CIS 462 – Midterm Exam
1. Define Confidentiality, Integrity, and Availability.
•
Confidentiality – Is the ideal that information or technological access is given to users in the right amount. That is that users have enough privileges to do their job an no more.
There can be different, ascending levels of secrecy and typically upper levels gain access to levels below them.
•
Integrity – The ideal to keep data sources untampered with and trustworthy. Systems such as backups, shadow copies and they like help prevent accidental or willful deletions and changes. The goal of integrity systems is to prevent unauthorized users access to data, prevent authorized users from performing potential malicious actions and to maintain data consistency.
•
Availability – The ideal that data and resources are available to users at all times. This would include times of power loss, emergencies or natural disasters. System wear and tear is a concern as obsolete equipment is replaced and data is maintained. In addition, protection from hackers and their denial and damaging attacks.
2. Describe the major element of a policy.
A major element of a policy is the statement of purpose, or minimum requirements of a policy. It identifies at the lowest level the goals of a particular policy. It also identifies why the policy is be implemented and what problems it is trying to counteract
3. Describe the method to assess and manage risk.
Risk analysis is performed as a part of risk management. This can be performed either quantitatively or qualitatively. In the former, statistics are produced quantifying loss expectancy and the probability of an event occurring. Threats and controls are weighed as well and a relationship between the two is finely tuned to avoid waste. In qualitative analysis, threats and vulnerabilities are identified. Once these are known