INFO5301 Information Security Management
Threat Agents:
1. Malware
2. User
3. Employee
4. Attacker
Vulnerabilities:
• A. Mis-configured parameters in the operating system
• B. Lack of training or standards enforcement
• C. Lack of antivirus software
• D. Poorly written application. Lack of stringent firewall settings
Answer:
1-C: Malicious software needs to be detected by using antivirus software. This might lead
to virus infection.
2-A: If the operating system is misconfigured, users can gain access to some restricted area
of the system.
3-B: If the company does not provide training program to employees, there is vulnerabil-
ity of employees’ mistakes. Employees might alter data inputs and outputs from the data
processing application
4-D: Attacker can abuse the poorly implemented application to conduct a buffer overflow.
They can also try to conduct denial-of-services attack.
Duration: 5 min
2 Discussion Questions
Exercise 6:
For Internet of Things (IoT), what other aspects of security besides CIA should be consid-
ered? Explain why?
Answer:
Human safety: First, as the Internet of Things (IoT) evolves, an increasingly important aspect
of security will be human safety. Information security is rapidly including personal security
and safety. Computer-controlled medical devices, self-driving cars, home automation and
security, robotic surgery, and other innovations are taking information security far beyond
Information Security Management Page 4of 6