Chapter 1

Question 1

Define “Information security”:

Answer 1

Knowing and making sure that information
risks and controls are in balance.

Question 2

What’s the “Enigma” machine?

Answer 2

• A German made decryption machine that was used in WW2; it helped in the advancement of information security.
• First broken by the poles.

Question 3

What’s “Arpanet”, and who developed it?

Answer 3

• The first Internet.
• It was developed by Larry Roberts in the US.

Question 4

What’s “RAND Report R-609”?

Answer 4

A report that highlighted the vulnerabilities in computer systems and the need for security measures.

Question 5

What’s “MULTICS”?

Answer 5

First operating system created with security as its primary goal.

Question 6

What’s “DEFCON”?

Answer 6

The first information security conference.

Question 7

What does C.I.A stand for:

Answer 7

Confidentiality, Integrity, and Availability.

Question 8

What’s the difference between “subject of an attack” and “object of an attack”?

Answer 8

• “Subject of an attack” is the computer that is being used as an active tool to conduct attack.
• “Object of an attack” is the computer or the entity that is being attacked.

Question 9

Define the following concepts:
1 - Access.
2 - Asset.
3 - Attack.
4 - Exploit.
5 - Exposure.

Answer 9

1 - The ability to use, manipulate, or affect something.
2 - A resource that is being protected.
3 - An act that can damage or compromise information and the systems supporting it.
4 - A technique used to compromise a system.
5 - A condition or state of being exposed.

Question 10

Define the following concepts:
1 - Loss.
2 - Risk.
3 - Threat.
4 - Threat Agent.
5 - Vulnerability.

Answer 10

1 - The damage of an asset.
2 - The probability of an unwanted occurrence.
3 - An entity that is a danger to an asset.
4 - A component of a threat.
5 - Weakness in a system that exposes information to damage.

Question 11

Explain the 2 information security implementations?

Answer 11

1 - Bottom-Up Approach
- Doesn’t work most of the time.
- Key advantage: technical expertise of individual administrators.

2 - Top-Down Approach
- Initiated by upper management: Issue policy, procedures, and processes…
- Most successful and involves (SDLC).

Question 12

What’s “Systems Development Life Cycle (SDLC)” and it’s steps?

Answer 12

Is a methodology for implementation of an information system within an organization.

1- Investigation:
Objectives, constraints, and scope of project are specified.

2- Analysis:
determining what the new system will do and how it will interact with the existing systems.

3- Logical design:
begin creating the solution for the problem.

4- Physical design:
the logical design is transformed into a physical system, and specific hardware and software components is selected and planned.

5- Implementation:
Installation of hardware and software onto production computers, and integration of the system into work process.

6- Maintenance & change: Longest and most expensive phase.

Question 13

Data Owner vs Data Custodian vs Data User:

Answer 13

Data Owner: responsible for the security and use of a particular set of information.

Data Custodian: responsible for storage, maintenance, and protection of information.

Data Users: end users who work with information to perform their daily jobs.