Adrian Leal

Shin-Ping Tucker

ITS 370

Chapter 12


1.       Search the Web for the Forum of Incident Response and Security Teams (FIRST). In your own words, what is the forumís mission?

The Forum of Incident Response and Security Teams (FIRST) is an international consortium of computer incident response and security teams who work together to handle computer security incidents and to promote preventive activities. The mission of FIRST ( is to provide its members with technical information and tools, methods, assistance, and guidance. It also coordinates proactive liaison activities and analytical support. FIRST encourages the development of quality products and services and works to improve national and international information security for government, private industry, academia and the individual. The forum also enhances the image and status of the incident response and security teams (IRST) community in the outside world.


2.       Search the Web for two or more sites that discuss the ongoing responsibilities of the security manager. What other components of security management can be adapted for use in the security manager model?

Solstice Enterprise Manager Application Development Guide


HP Open View Performance Insight Courses: Student Pre-course Study Guide

Raise your organizationís cyber security preparedness, and to propel your people and their potential. Organizations receiving Education Services lower their risks, increase their return on technology investment and best achieve business outcomes.


The ISO network management model addresses management and operation through five topics:

         Fault management. †

         Configuration and name management.

         †Accounting management.

         Performance management.

         Security management.

†A major component of the network management that can be adapted to the security management model is a firewall that serves dual role to keep external intrusion from entering an organizations internal data for the confidential, integrity and availability.


3.       This chapter lists five tools that can be used by security administrators, network administrators, and attackers alike. Search the Web for three to five other tools that fit this description.

Automated tools known as log analyzers can consolidate systems logs, perform comparative analysis, and detect common occurrences or behavior that is of interest. A risk assessmentís identification of the systemic or latent vulnerabilities that introduce risk to the organization can provide the opportunity to create a proposal for an information security project. When used as part of a complete risk management maintenance process, the RA can be a powerful and flexible tool that helps identify and document risk and remediate the underlying vulnerabilities that expose the organization to risks of loss. The platform security validation (PSV) process is designed to find and document the vulnerabilities that may be present because there are misconfigured systems in use within the organization. The wireless vulnerability assessment process is designed to find and document the vulnerabilities that may be present in the wireless local area networks of the organization. The modem vulnerability assessment process is designed to find and document any vulnerability that is present on dial-up modems connected to the organizationís networks.


4.       Using a Web browser and the names of the tools you found in Exercise 3, find a site that claims to be dedicated to supporting hackers. Do you find any references to other hacker tools? If you do, create a list of the tools along with a short description of what they do and how they work.

SoldierX: Around the 1970's, the term "hacking" meant any deep interest in computers that manifested itself in programming or learning arcane aspects of the machinery or operating systems. By the early 1980's, this meaning morphed into a general term of fear to describe anyone who did anything even remotely evil using computer equipment. The people who considered themselves non-malicious "Hackers" decried this bastardization of the term they took with pride, and the new name "cracker" arrived, years after that name applied to people who removed copy protection from home video games. By the late 80's to early 90's, no one cared too much, except for the people who care about everything too much.

Hackthissite: Hack This Site is a free, safe and legal training ground for hackers to test and expand their hacking skills. More than just another hacker wargames site, we are a living, breathing community with many active projects in development, with a vast selection of hacking articles and a huge forum where users can discuss hacking, network security, and just about everything. Tune in to the hacker underground and get involved with the project.


5.       Using the components of risk assessment documentation presented in the chapter, draft a tentative risk assessment of a lab, department, or office at your university. Outline the critical risks you found and discuss them with your class.

The RA is a method of identifying and documenting the risk that a project, process, or action introduces to the organization and may also involve offering suggestions for controls that can reduce that risk. The information security group is in the business of coordinating the preparation of many different types of RA documents, including: Network connectivity RA: Used to respond to network change requests and network architectural design proposals. May be part of or support a business partnerís RA. Dialed modem RA: Used when a dial-up connection is requested for a system.

Business partner RA: Used when a proposal for connectivity with business partners is being evaluated. Application RA: Used at various stages in the life cycle of a business application. Content depends on the projectís position in the life cycle when the RA is prepared.