Essay about Chapter 1 Review Questions

854 Words Sep 6th, 2015 4 Pages
1. What is the difference between a threat agent and a threat?

A. A threat agent is the person who facilitates the attack while the threat is a constant danger to something.

2. What is the difference between vulnerability and exposure?

A. Vulnerability is a flaw within the system or a weakness, usually where the attackers attack. While Exposure is a single situation when the system is prone to be harmed.

3. How is infrastructure protection (assuring the security of utility services) related to information security?
A. Both infrastructure protection and information security share the same overall goal, which is to ensure that data is available when, where and how it is needed.

4. What type of security was dominant in the
…show more content…
B. Data is most critical component of an information system, and therefore the most directly affected by the study of computer security.
C. The most commonly component associated with the study of information systems, is in fact all of them. In order to make data secure, it is an absolute necessity to study all six components, since they are all related parts of information security as a whole.

9. What system is the father of almost all modern multiuser systems?

A. The father of almost all modern multiuser system is Mainframe computer systems.

10. Which paper is the foundation of all subsequent studies of computer security?

A. The paper foundation of all subsequent studies of computer security is “Rand Report R-609”

11. Why is the top-down approach to information security superior to the bottom-up approach?

A. Top down has a strong upper management support, dedicated funding, clear planning and the opportunity to influence organizations culture, while bottom up lacks a number of critical features.

12. Why is a methodology important in the implementation of information security? How does a methodology improve the process?

A. A formal methodology doesn’t miss steps and maintains a rigorous process.

13. Which members of an organization are involved in the security system development life cycle? Who leads the process?

A. Security professionals are involved.
B. Data owners, Senior Management and security project team are the leaders in the

Related Documents