SourceWhitman, M. E., & Mattord, H. J. (2022). Principles of information security. Cengage Learning.Week 1 Hands OnStudent’s nameName of institutionCourse name and numberInstructor’s...

SourceWhitman, M. E., & Mattord, H. J. (2022). Principles of information security. Cengage Learning. Week 1 Hands On Student’s name Name of institution Course name and number Instructor’s name Due date Part One Module 01: Introduction to Information Security Review Questions 1. What is the difference between a threat agent and a threat source? · Answer: 2. What is the difference between vulnerability and exposure? · Answer: 3. What is a loss in the context of information security? · Answer: 4. What type of security was dominant in the early years of computing? · Answer: 5. What are the three components of the C.I.A. triad? What are they used for? · Answer: 6. If the C.I.A. triad is incomplete, why is it so commonly used in security? · Answer: 7. Describe the critical characteristics of information. How are they used in the study of computer security? · Answer: 8. Identify the components of an information system. Which of the components are most directly affected by the study of computer security? · Answer: 9. What is the McCumber Cube, and what purpose does it serve? · Answer: 10. Which paper is the foundation of all subsequent studies of computer security? · Answer: 11. Why is the top-down approach to information security superior to the bottom-up approach? · Answer: 12. Describe the need for balance between information security and access to information in information systems. · Answer: 13. How can the practice of information security be described as both an art and a science? How does the view of security as a social science influence its practice? · Answer: 14. Who is ultimately responsible for the security of information in the organization? · Answer: 15. What is the relationship between the MULTICS project and the early development of computer security? · Answer: 16. How has computer security evolved into modern information security? · Answer: 17. What was important about RAND Report R-609? · Answer: 18. Who decides how and when data in an organization will be used or controlled? Who is responsible for seeing that these decisions are carried out? · Answer: 19. Who should lead a security team? Should the approach to security be more managerial or technical? · Answer: 20. Besides the champion and team leader, who should serve on an information security project team? · Answer: Module 02: The Need for Security Review Questions 1. Why is information security a management problem? What can management do that technology cannot? · Answer: 2. Why is data the most important asset an organization possesses? What other assets in the organization require protection? · Answer: 3. Which management groups are responsible for implementing information security to protect the organization’s ability to function? · Answer: 4. Has the implementation of networking technology, such as the cloud, created more or less risk for businesses that use information technology? Why? · Answer: 5. What is information extortion? Describe how such an attack can cause losses, using an example not found in the text. · Answer: 6. Why are employees among the greatest threats to information security? · Answer: 7. How can you protect against shoulder surfing? · Answer: 8. How has the perception of the hacker changed over recent years? What is the profile of a hacker today? · Answer: 9. What is the difference between a skilled hacker and an unskilled hacker, other than skill levels? How does the protection against each differ? · Answer: 10. What are the various types of malware? How do worms differ from viruses? Do Trojan horses carry viruses or worms? · Answer: 11. Why does polymorphism cause greater concern than traditional malware? How does it affect detection? · Answer: 12. What is the most common violation of intellectual property? How does an organization protect against it? What agencies fight it? · Answer: 13. What are the various forces of nature? Which type might be of greatest concern to an organization in Las Vegas? Jakarta? Oklahoma City? Amsterdam? Miami? Tokyo? · Answer: 14. How is technological obsolescence a threat to information security? How can an organization protect against it? · Answer: 15. Does the intellectual property owned by an organization usually have value? If so, how can attackers threaten that value? · Answer: 16. What are the types of password attacks? What can a systems administrator do to protect against them? · Answer: 17. What is the difference between a denial-of-service attack and a distributed denial-of-service attack? Which is more dangerous? Why? · Answer: 18. For a sniffer attack to succeed, what must the attacker do? How can an attacker gain access to a network to use the sniffer system? · Answer: 19. What methods would a social engineering hacker use to gain information about a user’s login ID and password? How would these methods differ depending on the user’s position in the company? · Answer: 20. What is a buffer overflow, and how is it used against a Web server? · Answer: