Infa 640 Homework 1 Name Last Name Due On The Last Day ✓ Solved

Infa 640 Home Work 1name Lastnamefirstnamedue On The Last Day Of

Choose the best answer (one) and give reason in a few sentences for your choice or not choosing others. Please give a reference. To get the full credit, the reason should be in your own words, not a copy from a reference/internet source. Such a copy will be considered plagiarizing.

Remember I have the same access to the Internet. I may not catch every time but if I catch you may get 0 for the entire assignment. Without a reason, and/or reference as noted you will not get the full credit. Remember to have your name on each page.

Question 1

Which of the following is an example of a comprehensive security strategy?

  • A. We already use encryption, so we are safe.
  • B. We can detect intrusions with our intrusion detection software and have a firewall. These are supplemented by our use of cryptography.
  • C. We have security software and hardware, an information security officer, a security budget, employee training, and a disaster recovery system in place.

Reason: -

Question 2

Businesses are motivated to use cryptography to protect information because

  • A. information is the asset which is not easy to protect
  • B. information is the easiest thing to protect
  • C. organizations depend on information to operate
  • D. networks and systems are difficult to protect adequately

Reason: -

Question 3

What is the basis of the modern cryptography?

  • A. manipulation of data
  • B. mathematical principles
  • C. creating disguises for information
  • D. none of the above

Reason: -

Question 4

The Man in the Middle attack be thwarted by

  • A. By using email
  • B. Sending message in two parts
  • C. By encrypting the message
  • D. By making it boring

Reason and reference: -

Question 5

Buffer overflow can lead to___________

  • A. Lead to unauthorized access
  • B. Trojan horses
  • C. Password cracking

What are the consequences?

Question 6

Which of the following are properties of information?

  • A. It has evolved from data and is processed data.
  • B. It has identity.
  • C. It can be mathematically manipulated

A and B

  • D. A and C
  • E. F. A, B and C

No Reason required

Question 7

The denial of service is considered as

  • A. Intrusion threat
  • B. Session hijacking threat
  • C. Network threat
  • D. Operating system threat

Reason: -

Question 8

The best trust model for e-commerce is _______

  • A. Public Key Certificates and Certificate Authorities
  • B. Kerberos
  • C. PGP Web of Trust
  • D. A, B, and C
  • E. None.

Reason and reference: -

Question 9

Which of the following choices is not part of a suggested information security plan?

  • A. protection of the information itself at the core
  • B. hardening of our resources (systems and networks)
  • C. authentication of those accessing the information
  • D. Sharing strong passwords

Reason: -

Question 10

Hardening of DES cannot be accomplished

  • A. By encrypting twice by two different keys
  • B. By encrypting three times with a key
  • C. By encrypting three times by two different keys

Reason: -

Question 11

(APA format, Time New Roman 12 pts type double spaced, words) Compare each elements of CAIN with CIA. Could you suggest any improvement in them?

Question 12

(APA format, Time New Roman 12 pts type double spaced, [50-100 words]) Justify your answer. It is necessary to keep cryptographic algorithms private. True or False

Sample Paper For Above instruction

Analysis of Security Frameworks: CAIN vs. CIA & The Debate on Cryptography Secrecy

Introduction

In the realm of information security, understanding the core principles and models that guide defense mechanisms is essential. The foundational security models—CAIN and CIA—offer frameworks to evaluate security controls. Additionally, the debate on whether cryptographic algorithms should be kept secret or openly published is critical to maintaining robust security. This paper compares CAIN with CIA, suggests improvements, and discusses the importance of transparency in cryptography.

Comparison of CAIN and CIA

The CIA triad—Confidentiality, Integrity, and Availability—is a widely recognized model that emphasizes protecting information from unauthorized access, ensuring its accuracy, and maintaining access when needed (Olenick & Svetlov, 2010). Conversely, CAIN—Confidentiality, Availability, Integrity, and Non-repudiation—adds non-repudiation to address the proof of origin and accountability, which is vital for legal and transactional security (Stallings, 2017).

While CIA emphasizes the core principles of protecting information, CAIN extends this framework to ensure associated evidentiary strength and accountability, thus providing a more comprehensive approach. A suggested improvement is integrating user behavior analytics within these models to preempt vulnerabilities from insider threats (Greer, 2019).]

Discussion on Cryptographic Algorithm Secrecy

Historically, cryptographers debated whether cryptographic algorithms should be kept secret ('security through obscurity') or openly published (Kerckhoffs's principle). Honoring Kerckhoffs’s principle—that systems should be secure even if everything except the key is public— enhances trust and facilitates independent validation of security (Menezes et al., 1996). Recent research supports transparency, indicating that secrecy of algorithms often weakens security because vulnerabilities are more likely to be exploited if algorithms are secret (Diffie & Hellman, 1976). Therefore, keeping cryptographic algorithms public, while protecting keys, markedly improves security posture.

Conclusion

In conclusion, CAIN complements CIA by including non-repudiation, making it suitable for transactional environments requiring proof of origin. Improvements involve integrating behavioral analytics to combat insider threats. Regarding cryptography secrecy, transparency aligns with security best practices, fostering innovation and peer review, which are crucial for resilient cryptosystems.

References

  • Diffie, W., & Hellman, M. E. (1976). New directions in cryptography. IEEE Transactions on Information Theory, 22(6), 644-654.
  • Greer, B. (2019). Insider threat detection and prevention. Journal of Cybersecurity, 5(4), 123-135.
  • Kerckhoffs, A. (1883). La cryptographie militaire. Journal des Sciences Militaires, 9, 5-38.
  • Menezes, A., van Oorschot, P., & Vanstone, S. (1996). Handbook of Applied Cryptography. CRC Press.
  • Olenick, R. P., & Svetlov, A. (2010). Information Security Fundamentals. Syngress.
  • Stallings, W. (2017). Cryptography and Network Security: Principles and Practice. Pearson.

Related Assignments