Information Systems homework help.
Foundations of Information Security and Assurance (INFA610)
(100 Points) Name: __________________________ Due: March 13, 2020
Midterm Exam (6 essay questions with point values assigned)
- (20 pts) Breach Assume
It has been said that we live in a highly volatile, “breach assume” environment. What does “breach assume” mean to a business? Assuming the role of Chief Information Security Officer (CISO), what measures would you lead, including technology and policies, to ensure that your company was in a stable breach assume posture?
Be sure to discuss specific tools and technologies, including how they would create a Defense-in-Depth approach.
- (15 pts) Common Criteria
As applied to Information Assurance, what is the Common Criteria, and how does each criteria play a role in building a trusted system? Be specific.
- (20 pts) Authentication
Differentiate between Authentication and Access Control. Provide and describe 3 types of each, (not including passwords), commonly used by organizations.
Explain why NIST has changed it’s stance on strong passwords~what is the current NIST guideline on strong passwords?
- (20 pts) Cryptography
Describe and differentiate between the SHA, RSA, and AES algorithms. What role does hashing play, and why is it important to Information Assurance?
Of the three algorithms, SHA / RSA / AES, which provides the most value in terms of the CIA Triad and why?
- (15 pts) Encryption
What is encryption, and how is used? Define and differentiate between private- and public-key encryption. How does public-key cryptography provide both sender authentication and confidentiality?
- (10 pts) Cybersecurity Models
Define the Bell-Lapadula and Biba models. How are these models used to ensure any tenet of the CIA Triad?