1. What is the meaning of the CIA triad in Information Security?
2. What is the difference between Symmetric and Asymmetric Key Cryptography
3. What is SSL? What is SET? Which one is technically superior? Which one is the de-facto standard on commercial selling on the Internet?
4. Mention four advantages of Qualitative risk analysis
5. Mention four disadvantages of quantitative risk analysis
6. Define a safeguard....also known as ...................... or .........................
Define a threat
7. How do you calculate the total threat impact?
8. Give two examples of each of the following
9. What should be included in a risk analysis report? Be brief
10. Sketch the different tables for the following with one example row in each
Financial Loss table
Extent of legal implications table
Enterprise Embarrassment table
11. Sketch a Risk Analysis Matrix filled with a few suggested solutions
12. Which method(s) would you use for risk Analysis in the Military Base Network?
Select your top two favorites. Explain why?
1- Vulnerability Analysis
2- Hazard Impact Analysis
3- Threat Analysis
5- Single-time loss algorithm
13. What is the formula used for ALE? (Annualized loss expectancy or Exposure)
14. A company's premises have one chance in a million of being affected by flooding. A flood would cost the company $10 million.
What would be your budget for mitigating the effects of the flood?
Would you start stocking up sand bags in preparation of the flood?
15. A company has a chance 1 in 3,000 of being within ten miles of an earthquake epicenter measuring 5.0 on the Richter scale. The Earthquake will cause $60 million of loss.
What would be the budget for reducing or preventing that damage?
16. A company has one large router that ties all their network segments. If the router dies it will take one day to repair. There is 70% chance that failure will occur once every 24 months. The outage will cause 1000 people to be out of work for a day. The company estimates the loss of productivity to be $68,000
How much should you spend for router redundancy?
17. What is BS7799? What is ISO 17799?
18. What is the difference between the Red Book and the Orange book in US government and defense security
19. What is ITSEC?
20. What is The Common Criteria?
21. T or F In risk analysis, the value of an asset can be estimated by asking for the book value from the accountant
22. T or F Security policies usually have to be written in a policy document
23. T or F Cost Benefit analysis is probably the most important step in any risk analysis process
24. Give an example of risk avoidance
25. Give an example of risk acceptance
Information Security Risk Analysis is considered.