Explain how that characteristic may be exploited

Assignment Help Basic Computer Science
Reference no: EM13129779

1. You have been hired by a bank to help them harden their online banking service against phishing attacks. Explain briefly the strengths and weaknesses of the following four possible countermeasures:

(a) SSL/TLS client certificates issued to each customer.
(b) A handheld password calculator issued to each customer.
(c) Displaying a unique picture to each customer during the login process.
(d) Requiring that large payments, or payments to new recipients, be authorised by telephone or SMS as well as online.

In answering those questions you may need to explain how those countermeasures would be used.

2. Answer the following questions in the context of a food-court.
(a) List the objects present.
(b) List the groups of subjects present and show how they are related.
(c) State the actions available.
(d) Give a reasonable description of the access control for this system.
(e) Describe a specific human characteristic that might be considered a vulnerability in this system. This question should answer first.

i. Explain how that characteristic may be exploited by an attacker for some specified reason.

ii. Explain how that characteristic may lead to accidental damage.

3. Consider that I have an asset worth $1000. There are two independent threats. The first occurs with probability 0.10 and would reduce the value of the asset to $200, while the second occurs with probability 0.02 and would completely destroy the asset. Both could occur.

What would be the threshold value at which buying insurance would be "worthwhile for both parties"? Be sure to show working.

4. For the following information, draw up an ALE table and make a recommendation on the basis of it: Let Ei; 1 <= i <= 10 be the events that could cause damage. Let the respective frequency of events be {1.6,4,0.3,2,140, 0.04, 0.5,1, 0.001, 2}, and the respective cost per events be{3,6,30,3 ,0.3,600,37,45,1500,0.2}.

5. Consider that number of people N willing to buy cars at a given price P varies according to the function. N = 5000 - 2P

Note that, for example, a person willing to buy a car at a price of $200 will also be willing to buy a car at $100 and will be included under both. This is not a function of the number of persons with the price returned as the most they will pay.

(a) Provide a graph of N vs P, in an appropriate range, with N on the x axis and P on the y axis. Be sure to appropriately label the intercepts.

(b) Assume we have a competitive marketplace with a total of 200 cars for sale. How much money will be spent on purchasing cars? Justify your answer.

(c) Now assume we instead have a monopoly. You still have 200 cars for sale. You are only allowed to sell cars at four different prices and you must sell fifty cars at each price. What is the most you can make from car sales? Justify your answer.

6. What purpose might fault injection serve in the context of bicycle assembly? Describe how you might use it in such a setting.

7. Consider you have a fingerprint database containing the fingerprints of every person living in Singapore. To simplify the calculations we will assume there are 5,500,000 people in Singapore. Suppose the false acceptance rate, or false match rate is 1/1000.

(a) How many false matches will occur when 10,000 suspicious fingerprints are compared with the entire database? Justify your answer.

(b) For any individual suspect fingerprint, what is the chance of at least one false match? Justify your answer.

8. Give two distinct examples of the role trust plays in security engineering. Refer to the components of Anderson's framework in your answer.

9. Describe how top-down and bottom-up methods of threat/fault analysis can be used in identifying assets relevant to a scenario. You do not need to be exhaustive but do enough of the analysis to demonstrate you understand the processes. You can choose an appropriate scenario that wasn't looked at in the lectures or tutorials.

10. Complete the following ALE table. Explain what each row/column represents, and indicate units for entries. Explain what actions this specific table suggests we should take.

A 20,000 0.01 answer
B 18,000 0.5 answer
C 3, 000 answer 1,000
D 550 answer 1,100

E 25 4 answer
F 10 answer answer

11. For the scenario Sending a paper letter, describe which of the following properties would be appropriate. Justify your answers and give examples as appropriate Confidentiality, Integrity, Availability, Authenticity,

Anonymity, Non--repudiability, Accountability, Freshness.

Verified Expert

Reference no: EM13129779

Questions Cloud

Integrals for surface area : Use the integrating capabilities of a graphing utility to approximate the surface area of that portion of the surface z=e^x that lies over the region in the xy-plane bounded by the graphs of y=0, y=x and x=1.
How cost is combined amount of all the other cost : This cost remains constant overall volume levels within the productive capacity for the planning period. This cost is combined amount of all the other costs.
Cash receipts from all current and prior credit sales : Projected sales for December, January, and February are $60,000, $85,000 and $95,000, respectively. The February expected cash receipts from all current and prior credit sales is ?
Explanation of convergence tests : Using one of the tests for convergence (comparison, limit, integral, nth term, etc.), show whether the following series converges or diverges:
Explain how that characteristic may be exploited : Describe how top-down and bottom-up methods of threat/fault analysis can be used in identifying assets relevant to a scenario. You do not need to be exhaustive but do enough of the analysis to demonstrate you understand the processes.
What was total cost of job if bond industries used : The cost for direct labor is $25 per direct labor hour and the cost of the direct materials used by Job 542 is $1,200. What was total cost of Job 542 if Bond Industries used the departmental overhead rates to allocate manufacturing overhead?
Volume of solid revolving by cylindrical shell method : Let f and g be the functions given by f(x) = 1 + sin(2x) and g(x) = e^(x/2). Let R be the shaded region in the first quadrant enclosed by the graphs of f and g.
Internal auditor of a small rural bank : You are an internal auditor of a small rural bank with 3 branches. The bank's customers are mainly farmers. The bank is a publicly traded corporation (OTC) and qualifies under the Sarbanes-Oxley Act of 2002 (SOX) regarding financial reporting requ..
Explain tests that you would perform to test the correctness : Explain tests that you would perform to test the correctness of pricing of raw materials, work in progress, and finished goods. Determine the amount of projected population misstatement based on your sample.

Reviews

Write a Review

 

Basic Computer Science Questions & Answers

  Describe primary uses of networking for business

Describe at least 2 of the primary uses of networking for businesses. Discuss how you might match appropriate networking technologies.

  Verify local police department-s findings on current case

Your computer investigation firm has been hired to verify local police department's findings on current case. Tension over the case is running high in the city.

  Explain response time for jobs in observed system

Explain the response time for jobs in observed system? As function of N, number of terminals, give high-load bounds for throughput and response time; also provide low-load bounds.

  Explaining logical knowledge base represents the world

A logical knowledge base represents the world using a set of sentences with no explicit structure. Analogical representation, on the other hand, has physical structure that corresponds.

  Future applications will change manufacturing industry

Prepare a response which explains the future applications which will change manufacturing industry, judiciary, and field of sports. Explain at least one application for each field.

  List and describe three guidelines for sound policy

List and describe briefly the three guidelines for sound policy, as stated by Bergeron and Bérubé. Are policies different from standards? In what way? Are policies different from procedures? In what way?

  Explain hacktivism includes cracking for higher purpose

And "hacktivism" includes cracking for "higher purpose". Is it feasible to crack systems and still be ethical? Support the position.

  Cyclic codes using generator to compute frame check sequence

This question associates to cyclic codes using generator G(X) = X4 + X2 + 1. For following two messages compute Frame Check Sequence. M1 = 00000001, and M2 = 100000. Skecth shift register circuit.

  Up-to-the-minute information effective for medical industry

Up-to-the-minute information to clinicians in visually rich format to improve quality of patient care" do you believe this is the effective for medical industry to view this kind of information? Why or why not?

  Object oriented programming paradigm

Discuss and explain why the object oriented programming paradigm is considered a better choice than the structured programming paradigm.

  Explain functionality of multiprogrammed system in user mode

In multiprogrammed system, must this functionality be available in user mode or only accessible by system call? Why or why not?

  Impact of activities called ping sweeps and port scans

Your boss has just heard about some nefarious computer activities called ping sweeps and port scans. He wants to know more about them and what the impact of these activities might be on your company.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd