Nuclear Plant Password Policy - Essay Example

Nuclear Plant Password Policy Insert Insert Activity 1 As an information officer, what are the information security goals that you need to keep in mind while defining the protection you shall need?(Select all that apply.) The goals are detection, prevention, and recovery 2) What are applicable forms of vulnerabilities? (select all that apply) They include improperly configured software, misuse of communication protocols and damage to Hardware 3) Detail the difference between a threat, vulnerability, and a risk. A threat is anything that poses the danger to the computer system whereas vulnerability refers to a loophole or a weakness that hackers or attackers can use to attack a system. Atheotherhandlikelihoodloss There are situations where a risk is said to be vulnerability but in other cases, some vulnerabilities occur without any risks. Activity 1-2 1) The three most fundamental goals of computer security are: (Select all that apply.) They include confidentiality, integrity, and privilege management. 3) A biometric handprint scanner is as part of a system for granting access to a facility. Once an identity is, the system checks and confirms that the user allowed leaving the lobby and entering the facility, and the electronic door lock is released. This is an example of (Select all that apply.) It is an example of authentication. 3) Katie’s handprint is against a record in the system that indicates that she has been assigned clearance to view the contents of secret documents. Later, at her desk, she tries to connect her folder that is Top Secret, and access is denied. This an example of MAC 4) At the end of the day, the security personnel can view electronic log files that record the identities of everyone who entered and exited the building along with the time of day. This is an example of: Auditing 5) An administrator of a large multinational company can assign access rights and track user’s resource access from a central administrative console. Users throughout the organization can gain access to any system after providing a single username and password. This is an example of: Privilege management Activity 1-3 1) Brian works at a bank. To access his laptop, he inserts his employee ID card into a special card reader. This is an example of: Token-based authentication 2) To access the server room, Brian places his index finger on a fingerprint reader. This is an example of: Biometric authentication 3) To withdraw money from an automatic teller machine, Nancy inserts a card and types a four-digit PIN. This incorporates what types of authentication? Select all that apply.) Token-based, password and multifactor. 4) What is the best example of a token-based authentication? It relies on a card being inserted into a card reader 5) True or False? Mutual authentication protects clients from submitting confidential information to an insecure server. That is true 6) How does multi-factor authentication enhance security? Multifactor authentication enhances security by providing at minimum challenges for the attacker to breach the system. The latter can be extremely difficult with the use of biometrics. Activity 1-4 1) Which algorithm is a hashing encryption algorithm? That is SHA 2) Which of the following is a specific set of actions used to encrypt data? Cipher is used to encrypt data. 3) True or False? A digital signature is an application of hashing encryption because the signature is never transformed back to clear text. That is true 6) What are the distinctions between an encryption algorithm and a key? The distinction is that the encryption algorithm is the general instruction that is applicable to data when changing it to ciphertext. On the other hand, the key refers to the real value that the algorithm uses. Whereas different ciphertext can result from the use of a different key the process of encryption is always similar. 7) What is a potential drawback of symmetric encryption? It is the urge of sharing a key between the parties in play. The latter is a source of compromising that key. 8) What makes public key encryption potentially so secure? it experiences full security as there is no sharing of the key between the parties. 9) Considering that hashing encryption is one-way, and the hash is decrypted, what makes hashing encryption a useful security technique? Because hashing is applicable in verification of data in a number of circumstances that involve authentication using the password. The situation involves the exchange of hashes instead of the real passwords. Both parties can then verify the file or information after the transfer is complete. Activity 1-5 Use the file Nuclear Plant Password Policy for these questions. 1) Open and review the policy file. What type of policy document is this? It is a password policy 2) which standard policy components are in the policy? (Select all that apply.) The standard policy components included in the policy are the policy statement, the standards, and guidelines. 3) How often must system level administrators change their passwords to conform to this policy? They must change their passwords at least on a monthly basis 4) To conform to this policy, how often must regular system users change their passwords? They have to be changed once in every three months 5) According to this policy, what is the minimum character length for a password and how should it be constructed? According to this policy, there is a minimum character length of eight alphanumeric characters for a password. The policy states what makes up a strong password. First it incorporates both small and capital letters. Further, it is made of symbols, characters, marks for punctuation and digits 0-9 (Farrell, 2008). They should not be words in other languages, dialect, slang or jargon. Caution should be taken not to include names relating to family members or personal information. The person creating it should be in a position of remembering it. The best passwords are created following a particular phrase. For instance, “I have always told you not to try this alone” has a resultant password of iHaTyNTt~T1 6) Why is password1 not a choice for a password? Password1 is not a good password because the word password is available in the dictionary and also a common computer terminology. It precedes a digit that is a very common way to write weak passwords that are easily traceable. References Farrell, S. (2008). Password Policy Purgatory. IEEE Internet Comput., 12(5), 84-87. doi:10.1109/mic.2008.108 Read More