Review Questions
1.1 What is the OSI security architecture? Get 1.1 exercise solution
1.2 What is the difference between passive and active security threats? Get 1.2 exercise solution
1.3 List and briefly define categories of passive and active security attacks. Get 1.3 exercise solution
1.4 List and briefly define categories of security services. Get 1.4 exercise solution
1.5 List and briefly define categories of security mechanisms.
Get 1.5 exercise solution
Problems
1.1
Consider an automated teller machine (ATM) in which users provide a
personal identification number (PIN) and a card for account access. Give
examples of confidentiality, integrity, and availability requirements
associated with the system and, in each case, indicate the degree of
importance of the requirement. Get 1.1 exercise solution
1.2
Repeat Problem 1.1 for a telephone switching system that routes calls
through a switching network based on the telephone number requested by
the caller. Get 1.2 exercise solution
1.3
Consider a desktop publishing system used to produce documents for
various organizations. a. Give an example of a type of publication for
which confidentiality of the stored data is the most important
requirement. b. Give an example of a type of publication in which data
integrity is the most important requirement. c. Give an example in
which system availability is the most important requirement. Get 1.3 exercise solution
1.4
For each of the following assets, assign a low, moderate, or high
impact level for the loss of confidentiality, availability, and
integrity, respectively. Justify your answers. a. An organization
managing public information on its Web server. b. A law enforcement
organization managing extremely sensitive investigative information.
c. A financial organization managing routine administrative information
(not privacy-related information). d. An information system used for
large acquisitions in a contracting organization contains both
sensitive, pre-solicitation phase contract information and routine
administrative information. Assess the impact for the two data sets
separately and the information system as a whole. e. A power plant
contains a SCADA (supervisory control and data acquisition) system
controlling the distribution of electric power for a large military
installation. The SCADA system contains both real-time sensor data and
routine administrative information. Assess the impact for the two data
sets separately and the information system as a whole. Get 1.4 exercise solution
1.5 Draw a matrix similar to Table 1.4 that shows the relationship between security services and attacks. Get 1.5 exercise solution
1.6 Draw a matrix similar to Table 1.4 that shows the relationship between security mechanisms and attacks. Get 1.6 exercise solution
1.7
Read all of the classic papers cited in Section 1.7. Compose a 500–1000
word paper (or 8–12 slide PowerPoint presentation) that summarizes the
key concepts that emerge from these papers, emphasizing concepts that
are common to most or all of the papers.
Get 1.7 exercise solution
