Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Community
Ask the community for help and clear up your study doubts
Discover the best universities in your country according to Docsity users
Free resources
Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors
True-false questions and explanations for cs 461 / ece 422 information assurance students regarding security policy concepts such as requirements, constraints, controls, business continuity plans, and incident response plans, as well as cryptography concepts like symmetric key length and the feistel network.
Typology: Assignments
1 / 2
CS 461 / ECE 422 Information Assurance HW #2 KEY Due submitted to Compass by 3:00 p.m. Feb. 5 The questions below prefaced by T/F are true-false questions. For these you must select one or the other, but may clarify your answer with more text if you wish.
1. T/F Security concerns are separate from software engineering concerns, so that an efficient way to design and implement software is to get its functionality right first, and later add security mechanisms. FALSE 2. Describe the difference between a constraint, a requirement, and a control in a security policy. SECTION 8.3 in TEXT A requirement is a functional or performance demand on a system to ensure a desired level of security. A constraint is an aspect of a security policy that directs the implementation of a requirement. A control is a means of removing or reducing a vulnerability. 3. T/F Once a security policy has been established, one needs to review it and its effect on the system periodically but infrequently. ACTUALLY, EITHER T OR F is defendable. It must be periodic, frequency is in the eye of the beholder. 4. T/F The only people who are needed to develop a security policy are security experts and application experts. Since management doesn’t understand either, it’s only role is to adopt the plan developed by the experts. FALSE 5. Describe the difference between a business continuity plan, and an incident response plan. The former focuses on how to maintain the business in the event of lost capacity, the latter focuses on mitigating the actual incident.
when we consider functions of more bits. Example f(00) = 01, f(01) = 00, f(10) = 11, f(11) = 10