Вы находитесь на странице: 1из 2

Rodel Reyes CST-200A Week 1 Day 1 10/11/2013 Nicole Stone Chapter 1: Exercises 1 and 3 Complete exercises 1 and 3 under

the Exercises heading at the end of chapter 1 in your textbook. Submit completed assignment to your instructor using ACOT e-Learn. 1. Look up the paper that started the study of computer security. Prepare a summary of the key points. What in this paper specifically addresses security in areas previously unexamined? The paper that started the study of computer security is actually a report created by a task force organized in 1967 by the Advanced Research Projects Agency to study and recommend appropriate computer security safeguards that would protect classified information in multi-access, resource-sharing computer systems. The report was published in 1970 by the Rand Corporation under the auspices of the Defense Science Board and is known as the Rand Report R -609. The report is still a very valuable comprehensive discussion of security controls for resource-sharing computer systems. In summary the report discusses the nature of information security, specifically that of the security of classified information within the framework of multi-access resource-sharing computer systems and how to protect it from being compromised. It goes into detail by outlining the structure and functions of computer information systems and how certain areas such as users, environment, software, hardware, and communication links are a very important aspect of information security. It hints that these areas have vulnerabilities which could be exploited and used as a focal point for an active infiltration and intrusion into the system. It puts forth some important policy considerations and recommendations that is based on the fundamental principles of the responsibilities and functions of the individuals and users who are handling the classified information and the institution of safeguards and controls to protect that information by means of proactive certifications, access classifications, levels of clearance to the information. It also includes various technical recommendations as to the types of computer hardware and software needed to achieve the objectives of information security. In addition to the overall policy guidance and the technical methods necessary for an effective security system, it stresses the fact that there must also be an effective set of management and administrative controls and procedures, especially those governing the flow of information to and from the computer system and over the movement and actions within the system environment of people and movable components.1 As far as what in this paper specifically addresses security in areas previously unexamined, it states that we must be aware of the points of vulnerability, which may be thought of as leakage points, and provide adequate mechanisms to counteract both accidental and deliberate events. The specific leakage points touched upon can be classified in five groups: organizational (users and procedures), physical surroundings, hardware, software, and communication links. The overall safeguarding of information in a computer system, regardless of configuration, is achieved by a combination of protection features aimed at the different areas of leakage points.2

[Reference (for paragraphs 1 and 2 above): Security Controls for Computer Systems, Report of the Defense Science Board Task Force on Computer Security, published for the Office of the Secretary of Defense, edited by Willis H. Ware, R-609-1, reissued October 1979 by the Rand Corporation.]

3. Consider the information stored on your personal computer. For each of the terms listed, find an example and document it: threat, threat agent, vulnerability, exposure, risk, attack, and exploit. Threat a computer virus that prohibits me from accessing my Microsoft Money financial software or actually transmits the information contained within to unscrupulous elements. Threat Agent a hacker responsible for the computer virus or trojan that downloads it to my computer by means of file-sharing or social-engineering techniques with the sole purpose of stealing my financial information. Vulnerability this happens when my antivirus or security software is not updated automatically or windows updates are not done in time. It could provide an open door for a recently engineered computer virus or malware that my outdated security software cannot detect or eliminate. Exposure - there is a certain point when I accidentally turn off my firewall or antivirus software when I am surfing the internet and then it has a very high chance of being exposed to malware. It could also happen if I were to download software from peer-to-peer or torrent sites deemed to be unsafe. Risk an application or software that I downloaded on the web that is reported to be potentially unsafe and untrusted but I still went ahead and downloaded it and ignored the warnings. I am gambling that this software may or may not be harmful to my computer system. Attack when there is noticeably a very high rate of network, disk, and memory activity which considerably slows my computer's performance to standstill but I was not really doing anything to precipitate it like having several resource-intensive applications open at the same time then there is a high rate of probability that I am being victimized by a hacker attack. Exploit the potentially unsafe application software that I downloaded earlier actually contains a malware script that disables my antivirus and other security software and downloads a keylogger or rootkit which in turn transmits my critical personal and financial data.