case study
Computer Security IV
Chapter 1 (40)
Question 1
a) Look up “the paper that started the study of computer security.” Prepare a summary of the key points. What in this paper specifically addresses security in areas previously unexamined?
b) Consider the information stored on your personal computer. For each of the terms listed, find an example and document it: threat, threat agent, vulnerability, exposure, risk, attack, and exploit.
Question 2
The next day at SLS found everyone in technical support busy restoring computer systems to their former state and installing new virus and worm control software. Amy found herself learning how to install desktop computer operating systems and applications as SLS made a heroic effort to recover from the attack of the previous day.
Questions:
a) Do you think this event was caused by an insider or outsider? Why do you think this?
b) Other than installing virus and worm control software, what can SLS do to prepare for the next incident?
c) Do you think this attack was the result of a virus or a worm? Why do you think this?
Chapter 2 (40)
Question 1
a) Consider the statement: an individual threat agent, like a hacker, can be a factor in more than one threat category. If a hacker hacks into a network, copies a few files, defaces the Web page, and steals credit card numbers, how many different threat categories does this attack fall into?
a. Overall, I believe this attack falls into four major threat categories: deliberate acts of trespass, compromises to intellectual property, technical failures, and managerial failure. Furthermore, I believe this attack would be categorized as a deliberate act of theft/trespass which compromises intellectual property due to technical and managerial failures. b. It seems as this hacker was deliberately causing harm (i.e. copying files, vandalizing the web page, and theft of credit card numbers); due to their method of entry – hacking into a network – it leaves me to believe there were some
Chapter 1 (40)
Question 1
a) Look up “the paper that started the study of computer security.” Prepare a summary of the key points. What in this paper specifically addresses security in areas previously unexamined?
b) Consider the information stored on your personal computer. For each of the terms listed, find an example and document it: threat, threat agent, vulnerability, exposure, risk, attack, and exploit.
Question 2
The next day at SLS found everyone in technical support busy restoring computer systems to their former state and installing new virus and worm control software. Amy found herself learning how to install desktop computer operating systems and applications as SLS made a heroic effort to recover from the attack of the previous day.
Questions:
a) Do you think this event was caused by an insider or outsider? Why do you think this?
b) Other than installing virus and worm control software, what can SLS do to prepare for the next incident?
c) Do you think this attack was the result of a virus or a worm? Why do you think this?
Chapter 2 (40)
Question 1
a) Consider the statement: an individual threat agent, like a hacker, can be a factor in more than one threat category. If a hacker hacks into a network, copies a few files, defaces the Web page, and steals credit card numbers, how many different threat categories does this attack fall into?
a. Overall, I believe this attack falls into four major threat categories: deliberate acts of trespass, compromises to intellectual property, technical failures, and managerial failure. Furthermore, I believe this attack would be categorized as a deliberate act of theft/trespass which compromises intellectual property due to technical and managerial failures. b. It seems as this hacker was deliberately causing harm (i.e. copying files, vandalizing the web page, and theft of credit card numbers); due to their method of entry – hacking into a network – it leaves me to believe there were some