Principles of Information Security (MindTap Course List)
6th Edition
ISBN: 9781337102063
Author: Michael E. Whitman, Herbert J. Mattord
Publisher: Cengage Learning
expand_more
expand_more
format_list_bulleted
Concept explainers
Question
Chapter 2, Problem 1EDM
Program Plan Intro
The securing process of the confidential data in a system or an organization from the unauthorized users like hackers or attacker is known as information security.
Expert Solution & Answer
Trending nowThis is a popular solution!
Students have asked these similar questions
Charlie was just getting ready to head home when the phone rang. Caller ID showed it was Peter.
“Hi, Peter,” he said into the receiver. “Want me to start the file cracker on your spreadsheet?”
“No, thanks,” Peter answered, taking the joke well. “I remembered my passphrase. But I want to get your advice on what we need to do to make the use of encryption more effective and to get it properly licensed for the whole company. I see the value in using it for certain kinds of information, but I’m worried about forgetting a passphrase again or even worse, that someone else forgets a passphrase or leaves the company. How would we get their filesback?”
“We need to use a feature called key recovery, which is usually part of PKI software,” said Charlie. “Actually, if we invest in PKI software, we could solve that problem as well as several others.”
“OK,” said Peter. “Can you see me tomorrow at 10 o’clock to talk about this PKI solution and how we can make better use of encryption?”
(Case Study…
Suppose Charlie had installed key logger software on all company computer systems and had made a copy of Peter's encryption key. Suppose that Charlie had this done without policy authority and without anyone's knowledge, including Peter's.
Would the use of such a tool be an ethical violation on Charlie's part? Is it illegal?
Suppose that Charlie had implemented the key logger with the knowledge and approval of senior company executives, and that every employee had signed a release that acknowledged the company can record all information entered on the company systems. Two days after Peter's call, Charlie calls back to give Peter his key: "We got lucky and cracked it early." Charlie says this to preserve Peter's illusion of privacy. Is such a "little white lie" an ethical action on Charlie's part?
One of the four methods of access control might be used in this scenario. What drew you to one above the rest?
Chapter 2 Solutions
Principles of Information Security (MindTap Course List)
Ch. 2 - Prob. 1RQCh. 2 - Prob. 2RQCh. 2 - Prob. 3RQCh. 2 - Prob. 4RQCh. 2 - Prob. 5RQCh. 2 - Prob. 6RQCh. 2 - Prob. 7RQCh. 2 - Prob. 8RQCh. 2 - Prob. 9RQCh. 2 - Prob. 10RQ
Ch. 2 - Prob. 11RQCh. 2 - Prob. 12RQCh. 2 - Prob. 13RQCh. 2 - Prob. 14RQCh. 2 - Prob. 15RQCh. 2 - Prob. 16RQCh. 2 - Prob. 17RQCh. 2 - Prob. 18RQCh. 2 - Prob. 19RQCh. 2 - Prob. 20RQCh. 2 - Prob. 1ECh. 2 - Prob. 2ECh. 2 - Prob. 3ECh. 2 - Prob. 4ECh. 2 - Prob. 5ECh. 2 - Prob. 1CEDQCh. 2 - Prob. 2CEDQCh. 2 - Prob. 3CEDQCh. 2 - Prob. 1EDM
Knowledge Booster
Learn more about
Need a deep-dive on the concept behind this application? Look no further. Learn more about this topic, computer-science and related others by exploring similar questions and additional content below.Similar questions
- You could find yourself in a discourse about security events involving access control or authentication at some point. To be more specific, how did it influence the day-to-day operations of the company? How much money does it seem like the company has thrown away?arrow_forwardWhat exactly do you mean when you say that "the aims of authentication" are important to consider? Think about the perks and drawbacks that come with using each method, and base your decision on how they compare to one another.arrow_forwardWhich of our aims would have the best shot of success if we were given authentication backing? We'll go out the pros and cons of some different authentication strategies below.arrow_forward
- Let's say there's a piece of software that, through the internet, allows a surgeon to do surgery on a patient who is physically located in another city. When the curtain has fallen, why would anybody want to keep going? What kind of carnage do they want to cause? Can you guess which of your weaknesses they will focus on attacking? Is it possible for damage to occur even if there is no hostile aggressor when such vulnerabilities exist?arrow_forwardThe issue of key distribution was one of the most fundamental issues that public key cryptography set out to resolve.Could you provide us with a brief summary?arrow_forwardRespond to the following in a minimum of 175 words: Discuss a cryptography attack scenario. Choose an attack and explain how it works. Be sure to choose one that hasn’t been mentioned by another classmate. What countermeasures would you apply? How do the countermeasures you would use compare to those your classmates recommended for the attacks they chose? What do those similarities or differences tell you about fighting these types of attacks?arrow_forward
- When you say "goals," what do you have in mind for this authentication procedure? Just what are the pros and cons of various authentication strategies?arrow_forwardFor the scenario below, Determine how each of the CIA principles that were violated or not. Also, specify how three access controls that you believe are pertinent to this case might have reduced risk. The CEO of a healthcare service company brought her wok computer in a restaurant to eat with her friends and in meantime catch up with some work. She sat down at the back and started working in the computer. When her friends came, they did not see her. She noticed them so, she decided to go to them since she saw that the restaurant was not busy. When she came back to her table with her friends, she noticed that her work computer was missing. In panic, she looked everywhere, talked to the staff but still couldn’t find it. Her computer was password protected but the hard drive was not encrypted. Also, she has access to the company's database of 20,000 medical records containing patient data.arrow_forwardSuppose, an organization is using RSA with modulus n and public exponent e. One day they are hacked, and their private key d becomes known to the attackers. Bob, the security consultant, suggests that instead of regenerating the new keys completely from the scratch, only the new exponents e’, d’ need to be re-computed, leaving the modulus n unchanged. Is this safe or not? Explain.arrow_forward
- create the confused deputy attack using an example program or using the cross-site request forgery on the web. You can use any language / environment / platform to create / reproduce the confused deputy problem. most preferrably python , it is a question from information security course.arrow_forwardTo complete this assignment, you will need to do some research and produce a report that addresses the following issues regarding digital fingerprinting: You should concentrate on the following issues: What exactly is Digital Fingerprinting, and why is it employed in the first place? What is the operation of the fingerprinting algorithm? Explain how it works on a fundamental level. To achieve the intended result—either blocking, deleting, or authorizing the use of content—a series of actions must be taken. Fingerprinting, according to several cybersecurity experts, is abusive and exposes users' privacy concerns. Some browsers have included specific methods to prevent browser fingerprinting from occurring. Describe the safeguards used by any of the browsers to protect themselves against fingerprinting. List two common Fingerprinting Algorithms that are used nowadays.arrow_forwardReview each scenario carefully and respond to each question as either (very ethical, ethical, neither ethical nor unethical, unethical, very unethical) and justify your choice. 3. A student found a loophole in the university computer’s security system that allowed him access to other students’ records. He told the system administrator about the loophole, but continued to access others’ records until the problem was corrected two weeks later. a.The student’s action in continuing to access others’ records for two weeks was:arrow_forward
arrow_back_ios
SEE MORE QUESTIONS
arrow_forward_ios
Recommended textbooks for you
Management Of Information SecurityComputer ScienceISBN:9781337405713Author:WHITMAN, Michael.Publisher:Cengage Learning,
Management Of Information Security
Computer Science
ISBN:9781337405713
Author:WHITMAN, Michael.
Publisher:Cengage Learning,