WEEK 2 ESSAY QUESTIONS
Instructions: Answer all questions in a single document. Then submit to the appropriate assignment folder. Each response to a single essay question should be about a half-page in length (about 150 words).
1. Not all information has the same importance and value to a company. How data is classified is an important factor used in determining the amounts of funding and resources that should be applied to protecting each type of data. Describe the data classification levels within commercial and military organizations and provide examples of the types of information that would be classified at each classification level.
2. It takes a team of individuals throughout the organization working together to safeguard the integrity and confidentiality of data resources. Describe the layers of responsibility within an organization when it comes to asset security and data protection. For each role, discuss their responsibility within the organization for asset security.
3. The architecture of a computer system is very important and comprises many topics. The system must ensure that memory is properly segregated and protected, ensure that only authorized subjects access objects, ensure that untrusted processes cannot perform activities that would put other processes at risk, control the flow of information, and define a domain of resources for each subject. It also must ensure that if the computer experiences any type of disruption, it will not result in an insecure state. Many of these issues are dealt with in the system’s security policy, and the security mode is built to support the requirements of this policy. Explain the concept of a trusted computing base and describe how it is used to enforce the system’s security policy. Provide examples of specific elements (hardware, software or firmware) in the architecture of the computer system could be used that provide security within the TCB.
WEEK 3 ESSAY QUESTIONS
Instructions: Answer all questions in a single document. Then submit to the appropriate assignment folder. Each response to a single essay question should be about a half-page in length (about 150 words).
1. Cryptographic algorithms provide the underlying tools to most security protocols used in today’s infrastructures. The choice of which type of algorithm depends on the goal that you are trying to accomplish, such as encryption or data integrity. These algorithms fall into two main categories: symmetric key and asymmetric key cryptography. In this essay, please discuss the strengths and weaknesses of symmetric key cryptography and give an example of where this type of cryptography is used. Then discuss the strengths and weaknesses of asymmetric key cryptography and give an example of where this type of cryptography is used.
2. Cryptography has been used in one form or another for over 4000 years and attacks on cryptography have been occurring since its inception. The type of people attempting to break the code could be malicious in their intent or could just be trying to identify weaknesses in the security so that improvements can be made. In your essay response, define cryptanalysis and describe some of the common cryptanalytic techniques used in attacks.
3. Many people overlook the importance of physical security when addressing security concerns of the organization. Complex cryptography methods, stringent access control lists, and vigilant intrusion detection/prevention software will be rendered useless if an attacker gains physical access to your data center. Site and facility security planning is equally important to the technical controls that you implement when minimizing the access, a criminal will have to your assets. In your essay response, define CPTED and describe how following the CPTED discipline can provide a more aesthetic alternative to classic target hardening approaches. Make sure that the three CPTED strategies are covered in your response.