02_Solutions
9 Pages

02_Solutions

Subject/Unit Code: ISIT201, Semester Three 2013

University or Institution: University of...

Word Count: 4027

Rating:

Document Preview

Principles of Information Security, 4th Edition Chapter 2 Review Questions 1. Why is information security a management problem? What can management do that technology cannot? Both general management and IT management are responsible for implementing information security to protect the ability of the organization to function. Decision-makers in organizations must set policy and operate their organization in a...

Unformatted Document Excerpt
Coursehero >> Australia >> University of Wollongong, Australia >> ISIT 201

Course Hero has millions of student submitted documents similar to the one
below including study guides, practice problems, reference materials, practice exams, textbook help and tutor support.

Course Hero has millions of student submitted documents similar to the one below including study guides, practice problems, reference materials, practice exams, textbook help and tutor support.

of Principles Information Security, 4th Edition Chapter 2 Review Questions 1. Why is information security a management problem? What can management do that technology cannot? Both general management and IT management are responsible for implementing information security to protect the ability of the organization to function. Decision-makers in organizations must set policy and operate their organization in a manner that complies with the complex, shifting political legislation on the use of technology. Management is responsible for informed policy choices and the enforcement of decisions that affect applications and the IT infrastructures that support them. Management can also implement an effective information security program to protect the integrity and value of the organizations data. 2. Why is data the most important asset an organization possesses? What other assets in the organization require protection? Data is important in the organization because without it an organization will lose its record of transactions and/or its ability to deliver value to its customers. Since any business, educational institution, or government agency that functions within the modern social context of connected and responsive service relies on information systems to support these services, protecting data in motion and data at rest are both critical. Other assets that require protection include the ability of the organization to function, the safe operation of applications, and technology assets. 3. Which management groups are responsible for implementing information security to protect the organizations ability to function? Both general management and IT management are responsible for implementing information security that protects the organizations ability to function. Although many business and government managers shy away from addressing information security because they perceive it to be a technically complex task, in fact, implementing information security has more to do with management than with technology. Just as managing payroll has more to do with management than with mathematical wage computations, managing information security has more to do with policy and its enforcement than with the technology of its implementation. 4. Has the implementation of networking technology created more or less risk for business that use information technology? Why? 5. Networking is usually considered to have created more risk for businesses that use information technology. This is due to the fact that potential attackers have more and readier access to these information systems when they have been networked, especially if they are interconnected to the Internet. What is information extortion? Describe how such an attack can cause losses, using an example not found in the text. When an attacker is able to control access to an asset, it can be held hostage to the attackers demands. For example, if an attacker is able to gain access to a set of data in a database and then encrypt that data, they may extort money or other value from the owner in order to share the encryption key so that the data can be used by the owner. 6. Why do employees constitute one of the greatest threats to information security? Employees are the greatest threats since they are the closest to the organizational data and will have access by nature of their assignments. They are the ones who use it in everyday activities, and employee mistakes represent a very serious threat to the confidentiality, integrity, and availability of data. Employee mistakes can easily lead to the revelation of classified data, entry of erroneous data, accidental deletion or modification of data, storage of data in unprotected areas, and failure to protect information. 7. What measures can individuals take to protect against shoulder surfing? The best way for an individual to avoid shoulder surfing is to avoid, as far as possible, the accessing of confidential information when another person is present. The individual should limit the number of times he/she accesses confidential data, and do it only when he/she is sure that nobody can observe them. One should be constantly aware of who is around when accessing sensitive information. 8. How has the perception of the hacker changed over recent years? What is the profile of a hacker today? The classic perception of the hacker is frequently glamorized in fictional accounts as someone who stealthily manipulates their way through a maze of computer networks, systems, and data to find the information that resolves the dilemma posed in the plot and saves the day. However, in reality, a hacker frequently spends long hours examining the types and structures of the targeted systems because he or she has to use skill, guile, or fraud to attempt to bypass the controls placed around information that is the property of someone else. The perception of a hacker has evolved over the years. The traditional hacker profile was male, age 13-18, with limited parental supervision who spent all his free time at the computer. The current profile of a hacker is a male or female, age 12 60, with varying technical skill levels, and can be internal or external to the organization. Today there are both expert hackers and unskilled hackers. The expert hackers create the software and schemes to attack computer systems while the novice hackers are the ones who merely utilize the software created by the expert hacker. 9. What is the difference between a skilled hacker and an unskilled hacker (other then the lack of skill)? How does protection against each differ? An expert hacker in one who develops software scripts and codes to exploit relatively unknown vulnerabilities. The expert hacker is usually a master of several programming languages, networking protocols, and operating systems. An unskilled hacker is one who uses scripts and code developed by skilled hackers. They rarely create or write their own hacks, and are often relatively unskilled in programming languages, networking protocols, and operating systems. Protecting against an expert hacker is much more difficult, due in part to the fact that most of the time the expert hacker is using new, undocumented attack code. This makes it almost impossible to guard against these attacks at first. Conversely, an unskilled hacker generally uses hacking tools that have been made publicly available. Therefore, protection against these hacks can be maintained by staying up-to-date on the latest patches and being aware of hacking tools that have been published by expert hackers. 10. What are the various types of Malware? How do worms differ from viruses? Do Trojan horses carry viruses or worms? Common types of malware are viruses, worms, Trojan horses, logic bombs, and back doors. Computer viruses are segments of code that induce other programs to perform actions. Worms are malicious programs that replicate themselves constantly without requiring another program to provide a safe environment for replication. Once a trusting user executes a Trojan horse program it will unleash viruses or worms to the local workstation and the network as a whole. 11. Why does polymorphism cause greater concern than traditional malware? How does it affect detection? Polymorphism causes greater concern because it makes malicious code more difficult to detect. The code changes over time, which means commonly used anti-virus software, which uses preconfigured signatures for detection, will be unable to detect the newly changed attack. This makes polymorphic threats harder to protect against. 12. What is the most common form of violation of intellectual property? How does an organization protect against it? What agencies fight it? The most common violations involve the unlawful use or duplication of software-based intellectual property known as software piracy. Some organizations have used such security measures as digital watermarks and embedded code, copyright codes, and even the intentional placement of bad sectors on software media. Also, most companies file patents, trademarks or copyrights which can allow a company to legally pursue a violator. Another effort to combat piracy is the online registration process. During installation, software users are asked or even required to register their software to obtain technical support, or the use of all features. There are two major organizations that investigate allegations of software abuse: Software and Information Industry Association (SIIA) and the Business Software Alliance (BSA). 13. What are the various types of force majeure? Which type is of greatest concern to an organization in Las Vegas? Oklahoma City? Miami? Los Angeles? Force majeure refers to forces of nature or acts of God that pose a risk, not only to the lives of individuals, but also to information security. Force majeure includes fire, flood, earthquake, lightning, landslide or mudslide, tornado or severe windstorm, hurricane or typhoon, tsunami, electrostatic discharge (ESD), and/or dust contamination. A major concern to an organization in Las Vegas might be dust contamination. Tornado is a concern for Oklahoma City, OK. Miami, FL would be most concerned with hurricanes or tsunamis. Earthquakes, mud-slides, wildfires and riots would be of concern to LA. 14. How does technology obsolescence constitute a threat to information security? How can an organization protect against it? Technological obsolescence is a security threat caused by managements potential lack of planning and failure to anticipate the technology needed for evolving business requirements. Technological obsolescence occurs when the infrastructure becomes outdated, which leads to unreliable and untrustworthy systems. As a result, there is a risk of loss of data integrity from attacks. One of the best ways to prevent this is through proper planning by management. Once discovered, outdated technologies must be replaced. Information Technology personnel must help management identify probable obsolescence so that any necessary replacement (or upgrade) of technologies can be done in a timely fashion. 15. Does the intellectual property owned by an organization usually have value? If so, how can attackers threaten that value? Yes, the IP of an organization may be its highest value asset. Attackers can threaten its value by reducing or removing its availability to the owner or steal and then selling copies of the asset thus causing a loss in the economic value of the assets. 16. What are the types of password attacks? What can a systems administrator do to protect against them? The types of password attacks include: Password Crack, Brute Force, and Dictionary: Password crack: Attempting to reverse calculate the password is called cracking. Cracking is used when a copy of the Security Account Manager data file can be obtained. A possible password is taken from the SAM file and run through the hashing algorithm in an attempt to guess the password. Brute Force: The application of computing and network resources to try every possible combination of options for a password. Dictionary: A form of brute force for guessing passwords. The dictionary attack selects specific accounts and uses a list of commonly used passwords with which to guess. To protect against password attacks, security administrators can: Implement controls that limit the number of attempts allowed. Use a disallow list of passwords from a similar dictionary. Require use of additional numbers and special characters in passwords. 17. What is the difference between a denial-of-service attack and a distributed denial-ofservice attack? Which is potentially more dangerous and devastating? Why? A denial-of-service attack occurs when an attacker sends a large number of connection or information requests to a target. A distributed denial-of-service attack occurs when a coordinated stream of requests is launched against a target from many locations at the same time. A distributed denial-of-service attack is potentially more dangerous and devastating. In most DDoS attacks, numerous machines are first compromised and used as zombies to carry out the denial-of-service attack against a single target. DDoS attacks are most difficult to defend against, and there are currently no controls any single organization can apply. 18. For a sniffer attack to succeed, what must the attacker do? How can an attacker gain access to a network to use the sniffer system? The attacker must first gain access to a network to install the sniffer. Social engineering offers the best way for an attacker to gain access to a network to install a physical sniffer device. By convincing an unwitting employee to instruct the attacker as to the whereabouts of the networking equipment, the installation of the sniffer can be accomplished. 19. What method does a social engineering hacker use to gain information about a users login and password? How would this method differ if it were targeted towards an administrators assistant versus a data-entry clerk? Social Engineering is the process of using social skills to obtain access credentials or other valuable information. Role-playing can do this, where the attacker represents himself or herself as someone of authority requesting information. This may also be accomplished bogus by installing software on user machines that will gather access information, or by using deception to act on the conscience of users. Tactics change based on the target. A data-entry clerk could likely be swayed just by mentioning the name of the CEO and describing his anger at not getting the requested information promptly. Conversely, someone higher up the chain of command, who perhaps even works directly with those in power, would require more convincing proof. This could be anything from a few additional details regarding a particular project or something as precise as an authorization password or document. 20. What is a buffer overflow and how is it used against a web server? A buffer overflow occurs when more data is sent to a buffer than it can handle. It can be caused over a network when there is a mismatch in the processing rates between the two entities involved in the communication process. Exercises 1. Consider the statement: an individual threat, like a hacker, can be represented in more than one threat category. If a hacker hacks into a network, copies a few files, defaces the Web page, and steals credit card numbers, how many different threat categories does this attack cover? Deliberate acts are the main threat category for this type of attack because the hacker is deliberately trying to cause harm. Different sub-categories that this attack could fall under are deliberate acts of espionage or trespass, deliberate acts of sabotage or vandalism, and deliberate acts of theft. Compromises to intellectual property copying of files, defacing the web page, and stealing credit card numbers. Technical failures. For instance, if part of the organizations software has an unknown trap door then this type of hacker attack could occur. Management failure. This hacker attack could happen if management were to have a lack of sufficient planning and foresight to anticipate the technology need for evolving business requirements. 2. Using the web, determine what was the extent of Mafiaboy's exploits. How many sites did he compromise and how? How was he caught? Mafiaboy's exploits consisted of a series of DDoS (Distributed Denial of Service) attacks on 11 corporate networks. The attacks caused, according to investigators, approximately 1.7 billion dollars in loss for these companies but there is dispute regarding the accuracy of that figure. The attacks caused some of these companies' websites and networks to be difficult to reach. In some cases, they crashed completely, remaining offline from mere hours to as long as several days. Since the attacks were so large, it prompted the authorities to investigate. Authorities found that someone by the name of Mafiaboy was bragging about the attacks on websites, message boards and even on his own site. In addition to this, the authorities were able to associate an IP address to the attacks, which in turn linked to the ISP, and then, with the ISP's help, they linked the IP address to an account whose phone numbers linked to Mafiaboy's father's number. Alternate Answer One example of a novice using pre-coded exploits was that of Mafiaboy, a teen that launched distributed denial-of-service attacks against several high profile websites. MafiaBoys denial-of-service attacks brought down many of the Internet's largest sites. The tools used for these attacks are widely available on the Internet and require little computer knowledge to use, being simple enough for use by script kiddies. Mafiaboy simply ran a computer script that clogged networks full of garbage data. He was deemed an unskilled attacker because of a number of indicators, primarily that he failed to take basic steps to cover his tracks, such as erasing logs. A series of computer taps led to Mafiaboys arrest. Nonetheless, his skill deficit did not stop him from successfully shutting down a number of prominent websites. MafiaBoy gained illegal access to 75 computers in 52 different networks and planted a DoS tool on them which he then activated and used to attack 11 Internet sites by sending up to 10,700 phony information requests in 10 seconds. Amazon.com, Yahoo!, Buy.com, CNN.com as well as more than 1,200 other sites CNN hosts worldwide, Dell.com and eBay are among the sites Mafiaboy was able to cripple. The cost to these companies is estimated to be in the millions, perhaps even billions, of dollars. For example, for a company whose only storefront is web-based, this type of attack can be a disaster, as it is estimated that thousands of dollars of revenue is lost per hour of nonoperation. Because Amazon.coms website was inaccessible for more than a day, it is estimated they lost several million dollars. Buy.com and Yahoo! offered more concrete numbers; each company lost a million dollars every four hours that their networks were inaccessible. References: 1. DoS Attacks Cripple Yahoo, CNN, Amazon and Buy.com Irish News. February 9, 2001. http://www.iol.ie/~kooltek/dosattacks.html 2. One year after DoS attacks, vulnerabilities remain. February 8, 2001. http://www.cnn.com/2001/TECH/internet/02/08/ddos.anniversary.idg/index.html#2 3. Search the Web for The Official Phreakers Manual. What information contained in this manual can help a security administrator to protect a communications system. Phone phreaking is the act of using mischievous and mostly illegal methods in order to avoid having to pay for some sort of telecommunications invoice, order, transfer, or other service. It often involves usage of highly illegal boxes and machines in order to defeat the security that is set up to avoid this sort of tactic. This security includes blocking networks. A blocking network is a network that, under certain conditions, may be unable to form a transmission path from one end of the network to the other. In general, all networks used within the Bell Systems are of the blocking type. 4. A security administrator could benefit from studying "The Official Phreaker's Manual" as it could allow them to better protect their communications system. From the system administrator's point of view, this information would prove useful due to the fact that it provides many common ways of finding loop-holes and alternate ways around different communications system security measures. Equipped with this information, a system administrator would be aware of and could utilize different approaches in implementing a more extensive security program. The chapter discussed many threats and vulnerabilities to information security. Using the Web, find at least two other sources of information on threat and vulnerabilities. Begin with www.securityfocus.com. Using a keyword search on threats. HYPERLINK "http://csrc.ncsl.nist.gov/"http://csrc.ncsl.nist.gov/ - This site has details about new security standards that should be adopted by organizations and the reasons for the security standards ranging from cryptology to network security. HYPERLINK "http://icat.nist.gov/icat.cfm"http://icat.nist.gov/icat.cfm - This site is a searchable index of information on computer vulnerabilities. HYPERLINK "http://security1.gartner.com/section.php.id.19.s.1.jsp"http://security1.gartner .com/section.php.id.19.s.1.jsp - This site has a number of articles with information security concerns for various industry experts on a wide variety of issues especially in the corporate world. HYPERLINK "http://www.cerias.purdue.edu/"http://www.cerias.purdue.edu/ HYPERLINK "http://www.cert.org/stats"http://www.cert.org/stats HYPERLINK "http://www.fedcirc.gov/"http://www.fedcirc.gov/ - Information on reported threats. HYPERLINK "http://www.gocsi.com/"http://www.gocsi.com HYPERLINK "http://www.idc.com/"http://www.idc.com HYPERLINK "http://www.infomaticsonline.co.uk/"http://www.infomaticsonline.co.uk, HYPERLINK "http://www.iss.net/security_center/"http://www.iss.net/security_center/ HYPERLINK "http://www.microsoft.com/security/"http://www.microsoft.com/security/ Microsofts listing of important announcements for security and privacy HYPERLINK "http://www.riptech.com/"http://www.riptech.com HYPERLINK "http://www.securityfocus.com/"http://www.securityfocus.com/ Securityfocus.com lists threats, vulnerabilities, and advisories HYPERLINK "http://www.siliconvalley.com/"http://www.siliconvalley.com HYPERLINK "http://www.symantec.com/avcenter/"http://www.symantec.com/avcenter/ This site has information on the latest viruses and security advisories. HYPERLINK "http://www.theregister.co.uk/content/55/index.html"http://www.theregister.c o.uk/content/55/index.html - The Registers listing of the latest threats HYPERLINK "http://www.theregus.com/"http://www.theregus.com - This site has information on any new information about the Technology industry including breaches of security of various companies information systems. HYPERLINK "http://www.washtimes.com/"http://www.washtimes.com HYPERLINK "http://zdreviews.search.com/"http://zdreviews.search.com HYPERLINK "https://www.security-survey.gov.uk/"https://www.securitysurvey.gov.uk 5. Using the categories of threats mentioned here, as well as the various attacks described, review several newspapers and locate examples of each. Potential acts of human error or failure HYPERLINK "http://www.nwfusion.com/columnists/2001/00379820.html"http://www.nwfusion.c om/columnists/2001/00379820.html Compromises to intellectual property - HYPERLINK "http://www.wired.com/news/politics/0,1283,54681,00.html"http://www.wired.com/ news/politics/0,1283,54681,00.html Deliberate acts of espionage or trespass- HYPERLINK "http://www.washtimes.com/upi-breaking/24052002-0812097018r.htm"http://www.washtimes.com/upi-breaking/24052002-081209-7018r.htm Deliberate acts of information extortion- HYPERLINK "http://www.newsfactor.com/perl/story/17940.html"http://www.newsfactor.com/perl /story/17940.html Deliberate acts of sabotage of vandalism- HYPERLINK "http://www.computertimes.com/jun01security.htm" \l "defense"http://www.computertimes.com/jun01security.htm#defense Deliberate acts of theft- HYPERLINK "http://www.wired.com/news/mac/0,2125,50025,00.html"http://www.wired.com/ne ws/mac/0,2125,50025,00.html Deliberate software attacks- HYPERLINK "http://www.scmagazine.com/scmagazine/sconline/2002/article/33/article.html"http://www.scmagazine.com/scmagazine/sconline/2002/article/33/article.html Forces of nature- HYPERLINK "http://www.signonsandiego.com/news/computing/personaltech/200208129999_mz1b12summer.html"http://www.signonsandiego.com/news/computing/perso naltech/20020812-9999_mz1b12summer.html Potential deviations in quality of service from service provides HYPERLINK "http://zdnet.com.com/2100-1105-837412.html"http://zdnet.com.com/2100-1105837412.html HYPERLINK "http://cma.zdnet.com/texis/techinfobase/techinfobase/ +Dwq_qoKX88XK9s/zdisplay.html"http://cma.zdnet.com/texis/techinfobase/techinf obase/+Dwq_qoKX88XK9s/zdisplay.html Technical hardware failure- HYPERLINK "http://www.zdnet.com.au/newstech/enterprise/story/0,2000025001,202665721,00.htm"http://www.zdnet.com.au/newstech/enterprise/story/0,2000025001,202665 72-1,00.htm Technical software failure- HYPERLINK "http://www.wired.com/news/technology/0,1282,15459,00.html"http://www.wired.c om/news/technology/0,1282,15459,00.html Technological obsolescence- HYPERLINK "http://www.wired.com/news/topstories/0,1287,10124,00.html"http://www.wired.co m/news/topstories/0,1287,10124,00.html Virus Attack: VBS.Melhack.B is an intended mass mailing virus that is written in Visual Basic. It copies itself as OsamaLaden.vbs into two locations. (http://securityresponse.symantec.com/avcenter/venc/data/vbs.melhack.b.htm l) Worm Attack: W32.Efno.Worm is a worm that attempts to spread using the popular KaZaA file-sharing program. The worm is written in Visual Basic, and therefore it requires Visual Basic runtime libraries (Msvbvm60.dll) to run. When this worm runs, it changes several KaZaA registry keys. This causes the worm to be accessible to other users on the KaZaA network. The worm spreads using the file name "Win XP SP1 cracker.exe." However, it is possible to change the file name to other names that may appeal to people. http://securityresponse.symantec.com/avcenter/venc/data/w32.efno.worm.ht ml Trojan Horse: Trojan.IrcBounce is the detection for a collection of programs that a hacker can use to conceal intrusion and obtain administrator-level access to Microsoft Windows environments. These programs can be used to attack Windows environments that Have the default installation, in which the Administrator account has no password Use user names and passwords that are very common. After it is installed into victim's system, it gives a remote attacker unobstructed access to the compromised computer. Back Door: Backdoor.FunFactory allows unauthorized access to an infected computer. It also allows voice communication from the intruder to the user of the compromised computer. _____________________________________________________________________________________________ Page: PAGE 10

Find millions of documents on Course Hero - Study Guides, Lecture Notes, Reference Materials, Practice Exams and more. Course Hero has millions of course specific materials providing students with the best way to expand their education.

Below is a small sample set of documents:

UNSW - ACCT - 2542
118,00011Worked example with NCIOn 1 June 2011, S Ltd sold inventory to P Ltd for$100,000, at a profit before tax of $20,000. All inventory isunsold at 30 June 2011. The inventory is sold to externalparties by P Ltd on 15 July 2012S Ltd re
UDLA - PHYSICS - 1001
5 opcionesPuntuaciónComponentes200 - 800200 - 800200-800RazonamientoVerbalRazonamientoMatemáticoRedacciónIndirecta1Ø Cuando esté contestando un ejercicio debeSugerencias paracontestar losejerciciosde la PAAtachar la
University of Wollongong, Australia - ISIT - 201
No.Description(B)6.7.8.Goals, Conditions,ConstraintsCustomer makes aBOOKING for a daywhen DRIVINGINSTRUCTOR willcome and teachdriving skills.Customer comes in to booklearning day.Start a new Booking FormCustomer presentsRegistration Rece
University of Wollongong, Australia - ISIT - 201
Principles of Information Security, 4th EditionChapter 3Review Questions1.What is the difference between law and ethics?Laws are rules that mandate or prohibit certain behavior in society; they are drawn fromethics, which define socially acceptable
University of Wollongong, Australia - ISIT - 201
Process: Customer books a Mock TestNo.Description(C)Goals, Conditions &ConstraintsCustomer makes aBOOKING for a daywhen DRIVINGINSTRUCTOR willcome and test drivingskills.TransactionsTaught driving skills need to be tested byindustry professi
University of Wollongong, Australia - ISIT - 201
Principles of Information Security, 4th EditionChapter 4Review Questions1.What is risk management? Why is identification of risks, by listing assets and theirvulnerabilities, so important to the risk management process?Risk management is the process
University of Wollongong, Australia - ISIT - 201
Process: Finance Director produces finance reportNo.Description(D)Goals, Conditions& ConstraintsFinance Directorproduces financereport1.Director requests forFinance Report2.Finance Directorproduces FinanceReport.3.Finance Directorforward
University of Wollongong, Australia - ISIT - 201
1. Explain the term network management in one sentence.Answer: Network management refers to the activities, methods, procedures, and tools thatpertain to the operation, administration, maintenance, and provisioning of networked systems.2. We used a pat
University of Wollongong, Australia - ISIT - 201
Principles of Information Security, 4th EditionChapter 6Review Questions1.What is the typical relationship among the un-trusted network, the firewall, and thetrusted network?The un-trusted network is usually the Internet or another segment of public
University of Wollongong, Australia - ISIT - 201
Principles of Information Security, 4th EditionChapter 7Review Questions1.What common security system is an IDPS most like? In what ways are these systemssimilar?IDPSs are much like burglar alarms. They both will monitor an area for actions that may
University of Wollongong, Australia - ISIT - 201
Principles of Information Security, 4th EditionChapter 8Review Questions1.What are cryptography and cryptanalysis?Cryptography and cryptanalysis are the two topic areas within cryptology.2.What were some of the first uses of cryptography?Concealin
University of Wollongong, Australia - ISIT - 201
Principles of Information Security, 4th EditionChapter 9Review Questions1.What is physical security? What are the primary threats to physical security? Howare they manifested in attacks against the organization?Physical security addresses the design
University of Wollongong, Australia - ISIT - 201
Principles of Information Security, 4th EditionChapter 11Review Questions1.Who in an organization should decide where in the organizational structure theinformation security function should be located? Why?There is not a specific department or indiv
University of Wollongong, Australia - ISIT - 201
Principles of Information Security, 4th EditionChapter 12Review Questions1.List and define the factors that are likely to shift in an organizations informationsecurity environment.Factors that are likely to shift the information security environment
University of Wollongong, Australia - ISIT - 201
1. An information system is a collection of interrelated components that collect,process, store, and provide as output the information needed to complete businesstasks. True2. Systems analysis is a process of understanding in detail what a system shoul
University of Wollongong, Australia - ISIT - 201
Chapter 11. Explain the key role of a systems analyst in business.2. List the six fundamental technologies an analyst needs to understand. Computer and how they work File, database and storage hardware and software Input and output hardware and softw
University of Wollongong, Australia - ISIT - 201
List the main stages in the systems development lifecycle in order.1. Feasibility study2. Analysis3. Design4. Development5. Testing6. Implementation7. Maintenance8. DecommissionIn project management, explain what is meant by the critical path and
University of Wollongong, Australia - ISIT - 201
SISATFamily Name.SchoolofInformationSystemsandTechnologyFirst Name.Student Number.Table Number.ISIT105CommunicationsandNetworksThispaperisforstudentsstudyingat:x WollongongMossValeBatemansBayShoalhavenBegaLoftusSydneyDistanceSPRINGS
University of Wollongong, Australia - ISIT - 201
105-QUIZ (1)1, Bandwidth is the range of frequencies that makes up a signal2, Circuit switching benefits include: Minimized latencies3, bands of the electromagnetic spectrum are: VHF,UHFandvisiblelight4, pocket switched networks are always connectionl
University of Wollongong, Australia - ISIT - 201
105-QUIZ (3)1. W12802.15.1:Bluetooth2. W12ADSL1 ADSL uses what type of medium? Twisted3. W12- AuthenticationWhichtechnologyemploysstrongauthenticationandencryptiontechniques? VPNs4. W12- broadbandnetworksWhatisnotoneofthemainadvantagesofbroadbandnet
University of Wollongong, Australia - ISIT - 201
The _ contains the description of the entire database asseen by the database.distributed data dictionary_ transparency exists when the end user or programmer mustspecify the database fragment names but does not need to specifywhere these fragments ar
University of Wollongong, Australia - ISIT - 201
There are 4 dimensions that can be used to analyse information andsecurity issues, what are these?Security issues, legal repercussions, social implications, technology responseWhy are human issues important in security?-Human Issues:-Organisational P
University of Wollongong, Australia - ISIT - 201
Chapter 212. What is the most common form of violation of intellectual property? Howdoes an organization protect against it? What agencies fight it?The most common form of violation of intellectual property is software piracyThe organizations use seve
University of Wollongong, Australia - ISIT - 201
Chapter 11. What is the different between a threat agent and a threat?The main difference between threat and threat agent are: Threat is a categoryof object, person, or other entity that represents a constant danger to anasset. However a threat agent
University of Wollongong, Australia - ISIT - 201
Chapter 11. What is the different between a threat agent and a threat?The main difference between threat and threat agent are: Threat is a categoryof object, person, or other entity that represents a constant danger to anasset. However a threat agent
University of Wollongong, Australia - ISIT - 201
As Whitman and Mattord (2009, p16) mentioned that people could be the weakestlink in the information security program, the organizations own employees, therefore,are one of the greatest threats to the organizations information security. CCTVs havebeen
University of Wollongong, Australia - ISIT - 201
40 mc5 out of 6 short answers20 multiple choice from chapter 1-6Short questions.Chapter 2 312-20Chapter 6 firewall access control. short questions.4 12Chapter 2 3 6Chapter 7 IDPS solution control strategy multiple chose (short answer) not the sam
University of Wollongong, Australia - ISIT - 201
20091. Explain the following threats to an organization. For each one, specify whichelements in the CIA framework are affected by the type of attack.-chapter 2A. VirusB. Trojan horseC. WormD. Distributed denial-of-serviceE. Fire2. What is the dif
University of Wollongong, Australia - ISIT - 201
40 mc5 out of 6 short answers ? 2 3 6 7 10 1220 multiple choice from chapter 1-6Short questions.Chapter 2 312-20Chapter 6 firewall access control. short questions.4 12Chapter 2 3 6Chapter 7 IDPS solution control strategy multiple chose (short ans
University of Wollongong, Australia - ISIT - 201
Chapter 212.What is the most common form of violation of intellectual property? Howdoes an organization protect against it? What agencies fight it?The most common violations involve the unlawful use or duplication ofsoftware-based intellectual proper
University of Wollongong, Australia - ISIT - 201
Chapter 11.Dells cornerstone business model is based on the concept of:.c. build-to-order which allows customers to configure their own customized systems.Answer: CDifficulty: MediumPage Reference: 2AACSB: Reflective thinking2._ refers to the bu
University of Wollongong, Australia - ISIT - 201
Chapter 11.Dells cornerstone business model is based on the concept of:a.b.c.d.rapid business growth and threatening competitors.selling directly to small and medium sized businesses.build-to-order which allows customers to configure their own cu
University of Wollongong, Australia - ISIT - 201
Chapter 11.Dells cornerstone business model is based on the concept of:a.b.c.d.rapid business growth and threatening competitors.selling directly to small and medium sized businesses.build-to-order which allows customers to configure their own cu
University of Wollongong, Australia - ISIT - 201
OverviewAccording to our research and information provided by TFA throughout Australia thatis one of the fastest growing advertising companies. On current business processesand functions, our SwiftSolution Professionals found a series of business issue
University of Wollongong, Australia - ISIT - 201
Executive SummaryIn this report, our team gives a brief analysis on the RFP and what problems currentlyexist in the company TFA. Then, based on the current situation and problems of TFA,also taking the current market environment into consideration, a g
University of Wollongong, Australia - ISIT - 201
212 group work divisionMember 1:Online Booking System (check Table 8.1 in TFA)Regular Backup: Sydney head office and 4 branches, maybe on a daily basisIntrusion Detection: firewall (certain category, check isit201)Member 2:Data sharing structure: Ce
University of Wollongong, Australia - ISIT - 201
1.ThetechnicalstandardsthatdescribetheInternetarecalledRFCs.WhresponsibleforgeneratingandauthorisingRFCs?StudentResponse1. CiscoPress2. InternetEngineeringTaskForce(IETF)3. InternationalTelecommunicationsUnion(ITU)4. InternationalStandardsOrganisat
University of Wollongong, Australia - ISIT - 201
1. What is system analysis?The process of understanding and specifying in detail what the information system should accomplish.2. What is design?Its a series of TRADE-OFFs to satisfy all of a projects needs (requirement) and a maximal subset of wants (
University of Wollongong, Australia - ISIT - 201
5 x MCQ (1% each) Simple recognition Asks you to chooseThe correct meaning ofsome basic acronyms3 x Long (5% each)Write one or more paragraphs Tests some broaderconceptsWhats the difference between Who is, What is Not about tiny details, but ab
University of Wollongong, Australia - ISIT - 201
Measure PhaseIn the measure phase, our group measured how the Asian Takeaway satisfied eachrequirement and identified the problems in the process. For the order process by AsianTakeaway has two part that can be measured, one is the process, another one
University of Wollongong, Australia - ISIT - 201
Tut 11.1 What is a business process?a business process consists of a set of activities that are performed incoordination in an organizational and technical environment. These activitiesjointly realize a business goal. (Weske2007)1.2 Describe a busine
University of Wollongong, Australia - ISIT - 201
Lecture 11. The Four Waves of BPM Continuous process improvement ? ? ? ? ? ? Business process reengineering ? ? ? ? ? ? Process-oriented organization ? ? ? ? ? ? ? Process-based competition ? ? ? ? ? ? ?2. What is a business? An organizational enti
University of Wollongong, Australia - ISIT - 201
Wollongong UniversityFaculty of InformaticsSchool of Information Systems &TechnologyISIT 918GROUP PROJECTSubmitted By:Introduction:The International Organization for Standardization (ISO) defines networkmanagement model in five functional areas o
University of Wollongong, Australia - ISIT - 201
Wollongong UniversityFaculty of InformaticsSchool of Information Systems &TechnologyISIT 918GROUP PROJECTSubmitted By:Introduction:The International Organization for Standardization (ISO) defines networkmanagement model in five functional areas o
University of Wollongong, Australia - ISIT - 201
1. c2. bD B has calls in, D I am not sure about the last sentence.3. b4. a5. cD6. cA I found maybe I had read it before, but I am not sure.7. b8. b9. b10. D Dell sells the computer through its website. I am not sure11. c12. b13. a14. a15. B
University of Wollongong, Australia - ISIT - 201
2009 final1-5 BBABB 6-10 AAA aa 11-15 DBBBB 16-20 DCDCB 21-25 BCDAC26-30 DADAA 31-35BABaA 36-40 DABBB 41-45CCACB 46-50 CDADB2009 SUPLYMENT1-5 DACAA 6-10 BABAA 11-15 DABBB 16-20 CCACB 21-25 CDABc 26-30BBABB31-35 ABAAA 36-40 DBBBC 41-45 DCDAB 46-50 BC
University of Wollongong, Australia - ISIT - 201
2009 final1-5 BBABB 6-10 AAA aa 11-15 DBBBB 16-20 DCDCB 21-25 BCDAC26-30 DADAA 31-35BABaA 36-40 DABBB 41-45CCACB 46-50 CDADB2009 SUPLYMENTDADAABABAADABBBCCACBCDADCBBABBABAAADBBBDDCDCBBCDAC2010 final1-10 BADBA, DAABB11-20 BADBABAAAD21-30 B
University of Wollongong, Australia - ISIT - 201
Chapter1:1. Whatisthedifferencebetween,twowirecircuitsandfourwirecircuits?2. Whatisachannel?3. Whatisthedifferencebetween,afixedcircuitandavirtualcircuit?4. Explaintheelectromagneticspectrum.5. Whatarethesixdifferentwaysthatanelectromagneticwavecanbe
University of Wollongong, Australia - ISIT - 201
Honest Tonys Rodeside AssistanceAnalysis ReportAutumn 2011HJJS Consultants1Division of Tasks for Analysis PhaseIntroduction . JuiDiscussion . All MembersPositions, Roles and Descriptions . All MembersCandidate Instruments . All MembersGDAs . All
University of Wollongong, Australia - ISIT - 201
Unlike TAFE, at University we learn to be able to adapt to many methods.COST is commercial of the shelf.Design can be considered to be a social process or an evolutionaryprocess or problem solving.wants are the things which a designer tries to deliver
University of Wollongong, Australia - ISIT - 201
1A report on sustainable practicesI) IntroductionThe key aim of this report is to provide recommendations to Mr Hugo Tifador, the owner ofCharlie Jo, on how to become more sustainable and profitable by implementing principles ofenvironmental manageme
University of Wollongong, Australia - ISIT - 201
Xiaodong huang 3524310DateTimeToolAug.1013:30-14:30 GroupmeetingWe meeting at library to discus each memberneed to do and share the jobs.Aug.1116:00send a message to Nik to discuss therequirementAug.1213:30-14:30 GroupmeetingAgain to make
University of Wollongong, Australia - ISIT - 201
The computer network management technologyAlong with the development of the enterprise information, business andapplication entirely depends on the computer network and computerterminals. These days the requirement of reliability and performance of the
University of Wollongong, Australia - ISIT - 201
Critical Summary and critical comparison worksheetCRITICAL SUMMARY WORKSHEETArticle Title: Adobe Creative Suite 4 Master CollectionAuthor(s): Tim SiglinType of Publication: JournalYear of Publication: 20009Contextual Information:What is the purpos
University of Wollongong, Australia - ISIT - 201
ASSESSMENT 2 - CRITICAL COMPARISONStudent Number: 3854644Family Name: ZhaoFirst/Given Name(s): YiUoW/SOLS email:yz369@uowmail.edu.auTutor:Tutorial Day & Time: 10.30-11.30To understand the component of content management system is the topic for both
University of Wollongong, Australia - ISIT - 201
ASSESSMENT 1 - CRITICAL SUMMARYFirst/Given Name(s): YiFamily Name: ZhaoStudent Number: 3854644UoW/SOLS email: yz369@uowmail.edu.auThis article called Adobe Creative Suite 4 Master Collection has written by Siglin T in2009. Its purposed to introduce
University of Wollongong, Australia - ISIT - 201
ASSESSMENT 1 - essayFirst/Given Name(s): ZihangFamily Name: CHENStudent Number: 4038575UOW/SOLS email: zc822@uowmail.edu.auAs the world moves towards the Information Age, information technology isdeveloping dramatically and becoming incredibly impor
University of Wollongong, Australia - ISIT - 201
Question:According to Cignex, Open Source CMSdeliver a low Total Cost of Ownership butopponents of open source products argue thatthey are poorly supported and development ofthe product may cease at any time the opensource community loses interest i
University of Wollongong, Australia - ISIT - 201
Student Name: Wenhan MaStudent Number:3587435Security Policy Acceptable Use PolicyAuthor Name: Wenhan MaStudent Number: 3587435e-mail address : wm692@uow.edu.auABSTRACTincluding programs and access to data by people. Thisarticle will talk about an
University of Wollongong, Australia - ISIT - 201
ACN#DescriptionROLEInst.IN (form)Inst.OUT (to)TransformationGoalConstraintsConditions Getting the skills Not disabled Over 17 years1Applying forDriving LicenceEnquirerQuestionsInformationbased on thecompany policiesApplying fortrainin
University of Wollongong, Australia - ISIT - 201
Activity 1SubjectObjectiveCommunityDiv. LabourRulesOutcomeToolActivity 2SubjectObjectiveCommunityDiv. LabourRulesOutcomeToolActivity 3SubjectObjectiveCommunityDiv. LabourRulesOutcomeToolActivity 4SubjectObjectiveCommunityDiv. L