Академический Документы
Профессиональный Документы
Культура Документы
1.A threat is an object, person, or other entity that represents a constant danger
to an asset.
A threat agent is an object, person, or other entity that launches an attack to
damage or steal
an organization�s information or physical asset.
5.CONFIDENTIALITY
"Confidentiality is the security principle that controls access to information.
It is designed to ensure the wrong people cannot gain access to sensitive
information while ensuring the right people can access it."
INTEGRITY
"The second component of the triad, integrity assures the sensitive data is
trustworthy and accurate. Consistency, accuracy, and trustworthiness of data should
be maintained over its life cycle.
Sensitive data should not be altered in transit, and security measures, such as
file permissions and user access controls, should be taken to make sure that it
cannot be modified by unauthorized users."
AVAILABILITY
"Availability is the guarantee of reliable and constant access to your sensitive
data by authorized people. It is best guaranteed by properly maintaining all
hardware and software necessary to ensure the availability of sensitive data.
It�s also important to keep up with system upgrades. Providing adequate
communication throughput and preventing bottleneck helps as well. Redundancy,
failover, RAID, and clustering are important measures that should be considered to
avoid serious availability problems."
7.The CIA triangle is still used because it addresses major concerns with the
vulnerability of information systems.
9.There is no correct answer without qualifying which multiuser systems are being
discussed. All modern operating systems have inherited traits and abilities from
other older multiuser systems. There are multiple multiuser operating systems
currently in use.
IBM has their mainframe system (Z/os) as well as IBM i, both multiuser systems
are unique from each other and from other systems. IBM also has AIX, a descendant
of unix. Current unix systems go back to the original�
11.Top down is superior ti buttom up approach because the top down approach has the
top level managers who will assign the goals to be achieved,
procedures and process to achieve them and has the expectef outcomes.
13.
18.Rand Report R-609 was the first widely recognized published document to identify
the role of management and policy issues in computer security.