7/27/2019 W1D1CST200A

http://slidepdf.com/reader/full/w1d1cst200a 1/2

Rodel Reyes

CST-200A

Week 1 Day 1

10/11/2013

Nicole Stone

Chapter 1: Exercises 1 and 3

Complete exercises 1 and 3 under the “Exercises” heading at the end of chapter 1 in your textbook.

Submit completed assignment to your instructor using ACOT e-Learn.

1. Look up “the paper that started the study of computer security.” Prepare a summary of the key

points. What in this paper specifically addresses security in areas previously unexamined?

The paper that started the study of computer security is actually a report created by a task force

organized in 1967 by the Advanced Research Projects Agency to study and recommend appropriate

computer security safeguards that would protect classified information in multi-access,

resource-sharing computer systems. The report was published in 1970 by the Rand Corporation

under the auspices of the Defense Science Board and is known as the “Rand Report R-609”. The

report is still a very valuable comprehensive discussion of security controls for resource-sharing

computer systems. In summary the report discusses the nature of information security, specifically

that of the security of classified information within the framework of multi-access resource-sharing

computer systems and how to protect it from being compromised. It goes into detail by outlining the

structure and functions of computer information systems and how certain areas such as users,

environment, software, hardware, and communication links are a very important aspect of information

security. It hints that these areas have vulnerabilities which could be exploited and used as a focal

point for an active infiltration and intrusion into the system. It puts forth some important policy

considerations and recommendations that is based on the fundamental principles of theresponsibilities and functions of the individuals and users who are handling the classified information

and the institution of safeguards and controls to protect that information by means of proactive

certifications, access classifications, levels of clearance to the information. It also includes various

technical recommendations as to the types of computer hardware and software needed to achieve the

objectives of information security. In addition to the overall policy guidance and the technical

methods necessary for an effective security system, it stresses the fact that there must also be an

effective set of management and administrative controls and procedures, especially those governing

the flow of information to and from the computer system and over the movement and actions within

the system environment of people and movable components.1 

As far as what in this paper specifically addresses security in areas previously unexamined, it

states that we must be aware of the points of vulnerability, which may be thought of as leakage points,

and provide adequate mechanisms to counteract both accidental and deliberate events. The specific

leakage points touched upon can be classified in five groups: organizational (users and procedures),

physical surroundings, hardware, software, and communication links. The overall safeguarding of 

information in a computer system, regardless of configuration, is achieved by a combination of 

protection features aimed at the different areas of leakage points.2 

7/27/2019 W1D1CST200A

http://slidepdf.com/reader/full/w1d1cst200a 2/2

[Reference (for paragraphs 1 and 2 above): Security Controls for Computer Systems, Report of the

Defense Science Board Task Force on Computer Security, published for the Office of the Secretary of 

Defense, edited by Willis H. Ware, R-609-1, reissued October 1979 by the Rand Corporation.]

3. Consider the information stored on your personal computer. For each of the terms listed, find an

example and document it: threat, threat agent, vulnerability, exposure, risk, attack, and exploit.

Threat – a computer virus that prohibits me from accessing my Microsoft Money financial software or

actually transmits the information contained within to unscrupulous elements.

Threat Agent – a hacker responsible for the computer virus or trojan that downloads it to my computer

by means of file-sharing or social-engineering techniques with the sole purpose of stealing my financial

information.

Vulnerability – this happens when my antivirus or security software is not updated automatically or

windows updates are not done in time. It could provide an open door for a recently engineered

computer virus or malware that my outdated security software cannot detect or eliminate.

Exposure - there is a certain point when I accidentally turn off my firewall or antivirus software when I

am surfing the internet and then it has a very high chance of being exposed to malware. It could also

happen if I were to download software from peer-to-peer or torrent sites deemed to be unsafe.

Risk – an application or software that I downloaded on the web that is reported to be potentially unsafe

and untrusted but I still went ahead and downloaded it and ignored the warnings. I am gambling that

this software may or may not be harmful to my computer system.

Attack – when there is noticeably a very high rate of network, disk, and memory activity whichconsiderably slows my computer's performance to standstill but I was not really doing anything to

precipitate it like having several resource-intensive applications open at the same time then there is a

high rate of probability that I am being victimized by a hacker attack.

Exploit – the potentially unsafe application software that I downloaded earlier actually contains a

malware script that disables my antivirus and other security software and downloads a keylogger or

rootkit which in turn transmits my critical personal and financial data.