Information Security
Essay Preview: Information Security
Report this essay
What is the difference between a threat agent and a threat?
Threat: A category of objects, persons, or other entities that presents a danger to an asset. Threats are always present and can be purposeful or in directed. (p.10)
Threat Agent: The specific instance or component of a threat. (p.10)
What is the difference between vulnerability and exposure?
Vulnerability: a weakness or fault in a system or protection mechanism that opens it to attack or damage. (p.10)
Exposure: A condition or state of being exposed. In information security, exposure exists when vulnerability known to an attacker is present. (p.10)
How is infrastructure protection (assuring the security of utility services) related to information security?
Information security, as defined by National Security Systems (CNSS), is the protection of information and its critical elements, including the systems and hardware that use, store, and transmit that information. Thus, assuring the security of utility services are critical elements in information system. (p.8)
What type of security was dominant in the early years of computing?
MULTICS – first noteworthy operating system to integrate security into its core functions. Its mainframe, time-sharing operating system developed in the mid 196-s by consortium of General Electric (GE), Bell Labs, and Massachusetts Institute of Technology (MIT). (p.7)
What are the three components of the CIA triangle? What are they used for?
C.I.A. triangle three components are confidentiality, integrity, and availability. The C.I.A. triangle was the set industry standard for computer security since the development of the mainframe. (p.8)
If the C.I.A. triangle is incomplete, why is it so commonly used in security?
Although the C.I.A. triangle model no longer adequately addresses the constantly changing environment needs of information security, its three characteristics of information (confidentiality, integrity, availability) is still important today as it was before. In addition, the C.I.A. triangle terminology is still commonly used for the breadth of material that is based on it. (.8-9)
Describe the critical characteristics of information. How are they used in the study of computer security?
Critical characteristics of information (expanded by the C.I.A. triangle) as defined (p.12-15)
Availability: enables authorized users, persons, or computer systems to access information without interference or obstruction and to receive it in the required format.
Accuracy: