Name:

Institution:

Course:

Tutor:

Date:

Q1). Name the 5 Principles of Information Assurance.

The five principles of information assurance include Confidentiality, integrity, non-repudiation, availability of information as well as authentication.

Q2). Briefly describe each of the five principles named above in question #1.

Firstly, data integrity is an information assurance principle that ensures the accuracy of information being conveyed. Such information should therefore be free from incorrect changes that may be intentionally or otherwise effected. Confidentiality of information on the other hand requires that the information being conveyed through a communication channel be available only to the authorized parties in the system. No outsider should get access to the information. Thirdly, Authenticity of information is a fundamental security measure that requires genuineness of parties in the communication system, transaction process as well as the documents used. Availability of information is another information assurance principle that ensures data or systems are available when needed. Finally, non-repudiation is an information assurance principle requiring all the parties in a communication system to honor the contract (Denning et al, 2).

Q3). Information Assurance involves many areas, identify five.

Information assurance covers a variety of information security areas including security of network, security of the operation systems, detection of intrusion, information sharing as well as storage security among other security measures.

Q4). Define information security.

Generally, in formation security involves the protection of data against unauthorized access. According to McDonald (94) information security entails the technical and administrative measures as well as techniques and concepts adopted to protect data from unauthorized use, acquisition, manipulation or damage, disclosure, modification or loss of such information assets (Denning et al, 1).

Q5). When was the Internet ‘born?’

Internet was established as ARPANET on the twenty first day of November in 1969. ARPANET thereafter grew to the internet.

Q6).What was the original purpose of the Internet?

The original; purpose of the internet was to maintain communication and exchange of raw data especially in times of war.

Q7). What is TCP/IP?

TCP refers to the transmission control protocol (TCP) and internet protocols (IP) are standards and procedures used in the internet and are meant to connect different networks. They are the basic language of the internet

Q8). What do you call a program that spreads itself by altering other programs to include a copy of itself?

It is referred to as Virus.

Q9). What is a Trojan Horse?

Trojan Horse is a malicious program that may masquerade as a different trusted program.

Q10). How does a worm spread? Provide a real-world example.

Computer worm is a self-replicating malicious program that sends copies of itself to the other end of the computer network. Worm does not require an attachment program but instead replicates and sends copies of itself to the nodes of the other computer in the network given the security lapse in the targeted computer. For instance, a malicious e-mail that promises free access to sex movies has been reported across networks in the recent past. It gains access to one’s computer without your intervention.

Q11). Describe a blended attack.

When the characteristics of viruses are merged with those of the computer worms then a blended attack is reported. In such situation, the malicious program may require an attachment program so as to enhance its spread as seen in a virus or may spread through self-replication followed by sending of its copies to other computers as seen in worms.

Q12). What are strong/complex passwords and why are they important?

Strong passwords are those that have at least six characters that are arranged in a random manner and constitutes of upper and lower cases as well as numbers and special characters. Moreover, the password should not be a dictionary word. The aforementioned conditions are meant to protect the information that would be accessed using such password.

Q13). What is Biometrics? Give an example of usage.

Biometrics is a computer security concept referring to authentication methods that rely on measurable physical features that can be verified automatically. Biometrics may be used in e-commerce transactions where verification of identity through fingerprinting may be required.

Q14). What is the purpose of a Firewall?

The main purpose of a firewall is to control traffic from both inside and outside a specified network.

Q15). What is a key purpose for a business security policy?

A business security policy has the important role of providing awareness as well as legal protection to all the parties the business.

Q16). There are many types of security threats. List three.

The types of security threats include: Identity theft, malicious acts such as online fraud as well as hacking.

Q17). According to many surveys, what is the greatest security risk?

The greatest security risk involves internal cyber attacks which are soaring day by day in many parts of the world.

Q18). What is the generally accepted difference between cracking and hacking?

Hacking involves the use of one’s proficiency in computer programming to pursue certain goals without violating any legal rules. Cracking on the other hand involves the use of such knowledge of computer systems to realize personal gains such as stealing of data or getting access to bank accounts (Denning et al, 2).

Q19). What is a denial of service (DoS) attack?

Denial of service attack is any malicious act that disrupts the normal service within a network.

Q20). In your opinion what is the biggest security threat today and what can be done about it?

Cyber attacks pose greatest threat to the security than any other issue. In order to avert such crimes, both the federal government as well as business ventures should adopt a strong and flexible defense mechanism against such vice. Moreover, organizations should not only attract highly qualified employees but also develop skills through internal training so as to curb the vice. More importantly, a comprehensive training on computer forensics as well as early crime detection system should be established and improved given the consistent changes in technologies.

Work cited:

Denning et al. Internet Besieged – Countering Cyberspace Scofflaws. 1998. ACM Press.