Section 8.8. Exercises


8.8. Exercises

1

In what ways is denial of service (lack of availability for authorized users) a vulnerability to users of single-user personal computers?

2

Identify the three most probable threats to a personal computing system in an office with fewer than ten employees. That is, identify the three vulnerabilities most likely to be exploited. Estimate the number of times each vulnerability is exploited per year; justify your estimate.

3

Perform the analysis of Exercise 2 for a personal computing system located in a large research laboratory.

4

Perform the analysis of Exercise 2 for a personal computing system located in the library of a major university.

5

List three factors that should be considered when developing a security plan.

6

State a security requirement that is not realistic. State a security requirement that is not verifiable. State two security requirements that are inconsistent.

7

Investigate your university's or employer's security plan to determine whether its security requirements meet all the conditions listed in this chapter. List any that do not. When was the plan written? When was it last reviewed and updated?

8

Cite three controls that could have both positive and negative effects.

9

For an airline, what are its most important assets? What are the minimal computing resources it would need to continue business for a limited period (up to two days)? What other systems or processes could it use during the period of the disaster?

10

Answer Exercise 9 for a bank instead of an airline.

11

Answer Exercise 9 for an oil drilling company instead of an airline.

12

Answer Exercise 9 for a political campaign instead of an airline.

13

When is an incident over? That is, what factors influence whether to continue the work of the incident handling team or to disband it?

14

List five kinds of harm that could occur to your own personal computer. Estimate the likelihood of each, expressed in number of times per year (number of times could be a fraction, for example, 1/2 means could be expected to happen once every two years). Estimate the monetary loss that would occur from that harm. Compute the expected annual loss from these kinds of harm.

15

Cite a risk in computing for which it is impossible or infeasible to develop a classical probability of occurrence.

16

Investigate the computer security policy for your university or employer. Who wrote the policy? Who enforces the policy? Who does it cover? What resources does it cover?

17

List three different sources of water to a computing system, and state a control for each.

18

You discover that your computing system has been infected by a piece of malicious code. You have no idea when the infection occurred. You do have backups performed every week since the system was put into operation but, of course, there have been numerous changes to the system over time. How could you use the backups to construct a "clean" version of your system?




Security in Computing
Security in Computing, 4th Edition
ISBN: 0132390779
EAN: 2147483647
Year: 2006
Pages: 171

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net