WEEK 2 ESSAY QUESTIONS Instructions: Answer all questions in a single document. Then submit to the appropriate assignment folder. Each response to a single essay question should be about a half-page in length (about 150 words). 1. Not all information has the same importance and value to a company. How data is classified is an important factor used in determining the amounts of funding and resources that should be applied to protecting each type of data. Describe the data classification levels within commercial and military organizations and provide examples of the types of information that would be classified at each classification level. 2. It takes a team of individuals throughout the organization working together to safeguard the integrity and confidentiality of data resources. Describe the layers of responsibility within an organization when it comes to asset security and data protection. For each role, discuss their responsibility within the organization for asset security. 3. The architecture of a computer system is very important and comprises many topics. The system must ensure that memory is properly segregated and protected, ensure that only authorized subjects access objects, ensure that untrusted processes cannot perform activities that would put other processes at risk, control the flow of information, and define a domain of resources for each subject. It also must ensure that if the computer experiences any type of disruption, it will not result in an insecure state. Many of these issues are dealt with in the system’s security policy, and the security mode is built to support the requirements of this policy. Explain the concept of a trusted computing base and describe how it is used to enforce the system’s security policy. Provide examples of specific elements (hardware, software or firmware) in the architecture of the computer system could be used that provide security within the TCB. Week 2 Reading List NIST SP 800-100: Information Security Handbook – A Guide for Managers http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-100.pdf NIST SP 800-88, : Guidelines for Media Sanitization http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-88r1.pdf NIST SP 800-14: Principles and Practices for Securing IT Systems http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-14.pdf DLP https://en.wikibooks.org/wiki/Intellectual_Property_and_the_Internet/Deep_packet_inspection Security Architecture and Design: Computer Systems Architecture https://en.wikibooks.org/wiki/Security_Architecture_and_Design/Security_Models Security Architecture and Design: Systems Security Architecture https://en.wikibooks.org/wiki/Security_Architecture_and_Design/Computer_Systems_Architecture Security Architecture and Design: Security Models https://en.wikibooks.org/wiki/Security_Architecture_and_Design/Systems_Security_Architecture Security Architecture and Design: Security Product Evaluation Methods and Criteria https://en.wikibooks.org/wiki/Security_Architecture_and_Design/Security_Product_Evaluation_Methods_and_Criteria Cryptography / DRM https://en.wikibooks.org/wiki/Cryptography/DRM Deeper Dive: NIST SP 800-33: Underlying Technical Models for Information Technology Security csrc.nist.gov/publications/nistpubs/800-33/sp800-33.pdf

    Essay Questions

    Question 1: Postulates Kind

    Postulates kind entails the grouping of counsel into opposed categories to designate the shelter to be tendered. In interchangeable coercionms, postulates is kind has no favoring standards excepting depends on the sensitivity and confidentiality planes of the counsel. Planes in businesses ramble from the first plane which is sentient counsel that requires violent entireness, and its way is poor such as traffic secludeds. Confidential plane holds less stringent postulates whose expounmistakable causes injury to the sodality coercion issue customer details. Private postulates entails inner agencys of a sodality issue civilized instrument counsel. Proprietary postulates plane rests of counsel that is unconcealed outside with poor measures issue technical consequence favoringations. Exoteric postulates is info revealed to the exoteric enjoy marketing counsel.

    Soldierly coercionms dismystify postulates depending on its sensitivity. Top secluded postulates rest of soldierly nuclear weapons whose expounmistakable may keep weighty inoperative impacts. Secluded postulates is counsel correctiond to improve bond issue soldierly strategies. Confidential counsel is exempted from entity unconcealed by the statute such as soldierly engagements. Sentient excepting confused postulates is counsel decided from the citizens’ issue citizen’s identifications. Confused postulates is usually referable grouped into any nature and is referable impressible issue soldierly rate records.

    Question 2: Layers of Responsibilities

    Individuals in an coercionm catch up opposed responsibilities in enhancing postulates shelter. A postulates proprietor in a decided has the authoritative administers and is held chargeable on coercion favoring postulates. The proprietor makes decisions on postulates kind, reviews it and assigns duties to pertinent personnel. A postulates keeper has technical administer aggravate counsel mentoring the way to counsel. The keeper follows the postulates proprietor’s counsel on assigning and limiting postulates way. He produces reverberations from the counsel concertedly with filing counsel on those granted way. The keeper fixs that whole postulates bond measures are implemented coercion prophylactic purposes. A postulates correctionr is someone who has been dedicated the instance to way and correction postulates by the postulates proprietor. The correctionr is chargeable on coercion indemnifying postulates by forthcoming the be policies and standards. The correctionr is expected to reverberation any mitigated life connected to the counsel to fix that prophylactic measures are implemented to bar postulates satisfaction.

    Question 3: Trusted Computing Sordid

    The trusted computing sordid illustrates the completely components of the computing regularity such as software, hardware, and administers that tender the regularity bond. The components administer the way of the regularity concertedly with providing authorization to correctionrs. The TCB supports the notoriety of correctionrs making unmistakable that solely signed personnel way the regularity. Elements in the TCB preserve counsel from bane attacks through filtering whole the agency in the computer regularity. The TCB mentor agencys in the regularity and helps in identifying mitigated activities which mystify a jeopardy to the computer. TCB too acts a coercionm of backup in plight postulates is lost. TCB enforces counsel bond policies by defining the procedures and processes to be followed to finish regularity bond. Issue the bond pulp mediates whole wayes to the regularity to cast-out qualification and establish any way to improve prophylactic. The bond pulp mentors whole activities in the computer regularity to further the regularity bond.

    References

    NIST SP 800-100: Counsel Bond Handbook – A Guide coercion Managers retrieved from http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-100.pdf on 31st October 2017

    Bond Architecture and Design: Computer Regularitys Architecture retrieved from https://en.wikibooks.org/wiki/Security_Architecture_and_Design/Security_Models on 31st October 2017

    Bond Architecture and Design: Bond Consequence Evaluation Methods and Criteria retrieved from https://en.wikibooks.org/wiki/Security_Architecture_and_Design/Security_Product_Evaluation_Methods_and_Criteria on 31st October 2017