Project #25874 - Network Security and Information Secuirty

Part 1:  Determine if the following statements are True or False and you must defend your answer in a short paragraph and cite all sources of information if any.  Each question is worth 3 points.  

 

1.                           T  F        Since physical security is often managed under separate responsibility from information security, however, risk analysis for information security still needs to address physical security.      Answer: ____

 

2.                               T   F     The purpose of the DSS algorithm is to enable two users to securely                reach agreement about a shared secret that can be used as a secret key                       for subsequent symmetric encryption of messages.     Answer: _____

 

3.                              T  F       Viruses infect executable files and hardware as well.  Answer: _____

 

4.                              T   F   An agent in CWM should also have the execute rights regarding an entity after the agent is permitted to certify that entity.           Answer: _____ 

 

 

5.                              T  F   The main innovation of the NIST standard is the introduction of the RBAC System and Administrative Functional Specification, which defines the features required for an RBAC system.    Answer: _____

 

6.                              T F    Modes of operation are the alternative techniques that have been developed to increase the security of symmetric block encryption for  large sequences of data.

              Answer: ____

 

7.                           T  F   In conducting a risk analysis, it is often not possible to directly estimate the probability of an event.        Answer: _____

 

 

8.                              T  F    Consider data that is stored over time in a mandatory access control based system. The contents of files containing highly classified (“top secret”) information are necessarily more trustworthy than material stored in files marked unclassified.    Answer: _____ 

 

 

9.                              T  F       With unlimited resources and security controls, it is possible to reduce risk to zero.          Answer: _____

 

 

10.                           T  F   A security policy that by default provides no access rights is an example of least privilege.    Answer: _____ 

 

 

 

Part 2: Short Answers (10 points each). Please answer briefly and completely, and you must cite all sources of information.

 

 

1.     Describe the fundamental principles in both the Bell-LaPadula and Biba security models. For each, explain what sort of security the model is intended to provide, the two key properties of the model, and then explain in your own words why each of the properties makes sense from a security standpoint.

 

 

2.     An electronic mail system could be used to leak information. First, explain how the leakage could occur. Then, identify controls that could be applied to detect or prevent the leakage.

 

3.     Compare and contrast computer architecture with security architecture.

 

4.     Consider a public key encryption. Ann wants to send Bill a message. Let Annpriv and Annpub be Ann’s private and public keys respectively. The same for Bill (Billpriv and Billpub).

 

 

(a)   If Ann sends a message to Bill, what encryption should Ann use so that only Bill can decrypt the message (secrecy)? (3 Points)

 

(b)  Can Ann encrypt the message so that anyone who receives the message is assured that the message only came from Ann (authenticity)? (3 Points)

 

(c)   Is it possible for Ann to devise a method that will allow for both secrecy and authenticity for her message? Please justify your answer. (4 Points)

 

5.     Assume that passwords are limited to the use of the 100 printable ASCII characters and that all passwords are 9 characters in length.  Assume a password cracker with an encryption rate of 6 million encryptions per second.  How long will it take to test exhaustively all possible passwords on a UNIX system?

 

 

Part 3: Short Essay (20 points). Please restrict your answer to three (3) pages (double spaced) or less.  You must cite all sources of information if any.

 

Mike Information Technology, Inc. (MITI) is a fictional multi-national company providing outsourced financial services to a variety of clients across many industries, including commercial and government entities. MITI specializes in billing and invoicing services, in which JATI receives relevant data from its clients and processes the data to produce the invoices, monthly statements, and other billing items that are sent to MITI's clients' customers. MITI employees serve the company's customers both on-site at customer locations and while working in MITI facilities. MITI employees routinely store data related to multiple clients on their company-issued laptops.

 

MITI's Chief Information Officer, having read of the numerous data breaches reported among commercial and government organizations, has become concerned about the risk to MITI's customers and potentially the company's reputation if MITI were to experience a similar breach. He has tasked you, the Director of Information Security, to create a new corporate policy regarding the protection of client and company confidential data stored on employee computers, particularly including laptops. Respond to each of the following, taking into account material we have studied in this course regarding threats and vulnerabilities. Cite the pertinent sources used in your answer. Be specific and briefly but fully explain and give reasons for your answers.

 

a.     Summarize the primary vulnerabilities and potential threats that exist for MITI related to the practice of storing sensitive data on laptops. Use your answer to clarify the difference between vulnerabilities and threats (if there are any). In your opinion, which of the risks MITI faces are most significant to the company?

 

b.     What measures would you propose to senior management to try to prevent a breach of data held by MITI? Your response should include recommendations for mitigating vulnerabilities identified in part (a).

 

c.     Discuss the key characteristics of a policy statement and write one specifying employee and company responsibilities for protecting client and corporate data, such as the data stored on employee laptops. Be sure to address requirements for protecting the data from theft, and for rendering the data unusable should it be compromised.

 

 

 

Note please answer the above questions a-c separately.  Your total answer to all three questions should be restricted to three (3) pages (double spaced with font size 12) or less.  In addition to the answer, you must cite all sources of information if any.   

Subject Computer
Due By (Pacific Time) 03/29/2014 09:00 am
Report DMCA
TutorRating
pallavi

Chat Now!

out of 1971 reviews
More..
amosmm

Chat Now!

out of 766 reviews
More..
PhyzKyd

Chat Now!

out of 1164 reviews
More..
rajdeep77

Chat Now!

out of 721 reviews
More..
sctys

Chat Now!

out of 1600 reviews
More..
sharadgreen

Chat Now!

out of 770 reviews
More..
topnotcher

Chat Now!

out of 766 reviews
More..
XXXIAO

Chat Now!

out of 680 reviews
More..
All Rights Reserved. Copyright by AceMyHW.com - Copyright Policy