Information Security Essay

1. What is the difference between a threat actor and a threat? A threat agent is the facilitator of an attack however a threat is a constant danger to an asset. 2. What is the difference between vulnerability and exposure? The differences are vulnerability is a fault within the system, such as software package flaws, unguaranteed doors or an unprotected system port. It leaves things open to an attack or damage. video is a single instance when a system is open to damage. Vulnerabilities ignore in turn be the cause of exposure. 3. How is infrastructure tax shelter (assuring the protective cover measure of utility-grade services) related to information protective covering? nurture gage is the protection of information and it is critical elements, including the systems and hardware that utilize, store, and transmit that information, Thus, assuring the earnest of utility services are critical elements in information system. 4. What type of surety was dominant in the early y ears of computing? The type of pledge system measure was dominant in the early years of computing warrantor was either in all physical credential. And MULTICS was frontmost noteworthy operating system to integrate security in to its core system. 5. What are the three components of the C.I.A. triplicity? What are they used for? The three components of the C.I.A triangle areConfidentiality Informations should only be accessible to its intended recipients. Integrity Information arrive the same as it was sent. Availability Information should be available to those authorized to use it. 6. If the C.I.A. triangle is incomplete, why is it so commonly used in security? The CIA triangle is still used because it addresses the study concerns with the vulnerability of information systems. It contains three major characteristic confidentiality, integrity and availability which are important even today. 7. delimitate the critical characteristics of information. How are they used in the s tudy of computer security?The critical characteristics of information areConfidentiality-preventing disclosure to unauthorized individualsAccuracy-free form errors Utility-has a value for some purpose Authenticity-genuine and Possession-ownership. 8. Identify the six components of an information system. Which are most directly affected by the study of computer security? Which are most commonly associated with its study?The six components are Software, Hardware, Data, People, Procedures, and network. If in that respect is a flaw or oversight in any of fellowship it could lead to exposure and or vulnerabilities. The components most associated with the study of information security are hardware and software when it views as science also deal when it view as social science. 9. What system is the father of almost all modern multiuser systems?Mainframe computer systems10. Which paper is the foundation of all concomitant studies of computer security?The foundation of all subsequen t studies of computer security is the Rand Report R-609. 11. Why is the top-down begin shot to information security well-made to the bottom-up approach?Top down has strong upper solicitude incite, dedicated funding, clear planning and the opportunity to influence makeups culture, whereas Bottom up lacks a number of critical features such as participant support and organizational staying power. 12. Why is a methodology important in the effectuation of information security? How does a methodology improve the process?A formal methodology ensures a rigorous process and avoids missing steps. 13. Which members of an organization are involved in the security system development spirit cycle? Who leads the process?14. How kindle the practice of information security be described as both an art and a science? How does security as a social science influence its practice?Information security can be described in Art because at that place are no hard and fast rules especially with users and policy. Also, it can be describe in Science because the software is developed by computer scientists and engineers. Faults are a precise interaction of hardware and software that can be fixed given enough time. 15. Who is ultimately accountable for the security of information in the organization?The Chief Information Security military officer (CISO)16. What is the relationship between the MULTICS project and the early development of computer security? It was the first and operating system created with security as its primary goal. concisely after the restructuring of MULTICS, several key engineers started working on UNIX which did not exact the same level of security. 17. How has computer security evolved into modern information security?In the early days before ARPANET machines were only physically secured. later on ARPANET it was realized that this was just one component. 18. What was important abtaboo Rand Report R-609? RR609 was the first widely recognized publi shed document to identify the role of forethought and policy issues in computer security. 19. Who decides how and when selective information in an organization result be used or controlled? Who is responsible for seeing that these wishes are carried out? Control and use of data in the Data owners are responsible for how and when data will be used, Data users are working with the data in their daily jobs. 20. Who should lead a security team? Should the approach to security be more managerial or technical?A project manager with information security technical skills lead the team. The approach to security should be managerial, top down.