Infa 610 Midterm

Read Complete Research Material



INFA 610 Midterm



INFA 610 Midterm

(b). To impose some form of separation between users and separation between objects.

(c). Access control

(a), (c) & (d)

True

False

(a). person or program, files or device

True

(a). Mandatory, control, and access

True

(a). Confidentiality and integrity

Step 1: Inform credit bureaus and formulate alerts for fraud

Step 2: Keep a check on your credit reports

Step 3: Freeze your security reports

(a), (c) & (d)

(c)

(a). Only processes of one sensitivity level are run at one time. Temporal Separation

(b). Confidential work is run on machines that are not shared. Physical separation

Temporal separation:

1. It is expensive

2. Different requirements need to be catered to for providing different security

Physical separation:

1. Different systems need to be maintained

2. Applying security on all machines is difficult

16. 2004

17.

Yes/No

No

Yes

No

No

No

No

18. Optimistic locking, programmability, transaction control

19. 1. Provide trustworthy authentication processes. Failure: authentication process is not trustworthy

2. Follow system of least privilege. Failure: Granting privileges with generosity

3. Fail securely. Failure: system is not designed to fail securely

20. 1. Provision an overview of system security requirements is necessary to ensure efficiency of plan.

2. The controls designed for meeting necessities should be considered to ensure all points are considered

3. Responsibilities should be outlined for everyone accessing the system to ensure liability

21. This principle states that computer items need to be protected till they lose their value. I agree with it but it is difficult to incorporate if the items are too old and it is not possible to protect them, or cost of protection is more.

22.

OS:software

Application:instrumentation routines

Single user:the program developer

23. Short timeliness: Data that changes rapidly such daily reports

Long timeliness: Data that takes more time such as development of application

24. a. Do you agree with the above statement? Answer: Yes

b. Is every fault a vulnerability? Answer: No

c. Is every vulnerability a fault?Answer: Yes

25. There is a restriction of easy security assets, meaning that the subject can get access if the subject's clearance level is dominated by object's classification level. There is also a restriction that the subject can be given write access to an object only if subject's access set's security level is governed by the classification level of object.

26. Unix operating system use a Discretionary Access Control (DAC) because it means that subjects can grant other subjects access to their files.

27.

Airline: ticketing system, airplane software, booking management

Bank: credit records, bank account records, money management

oil drilling: reserve management, R&D, machinery management

political campaign: goal setting, human resource, campaigns

28. First the computer or workstation would be isolated and then disconnected from the internet. Only backups can ensure clean version of the system as the system is vulnerable to security threats. Special imaging tools need to be used for making copies of files on hard drive. Then the backups can be used to get a clean version of the system.

Essay Question: Security Plan

Policy

This hypothetical security plan is established for ABC computers. The hardware, software and network accounts along with storage media, operating systems are the ABC computer's ...
Related Ads