Question 1: Describe and differentiate between security policies, standards, and guidelines. Which of these three is more important to you and why?
Question 2: Define, describe, and provide an example for one of these terms: vulnerability, threat, and risk. How do you manage risk?
From The Art of Software Security Assessment by Dowd, McDonald and Schuh, (Google Books 2006.)
"In the context of software security, vulnerabilities are specific flaws or oversights in a piece of software that allow attackers to do something malicious, expose or alter sensitive information, disrupt or destroy a system, or take control of a computer system or program."
Question 3: Read about authentication here, https://flylib.com/books/en/4.283.1.12/1/. Three types of authentication are: 1) something you know, 2) something you have, and 3) something you are. Define authentication and provide an example. Which type(s) of authentication do you prefer? Explain why. What are the relationships between information security principle(s) (confidentiality, integrity, and availability) and authentication?
Question 4: Read the chapter on Public Key Infrastructure (PKI) here, https://flylib.com/books/en/3.41.1.110/1/. Discuss one of the following:
Explain how public key infrastructure work. Provide an example of how to obtain a server certificate.