Name:
Assignment 3
1. (20 points) Provide examples in your home or work computing environment that support or demonstrate the following principles. Relate it to your computing environment , be specific.
Hint : The examples could range from internal workings of various mechanisms; to policies; to processes you have used in implementation; to functionality provided by an application visible to the user. To show your understanding of the concept I suggest you define each concept and then provide your example. Provide examples and discuss to show your understanding of each concept.
a. Least Privilege:
Answer:
b. Process Isolation:
Answer:
c. Granularity of Access:
Answer:
d. Abstraction:
Answer:
2. (24 points)
a. (8 points) A security expert has said that without integrity, no system can provide confidentiality. Do you agree? Justify your answer.
Answer:
b. (8 points) Can a system provide integrity without confidentiality? Justify your answer.
Answer:
c. (8 points) Give an example of a situation in which a compromise of confidentiality leads to a compromise integrity.
Answer:
3. (16 points) For this question you need to consider some of the sub-tasks that comprise the backup process, you can find several of the backup tasks in the lecture notes. Backups include the process and procedures involved in making copies of data that can be safely stored so that the data can be restored in the case of a data loss event. A comprehensive backup strategy ensures that files, databases and other information can be restored maintaining full data integrity in the case of data loss.
What are 3 benefits of following the principle of “Separation of duties” for performing backups? This answer must clearly make the connection between SoD and the particular sub-tasks for the backup process you have selected.
Answer:
4. (40 points)
a. (34 points)
A new version of the operating system is being planned for installation into your department’s production environment. What sort of testing would you recommend is done before your department goes live with the new version? Identify each level or type of testing and describe what is tested. Explain the rationale for selecting and performing each level (type) of testing. Do not confuse testing methodology with testing levels or type. You may mention testing methods as part of your answer if you feel this is important, however the focus of the question is on testing levels.
Each testing level (type) you list should include a description of why this is important when installing a new operating system.
Answer:
a. (6 points)
Would the amount of testing and levels of testing to be done be different if you were installing a security patch instead of a new operating system version? Explain in detail your reasons. A simple yes or no is not a good answer.
Answer: