SECURITY IN COMPUTING: COMPUTER SECURITY, SOFTWARE ASSURANCE, HARDWARE ASSURANCE, & SECURITY MANAGEMENT
1. What three things most an attacker have and why?
2. Explain the difference between a vulnerability, threat, and control. Define each and please provide example of each.
3. List the three fundamental security properties and for each give an example of a failure. When are you considered secure?
4. What profile characterizes a typical computer criminal and why?
5. List three factors that should be considered when developing a security plan and describe why.
6. Describe what is DACL and RBACL and how it works. When would you use one versus another?
7. What are the goals of an operating system and their support activities?
8. What are the methods of defense and provide examples? How do you deal with the harm?
9. Describe the fundamental principles in both the Bell-LaPadula and Biba security models. For each, explain what sort of security the model is intended to provide, the two key properties of the model, and then explain in your own words why each of the properties makes sense from a security standpoint.
10. What is the difference between inference and aggregation? Give an example of each, and describe at least one way to mitigate each type of vulnerability.
11. When do we say that an operating system is trusted?
12. Describe the difference between least privilege and separation of duty. Which one would you use to secure an Accounting system and why?
13. When is the use of qualitative risk analysis preferable to quantitative methods?