppliers......

Words: 404 - Pages: 2

Premium Essay

Review Questions: Chapter 1

...Review Questions: Chapter 1 1.1. Define the following terms: data, database, DBMS, database system, database catalog, program-data independence, user view, DBA, end user, canned transaction, deductive database system, persistent object, meta-data, and transaction-processing application. • Data – known facts that can be recorded and that have implicit meaning. • Database – a collection of related data with an implicit meaning. • DBMS – a collection of programs that enables users to create and maintain a database • Database system – not only contains the database itself bit also a complete definition or description of the database structure and constrains. • Database catalog – the information about the database structure is stored in the Database Catalog which contains the structure of each file, the type and storage format of each data item, and various constrains of the data. • Program-Data Independence – DBMS access programs do not require changes in all programs due to the change in the structure of a file because the structure of data files is stored in the DBMS catalog separately from the access programs. • User View – a database typically has many users, and each of whom may require a different perspective or view of the database. A view may be a subset of the database or it may contain virtual data the is derived from the database files but is not explicitly stored. • DBA – a database administrator (short form DBA) is a......

Words: 2493 - Pages: 10

Premium Essay

Principles of Information Security: Chapter 1 End-of-Chapter Questions

...Chapter 1 Assignmnet Ryan M. Kethcart INFOST-491 SEC-OL Exercises 1. Look up “the paper that started the study of computer security.” Prepare a summary of the key points. What in this paper specifically addresses security in areas previously unexamined? a. A paper titled the “Rand Report R-609” was sponsored by the Department of Defense and initiated the movement toward security that went beyond protecting physical locations. It attempted to define multiple controls and mechanisms necessary for the protection of a multilevel computer system; identifying the role of management and policy issues in computer security. This report/paper significantly expanded the scope of computer security to include the following: securing the data, limiting random and unauthorized access to said data, and involving personnel from multiple levels of the organization in matters pertaining to information security. 3. Consider the information stored on your personal computer. For each of the terms listed, find an example and document it: threat, threat agent, vulnerability, exposure, risk, attack, and exploit. a. Threat: i. Theft of Media b. Threat Agent: ii. Hacker (Ex: Ima Hacker) c. Vulnerability: iii. Unprotected system port d. Exposure: iv. Using a website monitored by malicious hackers, reveals a vulnerability – i.e. Unprotected system port e. Risk: v. Low level risk – The probability......

Words: 790 - Pages: 4

Premium Essay

Principles of Information Security Chapter 2 Review Questions

...1. Management is responsible for implementing information security to protect the ability of the organization to function. They must set policy and operate the organization in a manner that complies with the laws that govern the use of technology. Technology alone cannot solve information security issues. Management must make policy choices and enforce those policies to protect the value of the organization’s data. 2. Data is important to an organization because without it an organization will lose its record of transactions and/or its ability to furnish valuable deliverables to its customers. Other assets that require protection include the ability of the organization to function, the safe operation of applications, and technology assets. 3. Both general management and IT management are responsible for implementing information security. 4. The implementation of networking technology has created more risk for businesses that use information technology because business networks are now connected to the internet and other networks external to the organization. This has made it easier for people to gain unauthorized access to the organization’s networks. 5. Information extortion is when an attacker steals information from a computer system and demands compensation for its return or for an agreement not to disclose it. One example could be someone that gains access to PII such as SSN’s through a company’s database and ransoms the information for money. If not paid, he......

Words: 1112 - Pages: 5

Premium Essay

Caff 321 Chapter 1-4 Review Questions

...MICHELLE LU - 011810966 CAFF 321 CHAPTER REVIEW QUESTIONS (1-4) Chapter 1 1. Why does Daniel Gilbert, author of Stumbling on Happiness, say that experiences might bring more satisfaction than durable goods? Do you agree or disagree? Although happiness is not easily defined and it really depends on who you ask and what their degree of happiness is in their life, Gilbert the author of Stumbling on Happiness, explains that experiences might bring more satisfaction than that of durable goods.  With this he is simply stating the fact that happiness is dependent the things you do in life and not the objects. It is the time that you share with friends and family what makes life meaningful and that creates happiness. All the objects in the world that money can buy is meaningless when you don't have anyone to share it with. 2. Harvard economists Alberto Alesina and Paolo Giuliano say that strong family ties imply more reliance on the family as an economic unit that provides goods and services and less on outside institutions such as those found in the market place and government.  Why does household production (doing things together or making things within the home) activity have such an impact on family ties?  Can you give an example from your own family?   Not completely sure if I am answering this question correctly but basically the way I see things, I must say I agree with both economists who say that strong family ties imply more reliance on the family as an economic unit......

Words: 2837 - Pages: 12

Free Essay

Chapter 2 Review Questions Principles of Information Security

...1. Information security is more of a management issue because it is up to management to decide what end users should have access to and what they should not. Also technology can only do what it is told to do but if management sets up training to teach end users about the threats of say opening an unknown email then the company is safer. 2. Without data an organization loses its record of transactions and/or its ability to deliver value to its customers. Page 42 Principles of Information Security 3. Both general and It management 4. It has created more and the reason why is it is much easier to spread viruses, worms, etc. now that the can get from system to system without having to attach to a physical disc. 5. Information extortion occurs when an attacker or trusted insider steals information from a computer system and demands compensation for its return or for an agreement not to disclose it. Page 60 Principles of Information Security. An example would be if someone would steal the latest album from a well-known artist before its release date and demanded to be paid or it would be released onto the internet. 6. Employees are one of the biggest threats for several reasons the can accidently allow someone access to the system by installing a back door or it is possible for them to become angry with the company and just hand out IP to rival companies. It is also possible that they could accidently delete valuable data from the system that has no backup. 7. Make sure......

Words: 908 - Pages: 4

Premium Essay

Database Design Chapter 1 Review Questions

...1. a. Data – Raw facts b. Field – An alphabetic or numeric character or group of characters that defines a characteristic of a person, place, or thing. c. Record – A collection of related fields. d. File – A named collection of related records 2. Data redundancy occurs when the same data are stored in multiple places unnecessarily. Have more than one incorrect copies of information can cause it. 3. Data independence exists when you can change the data storage characteristics without impeding the program's ability to access the data. It is lacking because of how it has to tell the computer what to do, and how to do it. Causing the program to have much more lines of code than should be needed. 4. It is a software tool that makes it possible to organize data in a database. Its functions are data dictionary management, data storage management, data transformation and presentation. 5. Structural independence exists when you can change the file structure without affecting the application's ability to access the data. If it did not exist, any change to a files structure would require several extra steps for every single record in the file. 6. Data is raw facts that have not been processed. Information is data that has been processed and given context. Databases help to organize the manipulation of data to create information by providing an organizational structure that makes relationships and connections between data explicit. 7. The DBMS serves as the......

Words: 480 - Pages: 2

Premium Essay

Business Management Chapter 1 Review Questions

...Chapter 1 – Subject Review Questions 1. I have worked for my current boss, Mr. Ford, in the field of youth social services for nearly a decade. Due to his leadership, I have remained with the agency throughout tumultuous periods. He has always challenged his employees to strive for quality of service at the greatest speed possible. Mr. Ford organizes employees to create a dynamic workforce capable of adapting to changes affected by the macroenvironment. In an effort to continue to win Requests for Proposal bids, Mr. Ford has consistently operated an efficient service program that is cost competitive with other service providers and fiscally sustainable. 2. One of the greatest ways that the Internet impacts my life on a daily basis involves how it has allowed knowledge to be shared instantaneously and with increasing accuracy. I am able to receive information about events and interests in real time. Instead of having to search libraries for dated information, as I did as a youth, I can find information that is relevant and current from trusted sources. Now it is possible to access peer-reviewed publications from esteemed institutions. Globalization, in conjunction with the Internet, has provided access to news and information from around the world. I enjoy reading articles from the perspectives of those of other nationalities and now, thanks to Google Translate, I can read articles that were written in foreign languages. 3. I have always admired Google for......

Words: 542 - Pages: 3

Premium Essay

Principles of Information Security Chapter 1

...Principles of Information Security, 4th Edition 1 Chapter 1 1 Review Questions 1. What is the difference between a threat agent and a threat? A threat agent is the facilitator of an attack, whereas a threat is a category of objects, persons, or other entities that represents a potential danger to an asset. Threats are always present. Some threats manifest themselves in accidental occurrences and others are purposeful. Fire is a threat; however, a fire that has begun in a building is an attack. If an arsonist set the fire then the arsonist is the threat agent. If an accidental electrical short started the fire, the short is the threat agent. 2. What is the difference between vulnerability and exposure? Vulnerability is a weaknesses or fault in a system or protection mechanism that opens it to attack or damage. Exposure is a condition or state of being exposed. In information security, exposure exists when a vulnerability known to an attacker is present. 3. How is infrastructure protection (assuring the security of utility services) related to information security? The availability of information assets is dependent on having information systems that are reliable and that remain highly available. 4. What type of security was dominant in the early years of computing? In the early years of computing when security was addressed at all, it dealt only with the physical security of the computers themselves and not the data......

Words: 4896 - Pages: 20

Premium Essay

Chapter 1 Review Questions

...CHAPTER 1 REVIEW QUESTIONS 1. Define each of the following terms: a) Data: raw data not processed. This usually includes telephone numbers, a date of birth, customer name etc. It has little meaning until it is turned into information. b) Field: A character or group of characters that has a specific meaning. A field is used to define and store data. c) Record: A logically connected set of one or more fields that describes a person, place, or thing.  d) File: A collection of related records. 2. What is data redundancy, and which characteristics of the file system can lead to it? a. Data redundancy is when the same data are stored unnecessarily at different places. This can lead to poor data security, and data inconsistency. 3. What is data independence, and why is it lacking in file systems? b. Data independence is when you change the data storage characterizes and it doesn’t affect the program’s ability to access the data. 4. What is a DBMS, and what are its functions? c. A DBMS (database management system) is a collection of program that stores and manages data and control access to the data in the collection. It is responsible for creating, editing, deleting and maintain all the data inserted. 5. What is structural independence, and why is it important? d. Access to a file is dependent on the structure of the database. Without structural independence new changes such as adding a field, or a decimal in a......

Words: 1121 - Pages: 5

Premium Essay

Chapter 1 Review Questions

...CHAPTER 1 SOLUTIONS 1-2 There is a demand for auditing in a free-market economy because in the agency relationship there is a natural conflict of interest between an absentee owner and a manager and due to the information asymmetry that exists between the owner and manager. As a result, the agent agrees to be monitored as part of his/her employment contract. Auditing appears to be a cost-effective form of monitoring. The empirical evidence suggests auditing was demanded prior to government regulation such as statutory audit requirements. Additionally, many private companies and other entities not subject to government auditing regulations also purchase various forms of auditing and assurance services. 1-3 There is a natural conflict of interest in the agency relationship between an owner and manager because of differences in the two parties’ goals. For example, the manager may spend funds on excessive personal benefits or favour entity growth at the expense of stockholders values. If both parties seek to maximize their own self-interest, it is likely that the manager will not act in the best interest of the owner and may manipulate the information provided to the owner accordingly. 1-7 Audit risk is defined as the risk that ‘the auditor expresses an inappropriate audit opinion when the financial statements are materially misstated’ (ISA 200). Materiality: ‘Misstatements, including omissions, are considered to be material if they, individually or in the......

Words: 857 - Pages: 4

Premium Essay

Project Management Chapter 1 Review Questions

...Chapter 1: Review Questions 1. What is a project? It is a temporary effort intended to create a unique product, service, or result. 2. What is project management? It is the application of knowledge, skills, tools, and techniques to project activities to meet project requirements. 3. How are projects different from ongoing operations? Projects are temporary and unique while operations are continuous. Operations are an ongoing process to ensure that an organization continues to work effectively. For instance, operation managers can often use checklists to guide much of their work, but project managers rarely have checklists that identify all of the activities they need to accomplish. 4. What types of constraints are common to most projects? Time and budget constraints are common to most projects for clients, and the amount of resources available and the decision maker’s risk tolerance are constraints from an internal point of view. 5. Which deliverable authorizes the project team to move from Selecting and Initiating to Planning? The approval of a charter 6. At what stage of a project life cycle are the majority of the “hands-on” tasks completed? At the execution stage 7. During which state of the project life cycle are loose ends tied up? During the Closing stage 8. What are the five process groups of project management? Initiating, planning, executing, monitoring and controlling, and closing 9. Which process group...

Words: 868 - Pages: 4

Premium Essay

Chapter Review Question Solutions

...Chapter 3 ANSWERS TO QUESTIONS Q3­1 A primary objective of financial reporting is to provide information that is useful to present and potential investors and creditors and other users in making rational investment, credit, and similar decisions. An accounting system is the means by which a company records and stores the financial and managerial information from its transactions so that it can retrieve and report the information in an accounting statement. A double­entry system standardizes the method that a company uses to record changes in its accounts resulting from various transactions or events. For each transaction or event that a company records, the dollar amount of the debits entered in all the related accounts must be equal to the total dollar amount of the credits. These debit or credit entries affect two or more accounts in the assets, liabilities, and stockholders' equity (including the temporary accounts). All normal accounts on the left side of the accounting equation (assets) are increased by debits and decreased by credits whereas accounts on the right side of the equation (liabilities and stockholders' equity) are increased by credits and decreased by debits. A permanent account is an account whose balance at the end of the accounting period is carried forward into the next accounting period. Examples: Cash, Accounts Payable, Capital Stock. A temporary account is an account that is used temporarily to determine the change in retained earnings that occurred......

Words: 25366 - Pages: 102