1. What is the difference between a threat agent and a threat?

A threat is a general risk to that can be objects, people or other entities and a threat agent
is a more specific instance like a hacker itself. A threat is a danger to an asset and a threat
agent is someone doing the attack,
2. What is the difference between a vulnerability and a exposure?
While vulnerability is a flaw or weakness in a system, sometimes an unlocked door or
just a fault in the system, an exposure is when these vulnerabilities are known to a hacker.
3. What type of security was dominant in the early years of computing?
Physical security was the biggest form of security in the early days of computing. There
was no need for internet security at the time and everything was transported by hand from
computer to computer.
4. What are the three components of the C.I.A Triangle? What are they used for?
Confidentiality, Integrity, and Availability. Even though security has evolved a lot since
this began it is a basis for how we address security issues today.
5. If the CIA triangle is incomplete, why is it so commonly used in security?
It addresses major problems with the vulnerability of information systems.
6. What system is the predecessor of almost all modern multiuser systems?
Mainframe computer systems
7. What paper is the foundation of all subsequent studies of a computer system?
Rand Report R-609
8. Who is ultimately responsible for the security of information in the organization?
The Chief Information Security Officer or CISO
9. What was important about Rand Report R-609?
The Rand Report R-609 was the first widely recognized published document to identify
the role of management and policy issues in computer security.
10. Who should lead a security team? Should the approach to security be more managerial or
technical?
A project manager with information security technical skills should lead the security
team. The approach should be top down which mean managerial.