1. Look up “the paper that started the study of computer security.” Prepare a summary of the key points. What in this paper specifically addresses security in previously unexamined areas?
· The wide use of computers in military and defense installations has long necessitated the application of'security rules and regulations. A basic principle underlying the security of computer systems has traditionally been that of' isolation-simply removing the entire system to a physical environment in which penetrability is acceptably minimized. The increasing use of systems in which some equipment components, such as user access terminals, are widely spread geographically has introduced new complexities and issues. These problems are not amenable to solution through the elementary safeguard of physical isolation.
· There are several ways in which a computer system can be physically and operationally organized to serve its users. The security controls will depend on the configuration and the sensitivity of data processed in the system. The following discussion presents two ways of' viewing the physical and operational configurations.
o Equipment Arrangement and Disposition
o User Capabilities
o File-query systems
o Interpretive systems
o Compiler systems
o Full programming systems
· Computer systems bring together a series of vulnerabilities. There are human vulnerabilities throughout; individual acts can accidentally or deliberately jeopardize the system's information protection capabilities. Hardware vulnerabilities are shared among the computer, the communication facilities, and the remote units and consoles. There are software vulnerabilities at all levels of the machine operating system and supporting software; and there are vulnerabilities in the organization of the protection system. The design of a secure system must provide protection against the various types of vulnerabilities. These fall into three major categories: accidental disclosures, deliberate penetrations, and physical attack.
· The system designer must be aware of the points of vulnerability, which may be thought of as leakage points, and he must provide adequate mechanisms to counteract both accidental and deliberate events. The specific leakage points touched upon in the foregoing discussion can be classified in five groups: physical surroundings, hardware, software, communication links, and organizational.
· The system should be flexible, responsive, auditable, reliable, manageable, adaptable, and dependable
2. Using the Web, identify the chief information officer (CIO), chief information security officer (CISO), and systems administration for your school. Which of these people represents the data owner? Which represents the data custodian?
The CIO is Tom Janicki
The CISO is vacant at UWS. Robert Turner is the CISO at the UW-Madison
System Administrator is Ross Eaton
3. Using the Web, find a large company or government agency that is familiar to you or located in your area. Try to find the name of the chief executive officer (CEO), the CIO, and the CISO. Which was easiest to find? Which was the hardest?
The company I have chosen is Apple.
The CEO is Tim Cook (easiest to find).
The CIO is Niall O’Connor
The CISO is George Stathakopoulos (hardest to find).
4. Using the Web, find out more about Kevin Mitnick. What did he do? Who caught him? Write a short summary of his activities and explain why he is infamous.
He is an American computer security consultant, author and hacker, best known for his high profile 1995 arrest and later five years in prison for various computer and communications-related crimes. Kevin Mitnick was once one of the FBI's Most Wanted because he hacked into 40 major corporations just for the challenge, Kevin is now a trusted security consultant to the Fortune 500 and governments worldwide. Kevin mentors leaders, executives, and staff on both the theory and practice of social engineering. Kevin also helps consumers—from students to retirees— learn how to protect their information and themselves from harm. He is the CEO of Mitnick Security Consulting
5. Using the Web, explore the technique known as “iterative and incremental development.” Then, investigate “agile development.” How are they related?
An iterative process is one that makes progress through successive refinement. A development team takes a first cut at a system, knowing it is incomplete or weak in some (perhaps many) areas. The team then iteratively refines those areas until the product is satisfactory. With each iteration, the software is improved through the addition of greater detail.
An incremental process is one in which software is built and delivered in pieces. Each piece, or increment, represents a complete subset of functionality. The increment may be either small or large, perhaps ranging from just a system’s login screen on the small end, to a highly flexible set of data management screens.
Each increment is fully coded and tested, and the common expectation is that the work of an iteration will not need to be revisited. An incremental sculptor would pick one part of her work and focus entirely on it until it is finished. She may select small increments (first the nose, then the eyes, then the mouth, and so on) or large increments (head, torso, legs and then arms). However, regardless of the increment size, the incremental sculptor would attempt to finish the work of that increment as completely as possible.