W1D1CST200A
Transcript of W1D1CST200A
7/27/2019 W1D1CST200A
http://slidepdf.com/reader/full/w1d1cst200a 1/2
Rodel Reyes
CST-200A
Week 1 Day 1
10/11/2013
Nicole Stone
Chapter 1: Exercises 1 and 3
Complete exercises 1 and 3 under the “Exercises” heading at the end of chapter 1 in your textbook.
Submit completed assignment to your instructor using ACOT e-Learn.
1. Look up “the paper that started the study of computer security.” Prepare a summary of the key
points. What in this paper specifically addresses security in areas previously unexamined?
The paper that started the study of computer security is actually a report created by a task force
organized in 1967 by the Advanced Research Projects Agency to study and recommend appropriate
computer security safeguards that would protect classified information in multi-access,
resource-sharing computer systems. The report was published in 1970 by the Rand Corporation
under the auspices of the Defense Science Board and is known as the “Rand Report R-609”. The
report is still a very valuable comprehensive discussion of security controls for resource-sharing
computer systems. In summary the report discusses the nature of information security, specifically
that of the security of classified information within the framework of multi-access resource-sharing
computer systems and how to protect it from being compromised. It goes into detail by outlining the
structure and functions of computer information systems and how certain areas such as users,
environment, software, hardware, and communication links are a very important aspect of information
security. It hints that these areas have vulnerabilities which could be exploited and used as a focal
point for an active infiltration and intrusion into the system. It puts forth some important policy
considerations and recommendations that is based on the fundamental principles of theresponsibilities and functions of the individuals and users who are handling the classified information
and the institution of safeguards and controls to protect that information by means of proactive
certifications, access classifications, levels of clearance to the information. It also includes various
technical recommendations as to the types of computer hardware and software needed to achieve the
objectives of information security. In addition to the overall policy guidance and the technical
methods necessary for an effective security system, it stresses the fact that there must also be an
effective set of management and administrative controls and procedures, especially those governing
the flow of information to and from the computer system and over the movement and actions within
the system environment of people and movable components.1
As far as what in this paper specifically addresses security in areas previously unexamined, it
states that we must be aware of the points of vulnerability, which may be thought of as leakage points,
and provide adequate mechanisms to counteract both accidental and deliberate events. The specific
leakage points touched upon can be classified in five groups: organizational (users and procedures),
physical surroundings, hardware, software, and communication links. The overall safeguarding of
information in a computer system, regardless of configuration, is achieved by a combination of
protection features aimed at the different areas of leakage points.2
7/27/2019 W1D1CST200A
http://slidepdf.com/reader/full/w1d1cst200a 2/2
[Reference (for paragraphs 1 and 2 above): Security Controls for Computer Systems, Report of the
Defense Science Board Task Force on Computer Security, published for the Office of the Secretary of
Defense, edited by Willis H. Ware, R-609-1, reissued October 1979 by the Rand Corporation.]
3. Consider the information stored on your personal computer. For each of the terms listed, find an
example and document it: threat, threat agent, vulnerability, exposure, risk, attack, and exploit.
Threat – a computer virus that prohibits me from accessing my Microsoft Money financial software or
actually transmits the information contained within to unscrupulous elements.
Threat Agent – a hacker responsible for the computer virus or trojan that downloads it to my computer
by means of file-sharing or social-engineering techniques with the sole purpose of stealing my financial
information.
Vulnerability – this happens when my antivirus or security software is not updated automatically or
windows updates are not done in time. It could provide an open door for a recently engineered
computer virus or malware that my outdated security software cannot detect or eliminate.
Exposure - there is a certain point when I accidentally turn off my firewall or antivirus software when I
am surfing the internet and then it has a very high chance of being exposed to malware. It could also
happen if I were to download software from peer-to-peer or torrent sites deemed to be unsafe.
Risk – an application or software that I downloaded on the web that is reported to be potentially unsafe
and untrusted but I still went ahead and downloaded it and ignored the warnings. I am gambling that
this software may or may not be harmful to my computer system.
Attack – when there is noticeably a very high rate of network, disk, and memory activity whichconsiderably slows my computer's performance to standstill but I was not really doing anything to
precipitate it like having several resource-intensive applications open at the same time then there is a
high rate of probability that I am being victimized by a hacker attack.
Exploit – the potentially unsafe application software that I downloaded earlier actually contains a
malware script that disables my antivirus and other security software and downloads a keylogger or
rootkit which in turn transmits my critical personal and financial data.