Fundamentals of Cybersecurity
Assignment Questions With Complete
Verified Solutions.
the three characteristics of information security that make it impossible to buyoff the shelf information
security solutions - Answer 1. The collection of influences to which each organisation is exposed varies
with the organisation: the information technology that it uses, its personnel, the area in which it does
business, its physical location - all these have an effect on information security.
2. Information security affects every structural and behavioural aspect of an organisation: a gap in a
security fence can permit information to be stolen; a virally infected computer connected to an
organisation's network can destroy information; a cup of coffee spilt on a computer keyboard can
prevent access to information.
3. Each individual that interacts with an organisation in any way - from the potential customer browsing
the website, to the managing director; from the malicious hacker, to the information security manager -
will make his or her own positive or negative contribution to the information security of the
organisation.
information - Answer the meanings and interpretations that people place upon facts, or data
the two important characteristics of information that determine its value to an organization - Answer 1.
the scarcity of the information outside the organisation
2. the shareability of the information within the organisation, or some part of it.
these characteristics state that information is only valuable if it provides advantage or utility to those
who have it, compared with those who don't.
information security management - Answer the process by which the value of each of an organisation's
information assets is assessed and, if appropriate, protected on an ongoing basis
,information assurance - Answer the methods for managing the risks of information assets
Information assurance practitioners - Answer people who seek to protect the confidentiality, integrity,
and availability of data and their delivery systems, whether the data are in storage, processing, or transit,
and whether threatened by malice or accident
FISMA - Answer an act which imposes processes that must be followed by information systems used by
US government
You must follow Federal Information Processing Standards (FIPS) issued by NIST (National Institute of
Standards & Technology)
CIO responsibilities - Answer 1. Monitoring the reliability of cyber-security.
2. Robustness of cyber-crime protection
3. Up-time availability of network services
4. Installation of trusted backup capabilities
5. Designs for systems redundancy.
6. Capacity for recovery from extreme failures
FISMA requirements - Answer Security controls must be incorporated into systems
Systems must meet the security requirements of NIST 800-53
Security controls must contain the management, operational, and technical safeguards or
countermeasures
,The controls must be documented in this security plan.
technical safeguards - Answer these are like a bailout procedure when something inevitably goes
wrong with the computer system.
Homeland Security Presiential Directive HSPD - 12 - Answer Defines the Federal standard for secure
and reliable forms of identification
Executive departments and agencies shall have a program to ensure that identification meets the
standard
Executive departments and agencies shall identify information systems that are important for security.
Designated Approving Authority (DAA) - Answer Official with the authority to formally assume
responsibility for operating a system at an acceptable level of risk.
encryption policy - Answer unclassified data on mobile computing devices and removable storage
media shall be encrypted
Encryption is achieved by means of the trusted platform module (TPM) It is a microcontroller that can
organize and store secured information.
TPM offers facilities for secure generation of cryptographic keys.
TPM - Answer a microcontroller that stores keys, passwords, and digital certificates. It is affixed to the
motherboard. Silicon ensures that the information stored is made secure from external software attack
and physical theft.
Security processes, such as digital signature and key exchange are protected
Critical applications such as secure email, secure web access, and local protection of data are assured.
, Information Assurance Certification and Accreditation Program (DIACAP) - Answer Title III of the E-
Government Act, Federal Information Security Management Act (FISMA), requires Federal departments
and agencies to develop, document, and implement an organization-wide program to provide
information assurance. DIACAP ensures DoD Certification and Accreditation (C&A) is consistent with
FISMA, DoDD 8500.1 and DoDI 8500.2
The DIACAP is a central component of GIG IA C&A Strategy. DIACAP satisfies the need for a dynamic C&A
process for the GIG and net-centric applications.
Internet Advantage - Answer Any properly configured computer can act as a host for a personal web-
page
Any of several hundred million other computers can view that personal web page
Any of several hundred million other computers can connect to another computer capable of delivering
an information processing service.
problems with nets and servers - Answer capacity limitations for peak loads, congestion in access to
data sources, excessive delays for global access, expensive to scale capacity for growth, problem not in
bandwidth, but mostly in switching, depends on reliability and capacity of ISP peers to forward data to
the destination, conflicting economic interests among peers can inhibit growth and performance
Implications of Smart Attackers - Answer Viruses are sufficiently smart to learn about defenses and
reconfigure attacks accordingly.
Static defenses will not work anymore
Vulnerability is in software and almost none in hardware
Networks must have the capability to actively intercept and neutralize the attackers
Protection must move from devices (clients) and servers to the network.
Assignment Questions With Complete
Verified Solutions.
the three characteristics of information security that make it impossible to buyoff the shelf information
security solutions - Answer 1. The collection of influences to which each organisation is exposed varies
with the organisation: the information technology that it uses, its personnel, the area in which it does
business, its physical location - all these have an effect on information security.
2. Information security affects every structural and behavioural aspect of an organisation: a gap in a
security fence can permit information to be stolen; a virally infected computer connected to an
organisation's network can destroy information; a cup of coffee spilt on a computer keyboard can
prevent access to information.
3. Each individual that interacts with an organisation in any way - from the potential customer browsing
the website, to the managing director; from the malicious hacker, to the information security manager -
will make his or her own positive or negative contribution to the information security of the
organisation.
information - Answer the meanings and interpretations that people place upon facts, or data
the two important characteristics of information that determine its value to an organization - Answer 1.
the scarcity of the information outside the organisation
2. the shareability of the information within the organisation, or some part of it.
these characteristics state that information is only valuable if it provides advantage or utility to those
who have it, compared with those who don't.
information security management - Answer the process by which the value of each of an organisation's
information assets is assessed and, if appropriate, protected on an ongoing basis
,information assurance - Answer the methods for managing the risks of information assets
Information assurance practitioners - Answer people who seek to protect the confidentiality, integrity,
and availability of data and their delivery systems, whether the data are in storage, processing, or transit,
and whether threatened by malice or accident
FISMA - Answer an act which imposes processes that must be followed by information systems used by
US government
You must follow Federal Information Processing Standards (FIPS) issued by NIST (National Institute of
Standards & Technology)
CIO responsibilities - Answer 1. Monitoring the reliability of cyber-security.
2. Robustness of cyber-crime protection
3. Up-time availability of network services
4. Installation of trusted backup capabilities
5. Designs for systems redundancy.
6. Capacity for recovery from extreme failures
FISMA requirements - Answer Security controls must be incorporated into systems
Systems must meet the security requirements of NIST 800-53
Security controls must contain the management, operational, and technical safeguards or
countermeasures
,The controls must be documented in this security plan.
technical safeguards - Answer these are like a bailout procedure when something inevitably goes
wrong with the computer system.
Homeland Security Presiential Directive HSPD - 12 - Answer Defines the Federal standard for secure
and reliable forms of identification
Executive departments and agencies shall have a program to ensure that identification meets the
standard
Executive departments and agencies shall identify information systems that are important for security.
Designated Approving Authority (DAA) - Answer Official with the authority to formally assume
responsibility for operating a system at an acceptable level of risk.
encryption policy - Answer unclassified data on mobile computing devices and removable storage
media shall be encrypted
Encryption is achieved by means of the trusted platform module (TPM) It is a microcontroller that can
organize and store secured information.
TPM offers facilities for secure generation of cryptographic keys.
TPM - Answer a microcontroller that stores keys, passwords, and digital certificates. It is affixed to the
motherboard. Silicon ensures that the information stored is made secure from external software attack
and physical theft.
Security processes, such as digital signature and key exchange are protected
Critical applications such as secure email, secure web access, and local protection of data are assured.
, Information Assurance Certification and Accreditation Program (DIACAP) - Answer Title III of the E-
Government Act, Federal Information Security Management Act (FISMA), requires Federal departments
and agencies to develop, document, and implement an organization-wide program to provide
information assurance. DIACAP ensures DoD Certification and Accreditation (C&A) is consistent with
FISMA, DoDD 8500.1 and DoDI 8500.2
The DIACAP is a central component of GIG IA C&A Strategy. DIACAP satisfies the need for a dynamic C&A
process for the GIG and net-centric applications.
Internet Advantage - Answer Any properly configured computer can act as a host for a personal web-
page
Any of several hundred million other computers can view that personal web page
Any of several hundred million other computers can connect to another computer capable of delivering
an information processing service.
problems with nets and servers - Answer capacity limitations for peak loads, congestion in access to
data sources, excessive delays for global access, expensive to scale capacity for growth, problem not in
bandwidth, but mostly in switching, depends on reliability and capacity of ISP peers to forward data to
the destination, conflicting economic interests among peers can inhibit growth and performance
Implications of Smart Attackers - Answer Viruses are sufficiently smart to learn about defenses and
reconfigure attacks accordingly.
Static defenses will not work anymore
Vulnerability is in software and almost none in hardware
Networks must have the capability to actively intercept and neutralize the attackers
Protection must move from devices (clients) and servers to the network.
