$1.$ What is the difference between vulnerability and exposure?

o$$ Answer:

$2.$ What is a loss in the context of information security?

o$$ Answer:

$3.$ What type of security was dominant in the early years of computing?

o$$ Answer:

$4.$ What are the three components of the C$.$I.A$.$ triad? What are they used for?

o$$ Answer:

$5.$ If the C$.$I.A$.$ triad is incomplete, why is it so commonly used in security?

o$$ Answer:

$6.$ Describe the critical characteristics of information. How are they used in the study of computer security?

o$$ Answer:

$7.$ Identify the components of an information system. Which of the components are most directly affected by the study of computer security?

o$$ Answer:

$8.$ What is the McCumber Cube, and what purpose does it serve?

o$$ Answer:

$9.$ Which paper is the foundation of all subsequent studies of computer security?

o$$ Answer:

$10.$ Why is the top$-$down approach to information security superior to the bottom$-$up approach?

o$$ Answer:

$11.$ Describe the need for balance between information security and access to information in information systems.

o$$ Answer:

$12.$ How can the practice of information security be described as both an art and a science? How does the view of security as a social science influence its practice?

o$$ Answer:

$13.$ Who is ultimately responsible for the security of information in the organization?

o$$ Answer:

$14.$ What is the relationship between the MULTICS project and the early development of computer security?

o$$ Answer:

$15.$ How has computer security evolved into modern information security?

o$$ Answer:

$16.$ What was important about RAND Report R$-609?$

o$$ Answer:

$17.$ Who decides how and when data in an organization will be used or controlled? Who is responsible for seeing that these decisions are carried out?

o$$ Answer:

$18.$ Who should lead a security team? Should the approach to security be more managerial or technical?

o$$ Answer:

$19.$ Besides the champion and team leader, who should serve on an information security project team?

o$$ Answer:

Module $02$: The Need for Security Review Questions

$1.$ Why is information security a management problem? What can management do that technology cannot?

o$$ Answer:

$2.$ Why is data the most important asset an organization possesses? What other assets in the organization require protection?

o$$ Answer:

$3.$ Which management groups are responsible for implementing information security to protect the organization$$s ability to function?

o$$ Answer:

$4.$ Has the implementation of networking technology, such as the cloud, created more or less risk for businesses that use information technology? Why?

o$$ Answer:

$5.$ What is information extortion? Describe how such an attack can cause losses, using an example not found in the text.

o$$ Answer:

$6.$ Why are employees among the greatest threats to information security?

o$$ Answer:

$7.$ How can you protect against shoulder surfing?

o$$ Answer:

$8.$ How has the perception of the hacker changed over recent years? What is the profile of a hacker today?

o$$ Answer:

$9.$ What is the difference between a skilled hacker and an unskilled hacker, other than skill levels? How does the protection against each differ?

o$$ Answer:

$10.$ What are the various types of malware? How do worms differ from viruses? Do Trojan horses carry viruses or worms?

o$$ Answer:

$11.$ Why does polymorphism cause greater concern than traditional malware? How does it affect detection?

o$$ Answer:

$12.$ What is the most common violation of intellectual property? How does an organization protect against it$?$ What agencies fight it$?$

o$$ Answer:

$13.$ What are the various forces of nature? Which type might be of greatest concern to an organization in Las Vegas? Jakarta? Oklahoma City? Amsterdam? Miami? Tokyo?

o$$ Answer:

$14.$ How is technological obsolescence a threat to information security? How can an organization protect against it$?$

o$$ Answer:

$15.$ Does the intellectual property owned by an organization usually have value? If so$,$ how can attackers threaten that value?

o$$ Answer:

$16.$ What are the types of password attacks? What can a systems administrator do to protect against them?

o$$ Answer:

$17.$ What is the difference between a denial$-$of$-$service attack and a distributed denial$-$of$-$service attack? Which is more dangerous? Why?

o$$ Answer:

$18.$ For a sniffer attack to succeed, what must the attacker do$?$ How can an attacker gain access to a network to use the sniffer system?

o$$ Answer:

$19.$ What methods would a social engineering hacker use to gain information about a user$$s login ID and password? How would these methods differ depending on the user$$s position in the company?

o$$ Answer:

$20.$ What is a buffer overflow, and how is it used against a Web server?

o$$ Answer: