Ch. 1
1. A threat agent is the specific instance or a component of a threat, whereas a threat is a category of objects, persons, or other entities that presents a danger to an asset.

3. By ensuring the protection and continuity of utility services for an organization you prevent potential loss of productivity and revenue for that organization, as well as the prevention of possible breaches in security that may ensue if, for instance the power goes out and an alarm system or other remote monitoring system is disabled.
5. Confidentiality, Integrity, and Availability. These are used to determine the value and potential risk for information within an organization
7. Availability, accuracy, Authenticity, Confidentiality, Integrity, Utility and Possession. These are an expanded list of the characteristics of data that give it value to an organization and how it is used.
9. MULTICS
11. It is initiated by upper-level managers who issue policy, procedures, and expected outcomes, and determine accountability, it also has a higher probability of success.

13. Everyone from Upper management and IT, to the end user are involved whether through implementation and planning or compliance
15. Everyone, all employees at every level within an organization for the security of information within that organization
17. Initially the security of information was included in the category of computer security, which is the security of the physical computer, but as technology has advanced and the ability to access information remotely has become more prevalent and even commonplace it has required a more specialized field in order to secure the information itself.
19. The management of the organization itself. It is determined by the plan that the organization dictates

Ch. 2
2.Data is the most important because if lost can be irreplaceable, whereas other assets such as