Nt1330 Unit 3 Essay
2. What is the difference between vulnerability and exposure?
Vulnerability is a weakness or a fault within the system, such as software package flaws, unlocked doors, or an unprotected system port. Vulnerability leaves things open to an attack or damage. Exposure on the other hand, is a single instance when the system is open to damage. Vulnerabilities (weaknesses) can in turn be the cause of exposure (system open for attack).
4. What type of security was dominant in the early years of computing?
Security, in its earliest years, consisted of mainly physical security, the need to safeguard the equipment itself. During the next decade, when ARPANET grew in use, more advanced security was needed. This led to the creation of MULTICS, an operating system with security being its main concern. From MULTICS spawned the UNIX operating system which did not require the same in-depth levels of security. In the early 1970's the password function was implemented as one of the first security measures. As computers and networking became more wide spread, during the 1990's, some security measures were implemented though they were seen as a low priority. Because of the lack of security in the start, we now have …show more content…
many of the problems that exist today.
6.
If the C.I.A. triangle is incomplete, why is it so commonly used in security?
The C.I.A. triangle is the industry standard for computer security. It has existed since the development of the mainframe. Because it is the industry standard it is still used today because it's characteristics; confidentiality, integrity, and availability are still just as important in today's society. However, it no longer addresses the full breadth of security concerns faced today, so it instead serves as a foundation for a more advanced system, known as the expanded C.I.A. triangle.
8. Identify the five components of an information system. Which are most directly impacted by the study of computer security? Which are most commonly associated with its
study?
There are actually six components of an information system. They are: software, hardware, data, people, procedures, and networks. All six of these components are impacted by the study of computer security. A flaw or an oversight in any one of the areas could lead to vulnerabilities or exposure. The components most associated with the study of information security are, when viewed as a science, hardware and software and when viewed as a social science, people.
10. What paper is the foundation of all subsequent studies of computer security?
The Rand Report R-609, sponsored by the Department of Defense, is today referred to as "the paper that started the study of computer security". It was the first widely recognized published document to address the issues of information systems security and it is the foundation of all subsequent studies.
12. Why is a methodology important in the implementation of information security? How does a methodology improve the process?
A methodology is a formal approach to problem solving and is based on structured procedures. This is important in the implementation of information security because it ensures that a strict process is being followed and helps to prevent missing any necessary steps in the process. This improves the process because it increases its chance for success by holding the individuals involved in the process accountable for accomplishing their individual project goals.
14. How does the practice of information security qualify as both an art and a science? How does security as a social science influence its practice?
Information security can be classified as an art because there are no hard lines to regulate the installation of various forms of security nor are there any universally accepted complete solutions, just as there are no universally accepted forms of art. It instead relies on the artists, or in this case, the technicians own insight. In addition, much like artists and their paint, technicians use just enough security to "paint the picture" without restricting is functioning. Information security can also be defined as a science because virtually all actions of a computer are the result of specific, scientific conditions. Additionally, almost all cases of vulnerability or flaws can be traced back to specific hardware or software components. Security as a social science influences its practice by considering the behavior of individuals as they interact with systems. Social science takes into account that often times, it is the user who is the weakest link when implementing security measures. By understanding users and their behaviors, security measures can be implemented to reduce the risks caused by users thereby making the overall design of the security system more effective.
Vulnerability is a weakness or a fault within the system, such as software package flaws, unlocked doors, or an unprotected system port. Vulnerability leaves things open to an attack or damage. Exposure on the other hand, is a single instance when the system is open to damage. Vulnerabilities (weaknesses) can in turn be the cause of exposure (system open for attack).
4. What type of security was dominant in the early years of computing?
Security, in its earliest years, consisted of mainly physical security, the need to safeguard the equipment itself. During the next decade, when ARPANET grew in use, more advanced security was needed. This led to the creation of MULTICS, an operating system with security being its main concern. From MULTICS spawned the UNIX operating system which did not require the same in-depth levels of security. In the early 1970's the password function was implemented as one of the first security measures. As computers and networking became more wide spread, during the 1990's, some security measures were implemented though they were seen as a low priority. Because of the lack of security in the start, we now have …show more content…
many of the problems that exist today.
6.
If the C.I.A. triangle is incomplete, why is it so commonly used in security?
The C.I.A. triangle is the industry standard for computer security. It has existed since the development of the mainframe. Because it is the industry standard it is still used today because it's characteristics; confidentiality, integrity, and availability are still just as important in today's society. However, it no longer addresses the full breadth of security concerns faced today, so it instead serves as a foundation for a more advanced system, known as the expanded C.I.A. triangle.
8. Identify the five components of an information system. Which are most directly impacted by the study of computer security? Which are most commonly associated with its
study?
There are actually six components of an information system. They are: software, hardware, data, people, procedures, and networks. All six of these components are impacted by the study of computer security. A flaw or an oversight in any one of the areas could lead to vulnerabilities or exposure. The components most associated with the study of information security are, when viewed as a science, hardware and software and when viewed as a social science, people.
10. What paper is the foundation of all subsequent studies of computer security?
The Rand Report R-609, sponsored by the Department of Defense, is today referred to as "the paper that started the study of computer security". It was the first widely recognized published document to address the issues of information systems security and it is the foundation of all subsequent studies.
12. Why is a methodology important in the implementation of information security? How does a methodology improve the process?
A methodology is a formal approach to problem solving and is based on structured procedures. This is important in the implementation of information security because it ensures that a strict process is being followed and helps to prevent missing any necessary steps in the process. This improves the process because it increases its chance for success by holding the individuals involved in the process accountable for accomplishing their individual project goals.
14. How does the practice of information security qualify as both an art and a science? How does security as a social science influence its practice?
Information security can be classified as an art because there are no hard lines to regulate the installation of various forms of security nor are there any universally accepted complete solutions, just as there are no universally accepted forms of art. It instead relies on the artists, or in this case, the technicians own insight. In addition, much like artists and their paint, technicians use just enough security to "paint the picture" without restricting is functioning. Information security can also be defined as a science because virtually all actions of a computer are the result of specific, scientific conditions. Additionally, almost all cases of vulnerability or flaws can be traced back to specific hardware or software components. Security as a social science influences its practice by considering the behavior of individuals as they interact with systems. Social science takes into account that often times, it is the user who is the weakest link when implementing security measures. By understanding users and their behaviors, security measures can be implemented to reduce the risks caused by users thereby making the overall design of the security system more effective.