Salman bin Abdul-Aziz University
College Of Business Administration
DEPARTMENT OF MANAGEMENT INFORMATION SYSTEMS
MIS 430 – Information Security
Assignment 1
Student Name
Student Number
Due Date
02-03-2013
Signature
General Instructions

The assignment should clearly mention the student name and student number.

Please read all the questions carefully.

Answer all the questions.

Late submissions will be penalized 10 points per day.
1 DEPARTMENT OF MANAGEMENT INFORMATION SYSTEMS
Salman bin Abdul-Aziz University
College Of Business Administration
DEPARTMENT OF MANAGEMENT INFORMATION SYSTEMS
Each Question Carries 2 Points
1. A(n)
is a threat characterized by a great amount of planning, a longer
period of time to conduct the activity, more financial backing to accomplish it, and the possible
corruption of, or collusion with, insiders.
2. Infrastructure whose loss would have a severe detrimental impact on the nations is called
3.
.
is a warfare conducted against the information and information processing
equipment used by an adversary.
4. A
simply sends a “ping” to the target machine.
5. A(n)
is a threat that is generally short-term in nature, does not
involve a large group of individuals, does not have a large financial backing, and does not generally
include collusion with insiders.
6.
are the most technically competent individuals conducting intrusive
activities on the internet. They can not only exploit known vulnerabilities but are usually the ones
responsible for finding those vulnerabilities.
7. A
helps identify which ports are open, thus giving an indication of which services
may be running on the targeted machines.
8.
are individuals who do not have the technical expertise to develop scripts or
discover new vulnerabilities in the software but who have just enough understanding of computer
systems to be able to download and run scripts that others have developed.
9. A(n)
is a threat characterized by a much longer period of preparations,
tremendous financial backing, a large and organized group of attackers, and a large and organized group
of attackers. It may include efforts to subvert insiders as well as plant individuals inside a potential
target in advance of an attack.
10. In a
type of attacks an attempt to find and attack site that has the
hardware or the software that is vulnerable to a specific exploit.
11.
is the act of deliberately accessing computer systems and network without
authorization.
12.
are the most common problems/ threat an organization faces.
2 DEPARTMENT OF MANAGEMENT INFORMATION SYSTEMS
Salman bin Abdul-Aziz University
College Of Business Administration
DEPARTMENT OF MANAGEMENT INFORMATION SYSTEMS
13.
is a term used to describe a process in which each side of an electronic
communication verifies the authenticity of the other.
14. The security principle used in the Bell-Lapadula security model that states that no subject can read from
an object with a higher security classification is called
15.
.
is the security rule used in the Bell-Lapadula security model that states
that a subject could write to an object only if its security classification was less than or equal to the
security level of an object.
16. An
that the data with a higher integrity is believed to be more accurate
or reliable than data of a lower integrity level.
17.
policy prevents subjects from writing to object of a higher integrity
level.
18. The principle in which a subject has only the necessary rights and privileges to perform its task, with no
additional permissions, is called
19.
.
is the principle in security whose goal it is to ensure that data is only
modified by individuals who are authorized to change it.
20.
is the process used to ensure that an individual is who they claim to be.
21.
is a method to establish authenticity of specific objects such as an
individual’s public key or downloaded software.
22.
is the most common form of authentication used.
23. The CIA of security includes
,
and
.
24. CHAP stands for
.
25.
uses more than one method to verify authenticity.
26.
is the basis for authentication used in Kerberos.
27.
is described as the ability of a subject to interact with an object.
28.
means that all the Information Systems and Information is available
when needed.
3 DEPARTMENT OF MANAGEMENT INFORMATION SYSTEMS
Salman bin Abdul-Aziz University
College Of Business Administration
DEPARTMENT OF MANAGEMENT INFORMATION SYSTEMS
29.
means to ensure that only those individuals who have the authority to
view a piece of information may do so.
30.
is to ensure that the data, the system is available for the use when an
authorized user wants it.
31.
means the ability to verify that a message has been sent and received
and that the sender can identified and verified.
32.
allows any subject to read any object without regards to the integrity
levels and without lowering the integrity levels.
Each Question carries 18 Points
Question 1: Please write short notes on the following
i.
Hacking,
v.
Script kiddies,
ii.
Unstructured attacks,
vi.
Sophisticated intruders and
iii.
Structured attacks,
vii.
Elite hackers.
iv.
Highly structured attacks,
Question 2: Please write short notes on the following
i.
Host security
iv.
Discretionary Access Control
ii.
Network security
v.
Mandatory Access Control
iii.
Access controls
vi.
Role Based Access Control
4 DEPARTMENT OF MANAGEMENT INFORMATION SYSTEMS