Look up “the paper that started the study of computer security.” Prepare a summary of the key points. What in this paper specifically addresses security in previously unexamined areas?
ANSWER:
The paper that started the study of computer security” refers to “Security Controls for Computer Systems” by Willis Ware, published in 1967. The paper highlights the need for security controls to protect computer systems from unauthorized access and misuse. It emphasizes the importance of access controls, audit trails, and user authentication mechanisms. One key aspect that addressed security in previously unexamined areas was the recognition of the potential threats posed by insider attacks and the need for safeguards against them. In this seminal paper, Ware outlines the need for security controls to protect computer systems from unauthorized access and misuse. Key points include:
1. Introduction of Security Controls: Ware emphasizes the importance of implementing security controls to safeguard computer systems, highlighting the vulnerabilities inherent in early computing technologies.
2. Access Controls: The paper discusses the necessity of access controls to restrict unauthorized users from accessing sensitive information or performing malicious actions on computer systems.
3. Audit Trails: Ware stresses the importance of maintaining audit trails to track user activities and detect any unauthorized or suspicious behavior.
4. User Authentication: The paper addresses the need for robust user authentication mechanisms to ensure that only authorized individuals can access the system.
5. Insider Threats: One specific area addressed in the paper is the recognition of insider threats, emphasizing the need for safeguards against unauthorized actions by individuals with legitimate access to the system.
Overall, “Security Controls for Computer Systems” laid the groundwork for the study of computer security by highlighting the vulnerabilities of early computer systems and proposing measures to mitigate security risks. It specifically addressed security in previously unexamined areas by acknowledging the threat posed by insider attacks and advocating for controls to mitigate this risk.
Assume that a security model is needed for the protection of information in your class. Using the CNSS model, examine each of the cells and write a brief statement on how you would address the three components of each cell.
ANSWER:
The CNSS provides a comprehensive information security model applicable to your class. This incudes establishing clear educating on best practices, implementing access control, ensuring accountability, raising awareness employing testing and evaluating measures. By integrating these principles, your class can protect sensitive data and foster a culture of security awareness among student and staff.
Using the Web, identify the chief executive officer (CEO), chief information officer (CIO), chief information security officer (CISO), and systems administrator for your school. Which of these people represents the data owner? Which represents the data custodian?
ANSWER:
CEO (Chief Executive Office ) - This could be the principal or superintendent, responsible for overall leadership and decision making.
CIO (Chief Information Office) - responsible for managing technology infrastructure and systems.
CISO (Chief Information Security Office)- responsible for overseing information security practices and policies.
System Administrator - This person manages the Day-to-Day operation of the schools computer system, network, and software application.
Data Owner - The CEO typically represent the data owner. They ultimately have responsibility for the data within the school.
Data Custodian - The system administrator act as the custodian they manage and maintain the data system and infrastructure on behalf of the data owner.
Using the Web, find a large company or government agency that is familiar to you or located in your area. Try to find the name of the CEO, the CIO, and the CISO. Which was easiest to find? Which was hardest?
ANSWER:
IBM - is a global technology company that provides various AI solution, ARVIND KRISHNA is the CEO, MARK FOSTER is the CIO, and MARY O'BRIEN is the CISO.
Easiest to find: CEO. Hardest to find: CISO. CEOs of large companies are often public figures and their names are widely known and easily accessible. However, information about CISOs may be less readily available as they typically operate more behind the scenes in terms of public visibility.
Using the Web, find out more about Kevin Mitnick. What did he do? Who caught him? Write a short summary of his activities and explain why he is infamous.
ANSWER:
Kevin Mitnick is a famous hacker who gained notoriety in the 1980s and 1990s for a series of high profile criminals, Mitnick was known for his ability to by pass computer security system and gain unauthorized access to corporate and government networks. Mitnick most famous hack include: Pacific hell, Digital equipment corporation, Nokia and Motorata. Mitnick hacking activities made him one of the most cybercriminals in the would, and was eventually caught by the FBI in 1995. He was convicted of multiple count computer fraud and sentenced to five years in Prison. Mitnick activities were infamous because they demonstrated the potential of computer hacking and the need for stronger cybersecurity measures.