Information Security Review Questions CH1
Chapter 1 - Review Questions
Answer each question completely. This information is from Chapter 1 in your textbook.
Submit your completed file through the ASGN_C1 assignment in Blackboard. For information on how to submit assignments, refer to SUBMITTING ASSIGNMENTS IN BLACKBOARD located in Course Materials.
1. What is the difference between a threat agent and a threat? A threat is a general term used to describe a category of items that present a risk in jeopardizing the safety of an asset. A threat agent is a more specific term used to describe an exact piece of a threat. For example, all kitchen appliances pose a threat to those who use them, while a gas stove is a specific threat agent in this case.
2. What is the difference between vulnerability and exposure? Vulnerability is a flaw in a system that leaves it open to damage. Exposure occurs when the vulnerability is known, or exposed, to an attacker. A car that is kept unlocked is an example of vulnerability. Exposure occurs when a thief knows that the car is kept unlocked.
3. How is infrastructure protection (assuring the security of utility services) related to information security? Information security includes the protection of information assets in storage, processing, or transmission. To assure the security of things such as schools, prisons, toads, and power plants, the confidentiality and integrity of information must be protected.
4. What type of security was dominant in the early years of computing? Physical controls (badges, keys, etc.) were dominant during World War II, because one of the main threats at that time was physical theft of equipment.
5. What are the three components of the CIA triangle? What are they used for? The three components of the CIA triangle are confidentiality, integrity, and availability of information. These components are used as the industry standard for computer security and they describe the utility of information.
6. If the C.I.A. triangle is
Answer each question completely. This information is from Chapter 1 in your textbook.
Submit your completed file through the ASGN_C1 assignment in Blackboard. For information on how to submit assignments, refer to SUBMITTING ASSIGNMENTS IN BLACKBOARD located in Course Materials.
1. What is the difference between a threat agent and a threat? A threat is a general term used to describe a category of items that present a risk in jeopardizing the safety of an asset. A threat agent is a more specific term used to describe an exact piece of a threat. For example, all kitchen appliances pose a threat to those who use them, while a gas stove is a specific threat agent in this case.
2. What is the difference between vulnerability and exposure? Vulnerability is a flaw in a system that leaves it open to damage. Exposure occurs when the vulnerability is known, or exposed, to an attacker. A car that is kept unlocked is an example of vulnerability. Exposure occurs when a thief knows that the car is kept unlocked.
3. How is infrastructure protection (assuring the security of utility services) related to information security? Information security includes the protection of information assets in storage, processing, or transmission. To assure the security of things such as schools, prisons, toads, and power plants, the confidentiality and integrity of information must be protected.
4. What type of security was dominant in the early years of computing? Physical controls (badges, keys, etc.) were dominant during World War II, because one of the main threats at that time was physical theft of equipment.
5. What are the three components of the CIA triangle? What are they used for? The three components of the CIA triangle are confidentiality, integrity, and availability of information. These components are used as the industry standard for computer security and they describe the utility of information.
6. If the C.I.A. triangle is