1. Recommend and expound upon a course of action in support of Information Security & Risk Management. (250 words)
2. Define the purpose of a Risk Analysis and describe how you would determine the type(s) of Security Risk Assessment(s) an organization would require and why (e.g. Gap Assessment, Compliance Audit, Security Audit, Vulnerability Scanning, Penetration Testing, Ad Hoc Testing, Social Engineering, Wardialing, etc.).
(250 Words)
3. Research the following questions using web resources, be sure to provide the reference to the resource as well as cite in your answers with (author, year, and page or paragraph number(s).
1. What is the difference between active and passive security threats?
2. List and briefly define 3 categories of passive and active security attacks.
3. List and briefly define at least 3 categories of security services.
4. List and briefly define at least 3 categories of security mechanisms.
5. Create a matrix highlighting the relationship between the security services and the mechanisms listed in questions 3 and 4. Place services to the left (vertically), the mechanism to the right (horizontally), then place an X for the applicable mechanisms to the services.
6. What are the essential differences of a symmetric cipher?
7. How many keys are required for two people to communicate via a symmetric cipher?
8. What is triple encryption?
9. List ways in which secret keys can be distributed to two communicating parties.
10. What are the fundamental differences between AES, DES, and 3DES?
