11/6/25, 8:17 PM CSE 4471
Science Computer Science Computer Security and Reliability
CSE 4471 Exam 1 Information Security, Ohio State
University-Main Campus \complete questions and
correct detailed answers \verified answers
Information System Software, Hardware, Data, People, Procedure, Network
Protection of information and critical elements including
Information Security
use, storage, and transmission. Uses policy, awareness,
training, education, and technology
Key component in information system, subject or object
Computer
of attack - can be on either side of the attack
Between protection and availability. Level must allow
Balance
access to authorized users, but protect against
threats.
CIA Triangle Confidentiality, Integrity, Availability
Began with the first mainframes in WWII, with ARPA.
History of Information Rand Report R-609 began study of safety of data,
Security
limiting unauthorized access, involvement of
personnel from multiple levels of an organization
Access Ability to interact with resource, illegal or legal
Asset Specific resource of value
Attack Act, intentional or unintentional that may damage asset
Countermeasure Mechanism or policy intended to improve security
/ 1/1
5
, 11/6/25, 8:17 PM CSE 4471
Exploit Technique used to compromise a system
Loss Instance of asset suffering damage
Threat Agent Person/system who uses exploit to instantiate threat
Vulnerability System weakness or fault that decreases security
Available Attribute which is accessible for use w/o obstruction
Accurate Attribute which is free from errors
Authentic Attribute which is genuine
Confidential Attribute which has access restrictions
Integrity Attribute which is complete and uncorrupted
Utility Attribute which has useful purpose
Possession Attribute which describes data ownership
Transmission, Storage,
CNSS Security Model Processing Confidentiality,
Integrity, Availability
Education, Policy,
Technology
Applications, OS, Utility. Difficult to secure, bugs can be
Software
exploited, created under time/cost constraints and
security is usually an afterthought
Physical computational technology - often no
Hardware
guarantee of security if physical access to
hardware is gained
Physical communication technology - no guarantee if
Networks
physical access is gained, miles of coverage,
increased potential for access by unauthorized
users
Stored, processed, or transmitted assets. Most
Data
valuable, wide variation of usage, approach is often
haphazard, inconsistent, and solutions often
impede access
Protection of written instruction and policy - often
Procedures
overlooked and loss thereof can result in loss
C-2 TCSEC Discretionary Grant/deny access to specific resources to users/groups
Access Control
C-2 TCSEC Individual User identification via unique password
Authentication/Login
C-2 TCSEC Object Reuse Memory and disk must not be readable after deletion
/ 2/1
5
Science Computer Science Computer Security and Reliability
CSE 4471 Exam 1 Information Security, Ohio State
University-Main Campus \complete questions and
correct detailed answers \verified answers
Information System Software, Hardware, Data, People, Procedure, Network
Protection of information and critical elements including
Information Security
use, storage, and transmission. Uses policy, awareness,
training, education, and technology
Key component in information system, subject or object
Computer
of attack - can be on either side of the attack
Between protection and availability. Level must allow
Balance
access to authorized users, but protect against
threats.
CIA Triangle Confidentiality, Integrity, Availability
Began with the first mainframes in WWII, with ARPA.
History of Information Rand Report R-609 began study of safety of data,
Security
limiting unauthorized access, involvement of
personnel from multiple levels of an organization
Access Ability to interact with resource, illegal or legal
Asset Specific resource of value
Attack Act, intentional or unintentional that may damage asset
Countermeasure Mechanism or policy intended to improve security
/ 1/1
5
, 11/6/25, 8:17 PM CSE 4471
Exploit Technique used to compromise a system
Loss Instance of asset suffering damage
Threat Agent Person/system who uses exploit to instantiate threat
Vulnerability System weakness or fault that decreases security
Available Attribute which is accessible for use w/o obstruction
Accurate Attribute which is free from errors
Authentic Attribute which is genuine
Confidential Attribute which has access restrictions
Integrity Attribute which is complete and uncorrupted
Utility Attribute which has useful purpose
Possession Attribute which describes data ownership
Transmission, Storage,
CNSS Security Model Processing Confidentiality,
Integrity, Availability
Education, Policy,
Technology
Applications, OS, Utility. Difficult to secure, bugs can be
Software
exploited, created under time/cost constraints and
security is usually an afterthought
Physical computational technology - often no
Hardware
guarantee of security if physical access to
hardware is gained
Physical communication technology - no guarantee if
Networks
physical access is gained, miles of coverage,
increased potential for access by unauthorized
users
Stored, processed, or transmitted assets. Most
Data
valuable, wide variation of usage, approach is often
haphazard, inconsistent, and solutions often
impede access
Protection of written instruction and policy - often
Procedures
overlooked and loss thereof can result in loss
C-2 TCSEC Discretionary Grant/deny access to specific resources to users/groups
Access Control
C-2 TCSEC Individual User identification via unique password
Authentication/Login
C-2 TCSEC Object Reuse Memory and disk must not be readable after deletion
/ 2/1
5
