Chapter 1

1.A threat is an object, person, or other entity that represents a constant danger
to an asset.
A threat agent is an object, person, or other entity that launches an attack to
damage or steal
an organization�s information or physical asset.

2.A vulnerability is an identified weakness in a controlled system, where controls

are not present or no longer effective.
An exposure is a single instance when a system is open to damage. Vulnerabilities
can be the cause of an exposure.

3.The securing process of the confidential data in a system or an organization from

the unauthorized users like hackers
or attacker i known as information security

4.DoMINANT SECURITY OF COMPUTING IN EARLY STAGES

> In early stage of computing , the only security concerned with computing is
physical security

5.CONFIDENTIALITY
"Confidentiality is the security principle that controls access to information.
It is designed to ensure the wrong people cannot gain access to sensitive
information while ensuring the right people can access it."
INTEGRITY
"The second component of the triad, integrity assures the sensitive data is
trustworthy and accurate. Consistency, accuracy, and trustworthiness of data should
be maintained over its life cycle.
Sensitive data should not be altered in transit, and security measures, such as
file permissions and user access controls, should be taken to make sure that it
cannot be modified by unauthorized users."
AVAILABILITY
"Availability is the guarantee of reliable and constant access to your sensitive
data by authorized people. It is best guaranteed by properly maintaining all
hardware and software necessary to ensure the availability of sensitive data.
It�s also important to keep up with system upgrades. Providing adequate
communication throughput and preventing bottleneck helps as well. Redundancy,
failover, RAID, and clustering are important measures that should be considered to
avoid serious availability problems."

7.The CIA triangle is still used because it addresses major concerns with the
vulnerability of information systems.

8.Software, Hardware, Data, People, Procedures and Networks.

All six of these components are impacted by the study of computer security.

9.There is no correct answer without qualifying which multiuser systems are being
discussed. All modern operating systems have inherited traits and abilities from
other older multiuser systems. There are multiple multiuser operating systems
currently in use.
IBM has their mainframe system (Z/os) as well as IBM i, both multiuser systems
are unique from each other and from other systems. IBM also has AIX, a descendant
of unix. Current unix systems go back to the original�

10.The RAND REPORT R-609

11.Top down is superior ti buttom up approach because the top down approach has the
top level managers who will assign the goals to be achieved,
 procedures and process to achieve them and has the expectef outcomes.

12.Methodology is a technique that has a sequence of all procedures to complete the

task.
It is important in information security because it ensures that the data is
stored in orderly and secured manner.
It has the process of identifying the threats and also the procedures to remove
the threats like hacker.

13.

18.Rand Report R-609 was the first widely recognized published document to identify
the role of management and policy issues in computer security.