Information Security Essay

1. What is the difference mingled with a menace agent and a threat? A threat agent is the facilitator of an attack however a threat is a regular danger to an asset. 2. What is the difference between pic and exposure? The differences be vulnerability is a fault within the system, such as softwargon pile flaws, unlocked doors or an unprotected system port. It leaves things hand to an attack or damage. Exposure is a single instance when a system is open to damage. Vulnerabilities stomach in turn be the ca procedure of exposure. 3. How is infrastructure resistance (assuring the warrantor system department measure measures of utility services) related to in lineation protective cover?Information security is the protection of reading and it is critical elements, including the systems and hardwargon that used, store, and transmit that entropy, Thus, assuring the security of utility services are critical elements in nurture system. 4. What case of security was dominant in t he early years of computing? The typeface of security was dominant in the early years of computing security was entirely physical security. And MULTICS was first noteworthy operating system to mingle security in to its core system. 5. What are the one-third components of the C.I.A. triangle? What are they used for? The three components of the C.I.A triangle areConfidentiality Informations should unless be accessible to its intended recipients. Integrity Information arrive the comparable as it was sent. Availability Information should be available to those authorized to use it. 6. If the C.I.A. triangle is incomplete, why is it so commonly used in security? The CIA triangle is still used because it addresses the major concerns with the vulnerability of information systems. It contains three major characteristic confidentiality, integrity and availability which are important pull down today. 7. Describe the critical characteristics of information. How are they used in the study of ready reckoner security?The critical characteristics of information areConfidentiality-preventing disclosure to unauthorized individualsAccuracy-free form errors Utility-has a value for some purpose Authenticity-genuine and Possession-ownership. 8. Identify the six components of an information system. Which are most directly affected by thestudy of information sueing system security? Which are most commonly associated with its study?The six components are Software, Hardware, Data, People, Procedures, and network. If there is a flaw or oversight in both of category it could haul to exposure and or vulnerabilities. The components most associated with the study of information security are hardware and packet when it views as intuition besides people when it view as social science. 9. What system is the father of or so alone modern multiuser systems?Mainframe calculating machine systems10. Which paper is the foundation of all subsequent studies of electronic computer secu rity?The foundation of all subsequent studies of computer security is the Rand business relationship R-609. 11. Why is the top-down approach to information security superior to the bottom-up approach?Top down has strong hurrying management support, dedicated funding, clear planning and the opportunity to influence faces culture, whereas piece of tail up lacks a number of critical features such as thespian support and organizational staying power. 12. Why is a methodology important in the implementation of information security? How does a methodology improve the process?A formal methodology ensures a rigorous process and avoids absent steps. 13. Which members of an organization are involved in the security system using life cycle? Who leads the process?14. How can the commit of information security be described as both an art and a science? How does security as a social science influence its practice?Information security can be described in finesse because there are no hard a nd fast rules especially with users and policy. Also, it can be describe in Science because the software is developed by computer scientists and engineers. Faults are a precise interaction of hardware and software that can be fixed given enough time. 15. Who is ultimately responsible for the security of information in the organization?The Chief Information warranter Officer (CISO)16. What is the relationship between the MULTICS project and the early development of computer security?It was the first and operating system created with security as its indigenous goal. Shortly after the restructuring of MULTICS, several key engineers started operative on UNIX which did not require the same level of security. 17. How has computer security evolved into modern information security?In the early days before ARPANET machines were only physically secured. After ARPANET it was realized that this was just one component. 18. What was important about Rand Report R-609?RR609 was the first widely recognized published document to identify the single-valued function of management and policy issues in computer security. 19. Who decides how and when data in an organization will be used or controlled? Who is responsible for seeing that these wishes are carried out? Control and use of data in the Data owners are responsible for how and when data will be used, Data users are working with the data in their daily jobs. 20. Who should lead a security team up? Should the approach to security be more managerial or technical foul?A project manager with information security technical skills lead the team. The approach to security should be managerial, top down.