1. Explain the cuckoo’s egg exploit using the 4 security tenets of confidentiality, integrity, availability, and accountability.
2. Questions - answer, and remember to cite chapters:
ANSWER
The basic tenets of information system security are confidentiality, integrity, and availability, sometimes known as the CIA triad.
1. Preventing the modification of information by unauthorized users.
2. Preventing the unauthorized or unintentional modification of information by authorized users
3. Preserving internal and external consistency:
a). Internal consistency refers to a logical connection among data in the system. For example, assume that an internal database holds the number of units of a particular item in each department of an organization. The sum of the number of units in each department should equal the total number of units that the database has recorded internally for the whole organization.
b). External consistency refers to a logical connection among objects in the real world and their representations in the system. Using the example previously discussed in (a), external consistency means that the number of items recorded in the database for each department is equal to the number of items that physically exist in that department.
Availability ensures that a system’s authorized users have timely and uninterrupted access to the information in the system. Additional factors that support information system security are:
Availability:
1. Explain the cuckoo’s egg exploit using the 4 security tenets of confidentiality, integrity, availability, and...
Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage Explain the cuckoo’s egg exploit using the 4 security tenets of confidentiality, integrity, availability, and accountability.
I need a particular security issue or vulnerability related to a linux service and explore its implications with regard to confidentiality, integrity, or availability of enterprise data. discuss specific administrative or technical security controls that may effectively mitigate the issue or vulnerability. some areas for you to consider may include: •absence of hardened systems. •legacy third-party applications. •nonexistence of data backups. •ineffective enforcement of password policies. •poor linux operating system patch management.
Chapter 06 Applied Cryptography 1. How is integrity provided? A. Using two-way hash functions and digital signatures B. Using one-way hash functions and digital signatures C. By applying a digital certificate D. By using asymmetric encryption 2. Which term refers to the matching of a user to an account through previously shared credentials? A. Nonrepudiation B. Digital signing C. Authentication D. Obfuscation 3. Which term refers to an arranged group of algorithms? A. Crypto modules B. Cryptographic service providers (CSPs)...
The discussion: 150 -200 words. Auditing We know that computer security audits are important in business. However, let’s think about the types of audits that need to be performed and the frequency of these audits. Create a timeline that occurs during the fiscal year of audits that should occur and “who” should conduct the audits? Are they internal individuals, system administrators, internal accountants, external accountants, or others? Let me start you: (my timeline is wrong but you should use some...
A new version of the operating system is being planned for installation into your department’s production environment. What sort of testing would you recommend is done before your department goes live with the new version? Identify each type of testing and describe what is tested. Explain the rationale for performing each type of testing. [ your answer goes here ] Would the amount of testing and types of testing to be done be different if you were installing a security...
Risk management in Information Security today Everyday information security professionals are bombarded with marketing messages around risk and threat management, fostering an environment in which objectives seem clear: manage risk, manage threat, stop attacks, identify attackers. These objectives aren't wrong, but they are fundamentally misleading.In this session we'll examine the state of the information security industry in order to understand how the current climate fails to address the true needs of the business. We'll use those lessons as a foundation...