Project #86425 - comp12

Part 1:  Determine if the following statements are True or False.  Each question is worth 3 points.  



1.      An agent in CWM should also have the execute rights regarding an entity after the agent is permitted to certify that entity.            


2.      Since physical security is often managed under separate responsibility from information security, however, risk analysis for information security still needs to address physical security.        


3.      The principal objectives of computer security are to prevent unauthorized users from gaining access to resources, to prevent legitimate users from accessing resources in an unauthorized manner, and to enable legitimate users to access resources in an authorized manner.  



4.      With unlimited resources and security controls, it is possible to reduce risk to zero.          



5.      Viruses infect executable files and hardware as well.   



6.      Modes of operation are the alternative techniques that have been developed to increase the security of symmetric block encryption for large sequences of data.    



7.      The purpose of the DSS algorithm is to enable two users to securely reach agreement about a shared secret that can be used as a secret key for subsequent symmetric encryption of messages.



8.      Traditional RBAC systems define the access rights of individual users and groups of users.




9.      Some process of managed downgrading of information is needed to restore reasonable classification levels.



10.     A BLP model breaks down when low classified executable data are allowed to be executed by a high clearance subject.      




Please put your answers (T or F) in the following table.




























Part 2: Short Answers (10 points each).  Please answer briefly and completely, and you must cite all sources of information.



1.      Compare and contrast computer architecture with security architecture.



2.      Describe the fundamental principles in both the Bell-LaPadula and Biba security models. For each, explain what sort of security the model is intended to provide, the two key properties of the model, and then explain in your own words why each of the properties makes sense from a security standpoint.



3.      As part of a formal risk assessment of the main file server for a small legal firm, you have identified the asset “integrity of the accounting records on the server” and the threat “financial fraud by an employee, disguised by altering the accounting records.”  Suggest reasonable values for the items in the risk register for this asset and threat with justifications for your choice.



4.      Consider a public key encryption. Ann wants to send Bill a message. Let Annpriv and Annpub be Ann’s private and public keys respectively. The same for Bill (Billpriv and Billpub).


(a)    If Ann sends a message to Bill, what encryption should Ann use so that only Bill can decrypt the message (secrecy)? (3 points)



(b)   Can Ann encrypt the message so that anyone who receives the message is assured that the message only came from Ann (authenticity)? (3 points)



(c)    Is it possible for Ann to devise a method that will allow for both secrecy and authenticity for her message? Please justify your answer. (4 points)



5.      Assume that passwords are limited to the use of the 95 printable ASCII characters and that all passwords are 12 characters in length.  Assume a password cracker with an encryption rate of  10 giga encryptions per second.  How many years will it take to test exhaustively all possible passwords on a UNIX system?  Note you need to show the procedures of calculation step by step as well.




Part 3: Short Essay (20 points). Please restrict your answer to three (3) pages (double spaced) or less.  You must cite all sources of information if any.


Henry Advanced Technology, Inc. (HATI) is a fictional multi-national company providing outsourced financial services to a variety of clients across many industries, including commercial and government entities. HATI specializes in billing and invoicing services, in which HATI receives relevant data from its clients and processes the data to produce the invoices, monthly statements, and other billing items that are sent to HATI's clients' customers. HATI employees serve the company's customers both on-site at customer locations and while working in HATI facilities. HATI employees routinely store data related to multiple clients on their company-issued laptops.


HATI's Chief Information Officer, having read of the numerous data breaches reported among commercial and government organizations, has become concerned about the risk to HATI's customers and potentially the company's reputation if  HATI were to experience a similar breach. He has tasked you, the Director of Information Security, to create a new corporate policy regarding the protection of client and company confidential data stored on employee computers, particularly including laptops. Respond to each of the following, taking into account material we have studied in this course regarding threats and vulnerabilities, as well as  Pfleeger's discussion of the characteristics of effective security policies in chapter 8 of the text. Cite these and other pertinent sources used in your answer. Be specific and briefly but fully explain and give reasons for your answers.


a.       Summarize the primary vulnerabilities and potential threats that exist for HATI related to the practice of storing sensitive data on laptops. Use your answer to clarify the difference between vulnerabilities and threats (if there are any). In your opinion, which of the risks HATI faces are most significant to the company?


b.      What measures would you propose to senior management to try to prevent a breach of data held by HATI? Your response should include recommendations for mitigating vulnerabilities identified in part (a).


c.       Discuss the key characteristics of a policy statement and write one specifying employee and company responsibilities for protecting client and corporate data, such as the data stored on employee laptops. Be sure to address requirements for protecting the data from theft, and for rendering the data unusable should it be compromised.



Note please answer the above questions a-c separately.  Your total answer to all three questions should be restricted to three (3) pages (double spaced) or less.  In addition to the answer, you must cite all sources of information if any.   

Subject Computer
Due By (Pacific Time) 10/15/2015 12:00 am
Report DMCA

Chat Now!

out of 1971 reviews

Chat Now!

out of 766 reviews

Chat Now!

out of 1164 reviews

Chat Now!

out of 721 reviews

Chat Now!

out of 1600 reviews

Chat Now!

out of 770 reviews

Chat Now!

out of 766 reviews

Chat Now!

out of 680 reviews
All Rights Reserved. Copyright by - Copyright Policy