is2150_hw1_stm57 - Steven Madara IS 2150 Fall 2009 Dr Joshi...

Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
Steven Madara IS 2150 / Fall 2009 Dr. Joshi HW#1 – Section 1.11 - #1, 4, 9, 15 1. a) Confidentiality (if not allowed to work together) b) Integrity, Availability c) Integrity d) Integrity e) Availability f) Confidentiality, Integrity, Availability g) Integrity 4. If an individual is able to steal/gain access to another person’s account login/password (confidentiality), then they can make changes/modifications to that user’s account (integrity). 9. a) Secure b) Precise c) Broad 15. a) The power to implement the appropriate security controls should rest with those that are responsible for them. If management is given the power to determine what programs are to be on the system – the system administrators (who are responsible and aware of the needs of the system) are unable to implement what they feel is appropriate. Management is not typically aware of the fine details (technically) of a security system, so they most likely will not make the correct choices. If management is making these decisions it also makes it more difficult for the system administrators to coordinate their security efforts. b) I would fix this by giving the system administrators more control/resources for configuring and administering the computer systems. The management should, in the very least, consult with the system administrators. Since there are several administrators, a position should be created to lead the overall security of the organization. This lead admin can also serve as a liaison between management and the more technically inclined system administrators. This way the lead administrator can receive information from management and pass it down appropriately through the ranks.
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Steven Madara IS 2150 / Fall 2009 Dr. Joshi HW #1 - Annex Summary The Annex written in the NSTISSI 4011 document serves to present a model for security of information systems, and also functions as an assessment and evaluation tool. It was written with the understanding that its premise will hold in the event of technology and human evolvement. There are theoretical and organizational impacts when talking about how computers communicate, and how communications systems compute. Information remains the key to information systems security, and the Annex stresses that to put too much emphasis on technology is a mistake. It is not enough to combine communications and computer security under a common management. A main goal is to first establish a workable definition of the nature of information – with
Background image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 02/07/2012 for the course SIS 2150 taught by Professor Joshi during the Fall '11 term at Pittsburgh.

Page1 / 4

is2150_hw1_stm57 - Steven Madara IS 2150 Fall 2009 Dr Joshi...

This preview shows document pages 1 - 3. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online