2

Module 1

Chapter 1 Exercises

1. Look up the paper that started the study of computer security. Prepare a summary of
the key points. What in this paper specifically addresses security in areas previously
unexamined?

Summary of key points:

The Rand Report R-609 was the document that started computer security.
The Rand Report first appeared to be of an official nature due to the use by
representatives from government agencies of the Task force with policies and guidelines,
so it was classified as Confidential
The Rand Report contains valuable material on security controls for resource-sharing
computer systems, discusses intrusions, physical security threats, policy considerations,
and now even used in technical literature.
Some of the Rand Report material that has not been published is an appendix that
outlines and specifies a set of access controls that can provide the complex structure of
the classification system used by the defense establishment.
A Task Force was organized by the Advanced Research Projects Agency to study and
recommend appropriate computer security safeguards that would protect classified
information in multi-access, resource-sharing computer systems in October 1967,.
The Rand Corporation published the Task Force in February 1970 for the Office of the
Director of Defense Research and Engineering, Department of Defense.
In February 1970, a modified version of the report, with two memoranda omissions of
transmittal from the Task Force to the Chairman of the Defense Science Board and the
Secretary of Defense, was published as Rand Report R-609, Security Controls for
Computer Systems.
By October 10, 1975, the Defense Advanced Research Projects Agency declassified the
report
 3
Module 1

3. Consider the information stored on your personal computer. For each of the terms listed,
find an example and document it:

Threat: My wife was a victim of identity theft and it was reported that her former employer was
the culprit behind tax frauds and money laundering.

Threat agent: The threat agent is my former employer who stole my identity and is yet to be
found and charged

Vulnerability: We have a family computer at home, this computer is free of password and the
system is open for anyone to have access to it. Recently a computer tech came to look at the
computer and told us that our computer is vulnerable for any cyber attacks or highjack because
we did not have a security system put into place to protect the information on the computer.

Exposure: I recently received an email about cheap electronics online. My wife loves to shop
online and sign me up for numerous products. The email that was sent to me looked suspicious
and the website was one in which I was familiarize with based on previous trials that was done to
note it was a virus. The email was a virus so I did not open it and marked it as a spam.

Risk:My school asked for me to copy and scan my personal information in order for them to
update my file. I use my computer to pass personal information to the advisor and I may become
a target for people who will take advantage of my information or put me at risk.

Attack: I had a friend of mine that normally comes to the house for dinner.I left the room for a
few minutes then I came to realize that the gentleman tried to hack into my computer using
software to retrieve picture and documents that were very personal.

Exploit: I have an online account with Amazon. I make purchase on a frequent basis and one
day I was notified of a transaction on the account by my Credit Card Fraud & Protection.I had to
cancel the transaction and a new card was sent to me immediately as they investigated and
reversed the charges.