Assignment
Instructions
• Take this test during the week.Work alone. You may not confer with other class members, or anyone else, directly or by e-mail or otherwise, regarding the questions, issues or your answers. You may use your notes, textbooks, other published materials, and the Internet. Avoid using blogs and dotcom sites.
• It is scored on the basis of 100 points for the test (25% of the total grade).
• When composing your answers, be thorough. The more complete your answer, the higher your score will be. Be sure to identify any assumptions you are making in developing your answers, and describe how your answer would change if the assumptions were different. For multiple choice questions if you think there are two correct answers choose the best oneand justify your answer with reference. Please do not reproduce or just rearrange the words in the question as an anwer, but try to give some deeper logical . Use the spell check and other methods of writing correct and good English. [It will help me too to improve my English]
• While composing your answers, especially for the conclusionsor the facts please support your answers, carefully cite your sources. If citing books include page numbers. I expect you to first get the answers from the OER, session notes and then other sources. If you are citing lessons, cite as (Session n). The session lectures are not developed 100% by me, so please avoid citing me as the author. Remember, failure to cite sources constitutes an academic integrity violation.
• Use APA format (so far I have not penalized. But I expect you to follow it for the final)
• Your answers should be in a Microsoft Word document; uploaded into the assignments folder. If you use some other word processor, please make sure the numbering remains the same. I will return files in format other than Word, i.e. if I cannot open them in one try. I may also check your part III answers with Turnitin. Do not forget the mandatory self-certification (Failure to include the certificate may affect your grade adversely).
• Please submit questions regarding the exam to your instructor at [email protected] . If questions submitted via email are generic, I will post them in LEO
• Please be sure to put your name in the header on every page including page #'s. Replace "Last Name" with your last name and so on.
• You will be getting an absolute grade out of 100 for this test. However, the final course grade will depend on the relative performance of the class.
• Name your file " LastnamefirstnameINFA640 Final" I have very little time to grade and submit final grades.So if you can please submit on time. Of course if you have difficulties please let me know. I will try to accommodate.
Part I
Q1-10, choose best one, Please provide of your choice in a few sentences, in your own wordsand/or s not choosing the other choices. Restating the problem in your own words does not constitute as the . Sometimes defining the terms may give you a clue to the .
1. What piece of legislation allows computer records documenting criminal activity to be used in court?
a. National Infrastructure Protection Act
b. Federal Computer Documents Rule 703(a)
c. Digital Signature Bill
d. Federal Rules of Evidence 803(6)
2. How should you NOT report computer crime?
a. telephone
b. e-mail
c. tell management in person
d. tell the IT department in person
3. What is most often overlooked when planning for information security?
a. firewalls
b. education
c. virus scans
d. electronic surveillance
4. Which of the following is NOT a for the difficulties in prosecutions of computer-related crimes?
a. The area of litigation is extremely technical and difficult to understand.
b. Most of the crimes do not fall under any of the current laws
c. The laws themselves are relatively new and untested.
d. The technology is very dynamic and the tactics of the perpetrators are constantly changing.
5. What is authentication?
a. the act of binding an entity to a representation of identity
b. the act of ensuring that information is being sent securely
c. the act of ensuring that the receiver of information actually received it
d. the act of binding a computer system to a network
6. What is not considered the misuse of information?
a. the untimely release of secret information
b. the deletion of information from a system
c. the illegal sale of information to rival companies
d. the misrepresentation of information
7. How does a client machine find the web address associated with a particular URL?
e. It uses translation software in the interpreter.
a. It sends a message to the nearest domain name server.
b. It uses hashing to translate the address.
c. It sends a message to the URL server.
8. What does the first field of a cookie contain?
a. chocolate chips
b. encryption algorithm
c. public key for the site
d. name of the issuing site
9. Which security solution is best for protecting the information system connected to the Internet?
a. virus scanning software
b. encryption
c. biometric authentication
d. firewalls
10. A(n) ___________ accomplishes many of the same goals as a firewall, but is more limited in scope.
a. proxy server
b. screening router
c. IDS
d. ICQ
Part II
Q1-3
Q.1 For a public-key encryption system, list s,
1) in favor of
2) and against
for using the same key pair for the encryption and the digital signature
Q.2 Describe "inference controls"
Give s why theyare needed.
And give specific examples(at least 3), and
Describe how the inference controlsare implemented; how they serve the purpose(effective) in a database.
Q.3 Describe the "crypto dilemma."
Suggest 3 waysto address the "crypto dilemma."
State the pros and cons of each way.
Part 3: Essay Question. Maximum length: 900 words.
An enterprising group of entrepreneurs is starting a new data storage and retrieval business, SecureStore, Inc. For a fee, the new company will accept digitalized data (text and images, multimedia), and store it on hard drives until needed by the customer. Customer data will be transmitted to and from SecureStore over the Internet. SecureStore guarantees that the confidentiality and integrity of the datawill be maintained.
SecureStore also envisions certain information assurance requirements for their internal operations. Company employees will need to exchange confidential email, and will need a mechanism for verifying the integrity and originator of some email messages. Also, SecureStore intends a daily backup of all customer data to a remote facility via a leased line. They wish to do so as economically as possible, while ensuring the data's confidentiality and integrity.
SecureStore is interviewing candidates for the position of Chief Information Officer (CIO). They are asking candidates to describe briefly how they would satisfy SecureStore's requirements as stated above. How would a successful candidate respond?
First,list the requirementsgleanedfrom the above statements; once you have them then please address each requirement in a separate paragraph. Keep in mind that this business will be operating in the real world, which means please pay attention to economics.