Complex Analysis: A First Course with Applications
3rd EditionDennis G. Zill, Patrick D. Shanahan
1,433 solutions
Advanced Engineering Mathematics
10th EditionErwin Kreyszig
4,134 solutions
Elementary Number Theory
7th EditionDavid Burton
776 solutions
Topology (Classic Version)
2nd EditionJames Munkres
622 solutions
1, Distinguish data from information and describe the characteristics used to evaluate the value of data? Data versus Information 1 ,Data 2, information 3,knowledge. 1, Data raw facts, such as an employee 's name and number of hours worked in a week, inventory part numbers, or sales orders .several types of data can be used to represent these facts Data Represented by alphanumeric data numbers, letters, and other characters image data graphic images or pictures audio data sound,
noise, or tones video data moving images or pictures 2.Information: a collection of facts organized in such a way that they have additional value beyond the value of the facts themselves. 3. Knowledge : is an awareness and…show more content…
Availability Availability enables authorized users—persons or computer systems—to access informationwithout interference or obstruction, and to receive it in the required
format. 4. Accuracy Information has accuracy when it is free from mistakes or errors and it has the value thatthe end user expects. If information has been intentionally or unintentionally modified, it is no longer accurate. 5. Authenticity, Authenticity of information is the quality or state of being genuine or original, rather than areproduction or fabrication. Information is authentic when it is in the same state in which itwas created, placed, stored, or transferred. Consider for a moment
some common assumptionsabout e-mail. 6. Utility The utility of information is the quality or state of having value for some purpose or end.Information has value when it can serve a particular purpose. This means that if information is available, but not in a format meaningful to the end user, it is not useful. 7. Possession The possession of information is the quality or state of ownership or control of someobject or item. Information is said to be in one’s possession if one obtains it,
independent of format or other characteristics.While a breach of confidentiality always results in abreach of possession, a breach of possession
What is Information?
- Knowledge derived from data
- and
- Data presented in a meaningful context
What is Data?
Data processed by summing, ordering, averaging, grouping, comparing, or similar operations
Characteristics of Information. The value of information comes from the characteristics it possesses. Which are the most critical characteristics?
- CIA Triad:
- Confidentiality
- Integrity
- Availability
Define Availability
Enables users who need to access information to do so without interference or obstruction and in the required format.
means that assets are accessible to authorized parties at appropriate times. In other words, if some person or system has legitimate access to a particular set of objects, that access should not be prevented. For this reason, availability is sometimes known by its opposite, denial of service.
Define Accuracy
- Free from mistake or error and having the value that the end user expects.
- If information contains a value different from the user’s expectations due to the intentional or unintentional modification of its content, it is no longer accurate.
Define Authenticity
The quality or state of being genuine or original, rather than a reproduction or fabrication. Information is authentic when it is the information that was originally created, placed, stored, or transferred.
Define Confidentiality
The quality or state of preventing disclosure or exposure to unauthorized individuals or systems.
ensures that computer-related assets are accessed only by authorized parties. That is, only those who should have access to something will actually get that access. By "access," we mean not only reading but also viewing, printing, or simply knowing that a particular asset exists. Confidentiality is sometimes called secrecy or privacy.
Define Integrity
- The quality or state of being whole, complete, and uncorrupted.
- The integrity of information is threatened when the information is exposed to corruption, damage, destruction, or other disruption of its authentic state.
means that assets can be modified only by authorized parties or only in authorized ways. In this context, modification includes writing, changing, changing status, deleting, and creating.
Define Utility
The quality or state of having value for some purpose or end. Information has value when it serves a particular purpose. This means that if information is available, but not in a format meaningful to the end user, it is not useful.
Define Possession
- The quality or state of having ownership or control of some object or item.
- Information is said to be in possession if one obtains it, independent of format or other characteristic. While a breach of confidentiality always results in a breach of possession, a breach of possession does not always result in a breach of confidentiality.
What is an Information System and what are the components (Five Component Model)?
An assembly of hardware, software, data, procedures, and people that interact to produce information.
- 5-Component Model:
- Hardware, Software, Data, Procedures, People
List the element of the Five Component Model.
Hardware, Software, Data, Procedures, People
What is Security?
The quality or state of being secure—to be free from danger
What are some of the different layers of security (types) an organization should provide?
Physical security
Personal security
Operations security
Communications security
Network security
Information security
What is Information Security/Management and What is the Mission (What do we try to achieve)?
- Information Security/Management:
- a well-informed sense of assurance that the information risks and controls are in balance.
Primary mission of information security is to ensure systems and contents stay the same.
What is Information Security/Management?
a well-informed sense of assurance that the information risks and controls are in balance.
What is the mission of Information Security/Management?
to ensure systems and contents stay the same.
Relate the history of computer security and how it evolved into information security.
a. When did it start?
b. What were some of the initial problems?
c. When was the Internet started and was security a priority in its conception?
d. Is there a difference between the World-wide Web and the Internet? If so, what is the difference? Are the security threats and vulnerabilities the same? Justify your answer.
a. After the 1st mainframes were developed
b. Breaking codes during world war 2
c. No
d. Yes the internet is hardware/network itself and the world wide web is the software that is on top of the internet allowing communication to between the two to happen
what is a vulnerability?
it is a weakness in the security system, for example, in procedures, design, or implementation, that might be exploited to cause loss or harm.
What is a treat?
is a set of circumstances that has the potential to cause loss or harm.
NOTE: A threat is blocked by control of a vulnerability
What is a control?
is an action, device, procedure, or technique that removes or reduces a vulnerability.
NOTE: A threat is blocked by control of a vulnerability
Who is responsible for Information Security in an Organization? Any Specific Roles? If so name them.
Everyone is responsible for information security in an organization.
- Specific Roles include:
- Chief Information Officer (CIO)
- Chief Information Security Officer (CISO)
- Data owner
- Data custodian
- Data users
Identify three top threats to information security and at least one control to help mitigate that threat.
Threats Controls 1. Acts of human error or failure Training 2. Compromises to intellectual property have selective sharing of key information or keeping software up to date 3. Deliberate acts of espionage or trespass having network security What can this threats do to an Information system?
An interception means that some unauthorized party has gained access to an asset. Examples of this type of failure are illicit copying of program or data files or wiretapping to obtain data in a network.
What can this threats do to an Information system?
If an unauthorized party not only accesses but tampers with an asset, the threat is a modification. For example, someone might change the values in a database, alter a program so that it performs an additional computation, or modify data being transmitted electronically.
What can this threats do to an Information system?
In an interruption, an asset of the system becomes lost, unavailable, or unusable. An example is malicious destruction of a hardware device, erasure of a program or data file, or malfunction of an operating system file manager so that it cannot find a particular disk file.
What can this threats do to an Information system?
An unauthorized party might create a fabrication of counterfeit objects on a computing system. The intruder may insert spurious transactions to a network communication system or add records to an existing database.
Identify and briefly explain two costly threats and justify why one (businesses, people) might want to use the Internet if it is so dangerous.
- Two threats would be identity theft and Ddos attack.
- People still use the internet even though it is dangerous because it is convenient/it makes life easier.
Here is an accepted Security Model. What do we do with it?
we use the security model to look at the 3 states of data, the 3 categories of data and 3 types of countermeasures as a guidelines to make a solid security system
Give at least five examples each of Physical, Administrative, and Technical Controls to support Information Security.
Define Safeguard/Control:
any action, device, procedure, technique, or other measure that reduces/mitigates a system’s vulnerability to a threat
A malicious attacker must have three things: (Hint: Mom)
- Method
- Opportunity
- Motive
NOTE:Deny any of those three things and the attack will not occur. However, it is not easy to cut these off.
Define method:
the skills, knowledge, tools, and other things with which to be able to pull off the attack
Define opportunity:
the time and access to accomplish the attack
Define motive:
a reason to want to perform this attack against this system
Define risk:
is the possibility for harm to occur
Harm occurs when ____ is realized against a _____.
threat, vulnerability
List the ways we can we deal with a risk (the possibility for harm to occur)
note: come up with an acconmy or somthing
- prevent it
- deter it
- deflect it
- detect it
- recover
How can we prevent a risk?
How can a risk be prevented?we prevent a risk by blocking the attack or closing the vulnerability.
How can we deter a risk?
How can a risk be deterred?by making the attack harder but not impossible
How can we deflect a risk?
How can a risk be deflected?by making another target more attractive
When can we detect a risk?
either as it happens or some time after the fact
How can we recover from a risk?
have data backed up
What is a 3-Tier Business Architecture?
A 3-Tier Business Architecture uses 3 sets of computers, a client computer for the presentation tier, a server for the application tier, and a database for the data tier.