SEC 571 Final Exam questions and answers

1. (TCO A) List and assess at least three kinds of damage a company could suffer when the integrity   of a program or company data are compromised. (A description of damage, not a definition of data integrity, is required.) (Points : 40)

2. (TCO B) Suppose you have a high capacity network connection coming into your home, and you also have a wireless network access point.  Also, suppose you do not use the full capacity of your network connection. List and assess four reasons why you might still want to prevent an outsider obtaining free network access by intruding into your wireless network. (Points : 40)- Exposure of your personal information such as bank account information, passwords that are saved onto the computer and any credit card information that may be saved on the computer. - Potential for modification of your data. If someone hacks into your network, then they could place viruses and other malware onto it.- Potential flooding you your network limiting your own access. If a person gets onto your network and uses your server that would lag on your end while being online at the same time as the person who hacked into your system. - Potential for illegal activities being attributed to your account. For example, if another person hacks into your network and uses this for illegal activities, child pornographic material, stealing others information, all of which may hold the person liable where the IP address originates.

3. 3. (TCO C) Wkh dqvzhu wr wklv txhvwlrq lv hdvb. What is the plaintext? What cipher was used? Assess whether this would be good for today's security programs. If not, what would be good to use and why? (Points : 40)

4. (TCO D) You have been asked to give a presentation to a law school class on digital crime. After the presentation, a student asks why so few people are actually prosecuted for computer crime when these crimes seem to be happening all the time. Give a five-point outline of your response to this question. Assess the impact on preventing crimes from your perspective given these issues. (Points : 40)

The four authentication policies are Encryption, Firewalls, Host-Based Authentication, and Constrained User Interfaces. The four authentication policies that cannot be controlled by technology are fingerprint, iris, voice pattern, and face. These four are strictly based off the physical person.

Technical Controls - Computer Security Resource Center. (n.d.). Technical Controls - Computer Security Resource Center., http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=3&cad=rja&uact=8&ved=0CD4QFjAC&url=http%3A%2F%2Fcsrc.nist.gov%2Fgroups%2FSMA%2Ffasp%2Fdocuments%2Fpolicy_procedure%2Ftechnical-controls-policy.doc&ei=n41JVM72F63LsASOq4C4DQ&usg=AFQjCNEasUaSjwGdz

5. (TCO E) Name four authentication policies that can be enforced using technology and four authentication policies that cannot be enforced using technology. Discuss the reasons why the second four policies can't be enforced using technology and how managers could attempt to assure compliance.(Points : 40)

6. (TCO F) In the U.S., laws are enforced by police agencies and the courts. What are ethics and who enforces them? (Points : 40)

"An ethic is an objectively defined standard of right and wrong. Ethical standards are often idealistic principles because they focus on one objective."

Where laws are written documents that are used by the judicial system, and used by everyone, ethics are how people determine things and how morally they should act upon situations. So there really is no one person As opposed to laws that are described by formal written documents, and interpreted and enforced by police agencies and courts and which are universally applicable to everyone, ethics are described by unwritten principles of what is the good and fair thing to do, and can be interpreted and enforced by each individual person. Hence there is no system that enforces ethics, but just principles that guide people, who would apply and enforce it on their own to do what is expected from a fair thinking individual.

7. (TCO G) Which of the following statements is true? (Points : 20)

1.         Hardware is best protected by copyright.

        Web content is best protected by a patent.

        Uniform resource locators are best protected by a trademark.

        Firmware code is best protected by copyright.

        Operating systems are best protected by a patent.  

8.(TCO H) Some IT department policies are designed to prevent behaviors by IT staff. While some depend upon the employee voluntarily complying with the policy (for example: do not reveal technical information to outside parties), others are enforced technically (for example, authentication required for system access). What is an example of a policy that technically enforces ethical behavior by IT staff? Provide policy wording for your example. (Points : 40)

“Employees are expected to use the internet and/or e-mail for official purposes only. Any employee that doesn't adhere to these policies set, appropriate action will be taken to include possible termination."