•What is the difference between a threat agent and a threat? Threat and Threat agent is on page 11.
•What is the difference between vulnerability and exposure? Exposure page 10. Vunerability page 11.
•How has the definition of “hack” evolved over the last 30 years?
•What type of security was dominant in the early years of computing? Secure physical locations, hardware, and software from threats. Means of badges, keys, and facial recognition by security guards.
•What are the three components of the C.I.A. triangle? What are they used for? Confidentiality, integrity, availability.
Confidentiality page 13. Integrity page 13(bottom) and 14. Availability page 12.
•Among the five components of an information systems, which are most directly affected by the study of computer security? People I believe
•What paper is the foundation of all subsequent studies of computer security? It began with Rand Report R-609, sponsored by the Department of Defense, which attempted to define multiple controls and mechanisms necessary for the protection of a multilevel computer system. Page 5 and 6 for more on rand.
•Who is involved in the security development life cycle? Who leads the process? Senior executive: Champion leads the process.
Page 30 shows all of them.
•Who is ultimately responsible for the security of information in the organization? Chief information security officer page 29 at bottom
•What is the relationship between the MULTICS project and early development of computer security?
•What was important about Rand Report R-609?
•Who decides how and when data in an organization will be used or controlled? Who is responsible for seeing these wishes are carried out? •Who should lead a security team? Should the approach to security be more managerial or technical?