Chap 1 Review Questions 7 & 8
2,754 views
Skip to first unread message
Mike J Nagle
Jul 17, 2010, 2:32:13 PM7/17/10
to SEC-0130 Summer 2010
Here are the answers I was assigned. I'm sorry it took so long for me
to post them, but I have very limited access to the internet. I'll try
to do better next time.
Q7. Describe the critical characteristics of information. How are they
used in the study of computer security?
The critical characteristics of information are:
* Availability: the accessibility of information. In Computer
Security, access to data is usually restricted to particular users,
this making it unavailable to unauthorized users.
* Accuracy: freedom from errors due to mistakes in data entry, as
opposed to errors that arise during the transmission or reproduction
of information (see Integrity). Obviously, in Computer Security
accuracy is essential. Inaccurate information is at best useless, and
at worst dangerous.
* Authenticity: the data is original, rather than a reproduction (or
forgery). In computer security, it is important to ensure that
information is authentic; that is, that the information is exactly the
same in content and state as the original produced by its creator.
* Confidentiality: the restriction of access to information to
authorized individuals alone. In Computer Security, it is essential
that sensitive information, especially personal information about
employees, clients, patients and customers not be revealed to any
unauthorized persons. Such a breach of confidentiality (and privacy)
could be damaging to the persons involved.
* Integrity: freedom from errors incurred in the transmission or
reproduction of information. As described under Accuracy, it is
obvious that the protection of the integrity of information is
essential.
* Utility: the usefulness of information. In Computer Security,
utility depends on the content of the information and the needs of the
users. For example, information on the ownership of parcels of land
might be useful to a real estate agent, but is not likely to be useful
to a dentist. Also, in computer security, the format of the
information can affect utility as much as the content. For example,
information in PDF format would be useless to a user who only has
Microsoft Word.
* Possession: Ownership and control of information. Possession of
information means only that one possesses it; whether one can use it
is a question of utility or confidentiality. For instance, if
information is stolen, but encrypted or stored in an unreadable
format, possession is breached by the thief, but not confidentiality.
Likewise, such information would have no utility for the thief.
***********
Q8. Identify the five components of an information system. Which are
most directly affected by the study of computer security? Which are
most commonly associated with its study?
Actually, there are six components of an information system listed in
the textbook. They are:
1. Software. Perhaps the most difficult part of the system to secure,
because most software used is written by third parties. Also, since
the software field is so competitive, many products are rushed to
market before they have been thoroughly tested and debugged. These
bugs and “security holes” quickly are discovered by members of the
hacking community and soon information is spread about “exploits” that
take advantage of those “holes,” which are then implemented by
unscrupulous individuals.
2. Hardware. This is specifically the computers themselves. While
there are very few ways to use hardware directly to defeat security,
the data stored on the hardware can be stolen by the simple expedient
of stealing the hardware itself. Laptop computers are especially
vulnerable to theft.
3. Data. This is the primary target of thieves. Proprietary and
confidential personal data is a particularly lucrative source of
income for criminals, especially in the fields of industrial espionage
and identity theft.
4. People. People are often overlooked as a part of an information
system. However, they are as much a part as hardware, software or
data. Without people, there would be no need for data or software, and
no use for hardware. However, being human, people make mistakes, or
deliberate acts, that can compromise the security of any system.
Proper education and monitoring of people is necessary to prevent
security breaches, whether they be accidental or deliberate.
5. Procedures. Procedures are also overlooked as potential security
risks. Deficient design of procedures, as well as outsiders’ learning
existing procedures, can lead to the compromise of critical data.
6. Networks. Information used by an organization needs to be shared
among the members of that organization. Networking makes sharing of
information easy, but at the cost of dramatically increasing the risk
of compromising security. Wireless networks can be monitored by
outsider’s computers with wireless capabilities. Similarly, wired
networks can be tapped. Wide Area networks typically use public
telephone or cable lines to transmit data, and these public lines can
also be tapped. These facts, as well as others make it crucial to
design procedures and protocols for users of networks that make data
as secure as possible.
Of these six components, Data is the most critical, and therefore the
most directly affected by the study of computer security. However, in
order to make data secure, ir is necessary to study all six
components, since they are all related parts of an integrated whole.
to post them, but I have very limited access to the internet. I'll try
to do better next time.
Q7. Describe the critical characteristics of information. How are they
used in the study of computer security?
The critical characteristics of information are:
* Availability: the accessibility of information. In Computer
Security, access to data is usually restricted to particular users,
this making it unavailable to unauthorized users.
* Accuracy: freedom from errors due to mistakes in data entry, as
opposed to errors that arise during the transmission or reproduction
of information (see Integrity). Obviously, in Computer Security
accuracy is essential. Inaccurate information is at best useless, and
at worst dangerous.
* Authenticity: the data is original, rather than a reproduction (or
forgery). In computer security, it is important to ensure that
information is authentic; that is, that the information is exactly the
same in content and state as the original produced by its creator.
* Confidentiality: the restriction of access to information to
authorized individuals alone. In Computer Security, it is essential
that sensitive information, especially personal information about
employees, clients, patients and customers not be revealed to any
unauthorized persons. Such a breach of confidentiality (and privacy)
could be damaging to the persons involved.
* Integrity: freedom from errors incurred in the transmission or
reproduction of information. As described under Accuracy, it is
obvious that the protection of the integrity of information is
essential.
* Utility: the usefulness of information. In Computer Security,
utility depends on the content of the information and the needs of the
users. For example, information on the ownership of parcels of land
might be useful to a real estate agent, but is not likely to be useful
to a dentist. Also, in computer security, the format of the
information can affect utility as much as the content. For example,
information in PDF format would be useless to a user who only has
Microsoft Word.
* Possession: Ownership and control of information. Possession of
information means only that one possesses it; whether one can use it
is a question of utility or confidentiality. For instance, if
information is stolen, but encrypted or stored in an unreadable
format, possession is breached by the thief, but not confidentiality.
Likewise, such information would have no utility for the thief.
***********
Q8. Identify the five components of an information system. Which are
most directly affected by the study of computer security? Which are
most commonly associated with its study?
Actually, there are six components of an information system listed in
the textbook. They are:
1. Software. Perhaps the most difficult part of the system to secure,
because most software used is written by third parties. Also, since
the software field is so competitive, many products are rushed to
market before they have been thoroughly tested and debugged. These
bugs and “security holes” quickly are discovered by members of the
hacking community and soon information is spread about “exploits” that
take advantage of those “holes,” which are then implemented by
unscrupulous individuals.
2. Hardware. This is specifically the computers themselves. While
there are very few ways to use hardware directly to defeat security,
the data stored on the hardware can be stolen by the simple expedient
of stealing the hardware itself. Laptop computers are especially
vulnerable to theft.
3. Data. This is the primary target of thieves. Proprietary and
confidential personal data is a particularly lucrative source of
income for criminals, especially in the fields of industrial espionage
and identity theft.
4. People. People are often overlooked as a part of an information
system. However, they are as much a part as hardware, software or
data. Without people, there would be no need for data or software, and
no use for hardware. However, being human, people make mistakes, or
deliberate acts, that can compromise the security of any system.
Proper education and monitoring of people is necessary to prevent
security breaches, whether they be accidental or deliberate.
5. Procedures. Procedures are also overlooked as potential security
risks. Deficient design of procedures, as well as outsiders’ learning
existing procedures, can lead to the compromise of critical data.
6. Networks. Information used by an organization needs to be shared
among the members of that organization. Networking makes sharing of
information easy, but at the cost of dramatically increasing the risk
of compromising security. Wireless networks can be monitored by
outsider’s computers with wireless capabilities. Similarly, wired
networks can be tapped. Wide Area networks typically use public
telephone or cable lines to transmit data, and these public lines can
also be tapped. These facts, as well as others make it crucial to
design procedures and protocols for users of networks that make data
as secure as possible.
Of these six components, Data is the most critical, and therefore the
most directly affected by the study of computer security. However, in
order to make data secure, ir is necessary to study all six
components, since they are all related parts of an integrated whole.
Elma Hartunian
Jul 19, 2010, 6:56:27 PM7/19/10
to sec-0130-s...@googlegroups.com
Good job Mike. I understand the time and other issues that may rise.Posting late is not a problem as long as you post withing reasonable time frame.
Thanks for you effort
Reply all
Reply to author
Forward
0 new messages