Cdn.quesba.com



Define the following terms (24 points)VulnerabilityExploitPhysical SecurityControlsRisk AnalysisRisk ImpactRisk ExposureRisk LeverageALESLEAROReturn on security investment (ROSI)List the three ways security controls can mitigate harm to a system. (3 pts)What is a security policy? (5 pts)What are the three strategies for reducing risk? (3 pts)What are the three steps in the security process? Provide details regarding and descriptions of each step. (10 pts – 5 pts for listing the steps, 5 pts for descriptions)What are the three primary factors which affect the value of an asset to an organization? (10 pts)Describe how the UNIX password is created. What is the primary weakness of this system? (10 pts)Describe the weaknesses of a quantitative risk assessment. (5 pts)Describe the Bell-LaPadula and the Biba information security models. How are they different? (10 pts)How does the Kerberos authentication system work? What is one of the primary attacks that Kerberos is susceptible to? (10 pts)Given the following scenario, conduct a qualitative risk assessment on the situation and provide the answers to the following questions (10 pts total)Scenario: You are the CIO of a small Internet Service Provider. Your provide connections to customers consisting of the following 40 full T-1s, 20 sub-rate DS-3s and 8 full DS-3s. You’re connection to the Internet from this location is through an OC-192 uplink to a larger provider. All of your traffic traverses the OC-192 to the larger provider. A backhoe working in the local area of your network operations center has just cut the OC-192 connection cutting off your Washington D.C. customers from the Internet. Your Service Level Agreement (SLA) with your customers requires you to provide credit to your customer’s accounts on a 1 to 1 basis (i.e. 1 day of credit for every day of an outage) if an outage lasts more than 6 hours. The outage is expected to last 48 hours. The following table provides you with information regarding your income stream from your Washington, D.C. connections as well as other relevant information. AssetValueT-1 Connections$10/daySub-rate DS-3 Connections$17.50/dayDS-3 Connections$25/dayOC-192 Connection$250/dayCalculate the asset value of your Washington, D.C. connections based on revenue only. (2 pts)If the exposure factor (EF) is .005, what is the single loss expectancy (SLE)? (2 pts)If the annual risk of occurrence (ARO) is 0.25 (once in 4 years) what is the annual loss of expectancy (ALE)? (4 pts)The control for this threat is to place signs nears the OC-192 connection to warn construction crews of the connection’s existence. The cost for this control is $500. This will reduce the ARO to 0.1 (once in 10 years). Calculate the ALE after the controls. (4 pts)If the annual cost of the control is $50 (permitting fee for the signs) calculate the Return on Security Investment (ROSI). (2 pts) (hint: ROSI is calculated by dividing your reduction in risk exposure due to the control divided by the cost of the countermeasures). (4 pts)Calculate the risk leverage (4 pts). ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download