I need the answers for the following questions, you also can download the book as a PDF file from the link http://www.4shared.com/office/6jZypRM5/Principles_of_Information_Secu.html?:
but I need the first 3 chapters to get done within 12 hours from now. And I can wait more time for the rest of them.
The next day at SLS found everyone in technical support busy restoring computer systems to their former state and installing new virus and worm control software. Amy found herself learning how to install desktop computer operating systems and applications as SLS made a heroic effort to recover from the attack of the previous day. Questions:
Do you think this event was caused by an insider or outsider? Why do you think this?
Other than installing virus and worm control software, what can SLS do to prepare for the next incident?
Do you think this attack was the result of a virus, or a worm? Why do you think this?
1-Using the Internet, browse to http://www.us-cert.gov/ and find the most recent CERT advisory. What threat group and threat category does this advisory warn against?
2-Using the Internet, find and read the SANS/FBI Top 20 Vulnerabilities. Choose one of the 20 vulnerabilities listed and identify the threat group and threat category it warns about.
3-What is the difference between a threat and an attack? How do exploits relate to vulnerabilities?
4-Is there an ethically acceptable reason to study and use the various attack methods described in this chapter?
Case Exercises: Soon after the board of directors meeting, Charlie was promoted to CISO, a new position that reports to the CIO Gladys Williams, and that was created to provide leadership for SLS’s efforts to improve its security profile. Questions:
How do Fred, Gladys, and Charlie perceive the scope and scale of the new information security effort?
Which of the threats discussed in this chapter should receive Charlie’s attention early in his planning process?
- How will Fred measure success when he evaluates Gladys’ performance for this project? How about Charlie’s performance?
Also list the three types of management of security policies, according to The National Institute of Standards and Technology’s Special Publication 800-14.
2-Design of Security Architecture
List one of the sections that outline key security architectural components. To assess whether a framework and/or blueprint are on target to meet an organization’s needs you must have a working knowledge of these security architecture components.
3-What does SETA programs mean? Comment on one other students posting under this thread.
4-Managers in the IT and information security communities are called on to provide strategic planning to assure the continuous availability of information systems. What are these continuity strategies?