Chapter 1

Question 1

What happened in the 1960s?

Answer 1

Advanced Research Project Agency (ARPA) began to examine feasibility of redundant networked communications.

Larry Roberts developed ARPANET from its inception.

Question 2

What happened in 1970s and 80s?

Answer 2

ARPANET grew in popularity as did its potential misuse.

Problems with ARPANET security occurred.
* No safety procedures for dial-up connections.
* Nonexistent user identification and authorization system.
Late 1970s: microprocessor expanded computer capabilities and security threats.

Question 3

MULTICS

Answer 3

Multiplexed Information and Computing Service
An early OS that computer security concepts were first tested on. It had security built in - Ken Thompson & Dennis Richie came from this project

Question 4

The 1990s.?

Answer 4

Networks of computers became more common; so too did the need to interconnect networks.
Security was a low priority.

Question 5

2000 to present?

Answer 5

Millions of computer networks, many unsecured.

Growing threat of cyber attacks.

Question 6

Layers of security?

Answer 6

Physical
Personal
Operations
Communications
network
Information

Question 7

Define CIA triangle?

Answer 7

Confidentiality - privacy.
Integrity - consistency, accuracy of data.
Availability - maintaining all hardware.

Question 8

What is threat?

Answer 8

A collective of objects or persons that threaten an asset.

Question 9

What is a threat agent?

Answer 9

A specific instance of a threat - a single virus.

Question 10

Critical Characteristics of information.

Answer 10

Availability, accuracy, authenticity, confidentiality, integrity, possession.

Question 11

Components of an Information Security?

Answer 11

Software, hardware, data,

people, procedures, networks.

Question 12

Balancing IS and Acess

Answer 12

Must allow reasonable access, yet protect against threats.

Question 13

Bottom-Up approach vs Top-Down approach.

Answer 13

Bottom-Up approach- operational staff initiate the process then propagate their findings upward to management as proposed policy recommendations.

Top-Down approach - the management understands the seriousness and initiates the process, which is then systematically percolated down to operations staff.

Question 14

Phases of Development Life-Cycle

Answer 14

Phase 1: Investigation
Phase 2: Analysis
Phase 3: Logical Design
Phase 4: Physical Design
Phase 5: Implementation
Phase 6: Maintenance and change

Question 15

What is CIO?

Answer 15

Chief Information Officer,

advising senior executive on strategic planning.

Question 16

What is CISO?

Answer 16

Chief Information Security Officer, responsible for assessment, management, and implementation of IS in the organization. Reports to CIO

Question 17

Information Security Project Team?

Answer 17

Champion, Team Leader,
Security policy devs, Risk assessment specialists, security professionals,
system admins, end users.

Question 18

Data Responsibilities?

Answer 18

Data Owner: security and use of information.

Data Custodian: storage, maintenance, protection.

Data Users: to perform their daily jobs supporting the mission of the organization.

Question 19

Security as a Social Science

Answer 19

Examines the behavior of individuals interacting with systems.