Describe principles in bell-lapadula and biba security model

Assignment Help Computer Network Security
Reference no: EM131094289

Foundations of Information Security Exam

Part 1: Very Short Answers

1. T F Biometrics authentication systems can be subject to the following attacks: Replay, spoofing and false matching attacks. Answer: ____

2. __________ is/are the foundation of most access controls to ensure CIA (Select one).

a. Confidentiality and integrity
b. Authentication validating one's claimed identity
c. Monitoring and auditing
d. System isolation

3. T F A hash algorithm uses a one-way cryptographic function, whereas both secret-key and public-key systems use two-way (i.e., reversible) cryptographic functions. Answer: ____

4. T F 3DES (Triple DES) requires the use of three independent keys. Answer: _____

5. T F AES uses the Rijndael algorithm. Answer: _____

6. T F Encrypting a message with the sender's private key ensures proof of receipt of a message. Answer: _____

7. T F Two purpose of using a salt value in storing (hashed) passwords is to prevent password duplication and thwart guessing whether a user has the same password on multiple systems. Answer: _____

8. T F In Role-Based Access Control Systems, a user is assigned no more than one role to limit the damage a user can do.Answer: _____

9. If person A uses AES to transmit an encrypted message to person B, which key or keys will A have to use:

a. A's private key
b. A's public key
c. B's private key
d. B's public key
e. None of the keys listed above

10. Which one of the following is not a goal of cryptographic systems?

a. Nonrepudiation
b. Confidentiality
c. Availability
d. Integrity

Part 2: Short Answers. Please answer briefly and completely, and cite all sources of information. Please restrict your answer for each question to three fourth (3/4) of a page (double spaced) or less.

1. Explain multi-factor (multiple means of) authentication of a user and give two examples for each authentication factor.

2. Describe the fundamental principles in both the Bell-LaPadula and Biba security models. For each, explain what sort of security the model is intended to provide, the two key properties of the model, and then explain in your own words why each of the properties makes sense from a security standpoint.

3. Define the principle of defense in depth. Give two examples of how the principle might be applied: one describing security measures across multiple layers of security architecture, and another describing security measures within a single layer.

4. Alan and Beatrice are both users of PKI. Explain how they use their keys to communicate when Alan sends a private message to Beatrice, and provides proof that he sent the message.

5. Compare and contrast Mandatory Access Control and Discretionary Access Control. How well are they supported in various well-known (common) operating systems?

Part 3: Short Essay. Please restrict your answer to three pages (double spaced) or less.

Global Corporation, Inc. (GCI) is a fictional multi-national company providing outsourced financial services to a variety of clients across many industries, including commercial and government entities. GCI specializes in billing and invoicing services, in which GCI receives relevant data from its clients and stores the data in a central database server and processes the data to produce the invoices, monthly statements, and other billing items that are sent to GCI's clients' customers. GCI employees serve the company's customers both on-site at customer locations and while working in GCI facilities. GCI employees routinely store data related to multiple clients on their company-issued laptops and flash drives.

GCI's Chief Information Officer, having read of the numerous data breaches reported among commercial and government organizations, has become concerned about the risk to GCI's customers and potentially the company's reputation if GCI were to experience a similar breach. She has tasked you, the Director of Information Security, to create a new corporate policy regarding the protection of client and company confidential data stored on employee computers, particularly laptops and flash drives. Respond to each of the following, taking into account material we have studied in this course regarding threats and vulnerabilities, as well as Stallings and Brown (Chapter 14.2) discussion of the characteristics of effective security policies. Cite these and other pertinent sources used in your answer. Be specific but fully explain and give reasons for your answers.

1. Summarize the primary vulnerabilities and potential threats that exist for GCI related to the practice of storing sensitive data on laptops. In your opinion, which of the risks GCI faces are most significant to the company?

2. What measures would you propose to senior management to try to prevent a breach of data held by GCI? Your response should include recommendations for mitigating vulnerabilities identified in part (a).

3. Write a succinct policy statement specifying employee and company responsibilities for protecting client and corporate data, such as the data stored on employee laptops and flash drive. Be sure to address requirements for protecting the data from theft, and for rendering the data unusable should it be compromised. In your Policy, focus on these items:

• Scope and purpose including business, legal, regulatory requirements

• Security requirements (Confidentiality and integrity of customer and enterprise data, availability, authentication and authorization and auditing requirements if any)

• Assignment of responsibilities

• Security awareness and training

• Any legal sanctions/penalty for non-compliance by employees

• How and when policy reviewed and updated

• Timeframe for implementation of security requirements

Reference no: EM131094289

Questions Cloud

Define the random variable under consideration : If 1,000 of these tax returns are randomly selected, what is the approximate probability that between 110 and 140, inclusive, were prepared by H&R Block? Justify the use of the approximation you use, and make sure to define the random variable und..
Difference between a breach of condition and warranty : Siti agrees to sell her land to Ali on payment of RM10,000.00. Later on, she found out from the land office that her land is worth about RM100,000.00. She then disagrees to transfer the land to Ali. What is the legal issue here? Can Ali take actio..
What proportion of homes had a gas : Assume that the gas bills follow a normal distribution, and let X be a random variable for the gas bill amount of a randomly selected Fredericton home.
The concept of time value of money : The concept of time value of money is one of the most important topics in finance you will need to be familiar with as a financial manager. It is the basis of how all assets are valued.
Describe principles in bell-lapadula and biba security model : Describe the fundamental principles in both the Bell-LaPadula and Biba security models. For each, explain what sort of security the model is intended to provide, the two key properties of the model.
In what ways does leadership influence culture : Case Study - The Enron Story. How can what happened at Enron be explained by some of the theories of leadership that you have looked at? In what ways does leadership influence culture
Parts supplier hypothesis test : Suppose that the parts supplier's hypothesis test is based on a sample of n = 100 diameters and that σ equals .023. If the parts supplier sets α = .05, calculate the probability of a Type II error for each of the following alternative values of µ:..
How do you think you are paying for this free services : Research the web on what each of these three companies are doing in their respective markets, who are their major competitors, what laws currently regulate their space, and how each company is trying to deal with the rules and regulations in their..
Find examples of statistical inference in the media : This project asks you to find examples of statistical inference in the media. You are asked tofind one article in the popular press where a test is described and the result is statistically significant, and one article in the popular press where a..

Reviews

Write a Review

 

Computer Network Security Questions & Answers

  Case study - asymmetric and symmetric encryption

Case Study - Asymmetric and Symmetric Encryption, ABC Institute of Research has sensitive information that needs to be protected from its rivals. The Institute has collaborated with XYZ Inc. to research genetics

  The network administrator to protect the network against

over the past several years the chief executive officer of your company has read articles on internet control message

  Cracking password management protocols

Identify and describe any obstacles, and explain your solutions for them. Given the access policy, evaluate whether or not Extensible Access Control Markup Language (XACML) could be used to express the contextual attributes.

  Design a new public key encryption scheme

Design a new public key encryption scheme - de ne and then show the correctness of the new scheme II.

  Relationship between technical or it staff

Determine what your relationship would be like with the technical or IT staff at your corporation if you were working side by side on a project or training exercise?

  Critically evaluate the security risk management framework

Critically evaluate the Security Risk Management framework and/or policy in light of other Security Risk Management frameworks

  Describe possible liability issues

Describe regulatory requirements and describe possible liability issues that may be related to these cyberattacks. How should cyber policy controls be adjusted for each organization to reduce vulnerabilities and prevent disruption or theft due to ..

  How security can be configured and provide configuration

Describe how the security can be configured, and provide configuration examples (such as screen-shots and configuration files). Marks are based on demonstrating technical detail and understanding, and choice of examples.

  What rc4 key value will completely invert s

What RC4 key value will completely invert S after the initial permutation (so that S[0] = 255, S[1] = 254, ..., S[254] = 1, S[255] = 0)?  Show your work. (Explain how you got this.)

  What descriptive labels might apply to this type of threat

What descriptive labels might apply to this type of threat/incident? What sort of people would go after this information? Why would they want it

  Describe what is your domain or area of research

Describe what is your domain or area of research, start from general then focus on the area of research - describe the significant/important of your research, why you need to solve this problem?

  Design and implementation of a security approach

use Microsoft Powerpoint to create your slides for a 15-minute presentation. It`s about Computer Hacking the same subject that you wrote in the report. You are going to take the same information that you wrote in the report and make it as slides.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd