I need the answers for the following questions, you also can download the book as a PDF file from the link http://www.4shared.com/office/6jZypRM5/Principles_of_Information_Secu.html?:
but I need the first 3 chapters to get done within 12 hours from now. And I can wait more time for the rest of them.
The next day at SLS found everyone in technical support busy restoring computer systems to their former state and installing new virus and worm control software. Amy found herself learning how to install desktop computer operating systems and applications as SLS made a heroic effort to recover from the attack of the previous day. Questions:
Do you think this event was caused by an insider or outsider? Why do you think this?
Other than installing virus and worm control software, what can SLS do to prepare for the next incident?
Do you think this attack was the result of a virus, or a worm? Why do you think this?
1-Using the Internet, browse to http://www.us-cert.gov/ and find the most recent CERT advisory. What threat group and threat category does this advisory warn against?
2-Using the Internet, find and read the SANS/FBI Top 20 Vulnerabilities. Choose one of the 20 vulnerabilities listed and identify the threat group and threat category it warns about.
3-What is the difference between a threat and an attack? How do exploits relate to vulnerabilities?
4-Is there an ethically acceptable reason to study and use the various attack methods described in this chapter?
Case Exercises: Soon after the board of directors meeting, Charlie was promoted to CISO, a new position that reports to the CIO Gladys Williams, and that was created to provide leadership for SLS's efforts to improve its security profile. Questions:
How do Fred, Gladys, and Charlie perceive the scope and scale of the new information security effort?
Which of the threats discussed in this chapter should receive Charlie's attention early in his planning process?
- How will Fred measure success when he evaluates Gladys' performance for this project? How about Charlie's performance?
1-List both a UNIQUE advantage and disadvantage to the U.S. Laws of Interest to Information Security Professionals. Make sure to include a summary of the Law. You may use the same law but the advantage and disadvantage needs to be unique.
2-List an UNIQUE way to protect yourself from Identity Theft and comment on two other postings under this forum.
3-What IT organization would be most advantageous to join? What SIG would you be most interested in joining with the ACM? Note: See External Links, Organizations....
4-Give one unique example of an RFID applied usage. Be sure not to repeat another students' posting.
1-Explain how to know yourself and/or to know your enemy.
2-You may find using concrete examples of weighted factor analysis from an unrelated topic useful if this concept is not familiar to students. For example, what factors are considered when buying a new car? How much weight is each factor given?
3-Give an example of an operational, technical, and political feasibility analysis.
4-Give examples of each of the five risk control strategies: defend, transference, mitigation, acceptance, & termination.
1-Security policies are the least expensive control to execute, but the most difficult to implement properly. List the reasons shaping policy is difficult:
Also list the three types of management of security policies, according to The National Institute of Standards and Technology’s Special Publication 800-14.
2-Design of Security Architecture
List one of the sections that outline key security architectural components. To assess whether a framework and/or blueprint are on target to meet an organization’s needs you must have a working knowledge of these security architecture components.
3-What does SETA programs mean? Comment on one other students posting under this thread.
4-Managers in the IT and information security communities are called on to provide strategic planning to assure the continuous availability of information systems. What are these continuity strategies?