11/6/25, 8:23 PM CSE 4471 Midterm|
Science Computer Science Computer Security and Reliability
CSE 4471 Midterm Exam Information Security, Ohio
State University-Main Campus \complete questions
and correct detailed answers \verified answers
software, hardware, data, people, procedures, and
Information System
Components networks necessary to use information as a resource
in the organization
Security The quality or state of being secure -- to be free from danger
Security Layers Physical, personal, operations, communications, network,
information
(Investigation)
Determine goals of security project scope and define project
Evolution determine organizational feasibility
enumerate specific threat impacts analyze potential legal issues
Analyze risk evaluation and management
business continuity plan incident response plan disaster recovery
plan
implementation plan component selection success criteria
Design
build/buy components integrate
Implementation educate user community
evaluate daily-use tools feed-back from users
simulated business disruption simulated natural disaster
Testing measure results vs success criteria
/ 1/1
6
,11/6/25, 8:23 PM CSE 4471 Midterm|
The protection of information and its critical elements,
Information Security
including systems that use, store, and transmit that
information.
CIA Confidentiality, Integrity, and Availability
IS Tools policy, awareness, training, and technology
Security should be a balance protection and availability
between ____ and ____.
x(Confidentiality, Integrity, Availability) z(Policy,
CNSS Model (McCumber
Cube) Education, Technology) y(Storage, Processing,
Transmission)
accuracy describes how free of errors the data is
authenticity describes how genuine the data is
availability describes how accessible the data is
confidentiality describes how data is protected from unauthorized access
integrity describes the completeness and consistency of the data
possession describes the legitimacy of the data's ownership
utility describes the value or usefulness of the data
Rand Report R-609 IS was conceptually defined by this paper, started computer
security
access the ability to interact with a resource, legitimately or otherwise
asset a specific resource of value
attack an act, intentional or not, that may damage an asset
countermeasure a specific mechanism or policy intended to improve security
exploit a technique used to compromise an information system
loss an instance of an information asset suffering damage
threat an object, person, or other entity which represents a danger to
assets
threat agent a person or system who uses exploits to instantiate threats
vulnerability a system weakness or fault which decreases security
discretionary access
control individual
authentication
C-2 Security
object
reuse
audit
trails
resource
/ 2/1
6
, 11/6/25, 8:23 PM CSE 4471 Midterm|
isolation
private files
must be possible to grant/deny access to specific
discretionary access control
resources to named users or groups of users
individual authentication user must identify themselves in a unique manner
object reuse memory and disk must not be readable after delete
audit-able actions must associate with user, access to
audit trails
audit data must be limited to admins
systems protected from external modification of running
resource isolation
operating system or stored system files
security-related events accessible only by systems
private files
admin but sys admin cannot read other users files
Security Development Life- evolution->analyze->design->implementation->testing
cycle (SDLC)
/ 3/1
6
Science Computer Science Computer Security and Reliability
CSE 4471 Midterm Exam Information Security, Ohio
State University-Main Campus \complete questions
and correct detailed answers \verified answers
software, hardware, data, people, procedures, and
Information System
Components networks necessary to use information as a resource
in the organization
Security The quality or state of being secure -- to be free from danger
Security Layers Physical, personal, operations, communications, network,
information
(Investigation)
Determine goals of security project scope and define project
Evolution determine organizational feasibility
enumerate specific threat impacts analyze potential legal issues
Analyze risk evaluation and management
business continuity plan incident response plan disaster recovery
plan
implementation plan component selection success criteria
Design
build/buy components integrate
Implementation educate user community
evaluate daily-use tools feed-back from users
simulated business disruption simulated natural disaster
Testing measure results vs success criteria
/ 1/1
6
,11/6/25, 8:23 PM CSE 4471 Midterm|
The protection of information and its critical elements,
Information Security
including systems that use, store, and transmit that
information.
CIA Confidentiality, Integrity, and Availability
IS Tools policy, awareness, training, and technology
Security should be a balance protection and availability
between ____ and ____.
x(Confidentiality, Integrity, Availability) z(Policy,
CNSS Model (McCumber
Cube) Education, Technology) y(Storage, Processing,
Transmission)
accuracy describes how free of errors the data is
authenticity describes how genuine the data is
availability describes how accessible the data is
confidentiality describes how data is protected from unauthorized access
integrity describes the completeness and consistency of the data
possession describes the legitimacy of the data's ownership
utility describes the value or usefulness of the data
Rand Report R-609 IS was conceptually defined by this paper, started computer
security
access the ability to interact with a resource, legitimately or otherwise
asset a specific resource of value
attack an act, intentional or not, that may damage an asset
countermeasure a specific mechanism or policy intended to improve security
exploit a technique used to compromise an information system
loss an instance of an information asset suffering damage
threat an object, person, or other entity which represents a danger to
assets
threat agent a person or system who uses exploits to instantiate threats
vulnerability a system weakness or fault which decreases security
discretionary access
control individual
authentication
C-2 Security
object
reuse
audit
trails
resource
/ 2/1
6
, 11/6/25, 8:23 PM CSE 4471 Midterm|
isolation
private files
must be possible to grant/deny access to specific
discretionary access control
resources to named users or groups of users
individual authentication user must identify themselves in a unique manner
object reuse memory and disk must not be readable after delete
audit-able actions must associate with user, access to
audit trails
audit data must be limited to admins
systems protected from external modification of running
resource isolation
operating system or stored system files
security-related events accessible only by systems
private files
admin but sys admin cannot read other users files
Security Development Life- evolution->analyze->design->implementation->testing
cycle (SDLC)
/ 3/1
6
