Security Fundamentals

Exercises

CIS341 – Spring 2004

 

Exercise Set One:

1. What purpose is served by the Policy Simplicity Principle?

2. What purpose is served by the System Functionality Principle?

3. Give an example of a violation of the Policy Simplicity Principle?

4. Give an example of a violation of the System Functionality Principle?

5. A user must take great precautions when opening email attachments.  Which principle is being violated?  How?  How would you redesign the software product(s) involved to more closely adhere to this principle?

 

Exercise Set Two:

1. What are the advantages of the cost/benefit approach to security design?

2. What are the disadvantages?  Give specific examples.

3. What is your overall assessment of C/B?

 

Exercise Set Three:

1. What personnel are involved in information systems (who must be taken into account when designing a secure system)?

2. What problems are associated with each of the groups named above?