Question
1. What three things most an attacker have and why with reason?
2. Describe disparity between a vulnerability, threat, and control. Identify each and please provide example of each.
3. List three fundamental security properties and for each give an instance of a failure. When are you considered secure?
4. What profile characterizes a typical computer criminal and why with reason?
5. List three factors that have to be considered when developing a security plan and describe why.
6. Describe what are DACL and RBACL and how it works. When would you use one versus another?
7. What are the goals of an operating system and their support activities?
8. What are methods of defense and provide examples? How do you deal with the harm?
9. Explain the fundamental principles in both the Bell-LaPadula and Biba security models. For each, give details what sort of security the model is intended to offer, the two key properties of the model, and then explain in your own words why each of properties makes sense from a security standpoint.
10. What is dissimilarity between inference and aggregation? Give an instance of each, and describe at least one way to mitigate each type of vulnerability.
11. When do we say that an operating system is reliable?
12. Describe disparity between least privilege and separation of duty. Which one would you use to secure an Accounting system and why with reason?
13. When is use of qualitative risk analysis preferable to quantitative methods?