Introduction to Information Security

Questions and Answers

What amount was originally awarded in punitive damages to Richard Grimshaw after the accident involving the Ford Pinto?

$49.5 million

$88 million

$3.5 million

$125 million (correct)

The Ford Motor Company was convicted of reckless homicide in the trial following the Grimshaw case.

False

What modifications were made to the Ford Pinto to address safety concerns?

Longer fuel filler neck and plastic shields

The difference between the costs of the Ford Pinto and the benefits was __________.

$88 million

Match the following events with their descriptions:

Grimshaw v. Ford = Punitive damages awarded for injuries caused by a Pinto explosion Pinto Recall = Recall of 1.5 million cars due to safety concerns Ford's Acquittal = Ford was acquitted of charges related to reckless homicide Discontinuation of Pinto = The Pinto was discontinued in fall 1980

Which of the following is NOT a type of security mentioned?

Content security

Data integrity is essential for protection against phishing attacks.

False

What is one challenge that makes cybersecurity hard?

Increased connectivity

Security can be defined as protection of __________ against __________.

assets

Match the following types of protection with their descriptions:

Authentication = Protection from unauthorized access Authorization = Determining access rights Privacy = Securing personal information Non-repudiation = Ensuring parties in a transaction cannot deny their actions

Which of the following contributes to the increased prevalence of cyber attacks?

Low threshold to access

What is a common protection measure to combat the threat of data breaches?

Encryption

Homeland security is one of the contexts in which security is defined.

True

What was the reason given for not implementing a one-pound, one-dollar piece of plastic to improve the Pinto's safety?

It was seen as extra cost and extra weight.

The Pinto's gas tank was designed to withstand collisions without rupturing.

False

What happens to the gas tank when the Pinto is rear-ended at over 30 miles per hour?

The rear end of the car buckles, and the gas tank is damaged, leading to fuel spillage.

The tube leading to the gas-tank cap would be ripped away from the tank itself in a serious collision, causing gas to slosh onto the _____ around the car.

road

Match the following elements involved in Pinto's crash tests with their effects:

Plastic baffle = Prevents puncturing of the gas tank Steel piece = Protects the tank from bumper impact Rubber bladder = Contains fuel inside the tank Sharp bolts = Increases risk of gas tank ruptures

What is considered the hardest aspect of security?

Identifying all possible attack scenarios

What is risk mitigation primarily aimed at?

Reducing losses due to a risk

Risk transfer involves taking actions to reduce losses due to a risk.

False

In security, the defender must find and eliminate all exploitable vulnerabilities, while the attacker needs to find multiple vulnerabilities.

False

What must security professionals ensure happens in technology-related efforts?

Something good happens.

What is the purpose of Annualized Loss Expectancy (ALE)?

To assess the expected value of potential losses due to risks.

In information management systems, an intruder is described as using any available means to subvert the security of the ______.

system

The Ford Pinto was produced between _____ and _____ and is considered one of the worst cars of all time.

1971, 1980

Match the following risk types with their corresponding Annualized Loss Expectancy (ALE):

SWIFT fraud = $250,000 ATM fraud (large) = $50,000 ATM fraud (small) = $10,000 Teller theft = $648,000

Which principle states that attackers focus on the easiest point of penetration?

Principle of easiest penetration

Which of the following factors does not play a role in assessing risk?

Fashion trends

Security is often prioritized over the usefulness of digital systems.

False

Assessing risk is straightforward and always easy to determine.

False

What do Bruce Schneier's quotes emphasize about attack strategies?

A good attack is one that engineers never thought of.

What was the mission statement of Ford during the Pinto's production era?

To provide outstanding products and services that improve people's lives.

Which of the following was a tactic used by Henry Ford II against the Federal Motor Vehicle Safety Standard 301?

Private negotiating and lawsuits

The Ford Cost-Benefit Analysis calculated a higher cost per casualty for medical expenses compared to insurance administration.

True

What was the total cost per fatality calculated in the Ford Cost-Benefit Analysis for 1971?

$200,725

The total benefit of avoided fatalities and injuries from the cost-benefit analysis is $______.

$49.5 million

Match the following components with their associated costs according to the Ford Cost-Benefit Analysis:

Direct Future Productivity Losses = $132,000 Total Medical Costs = $1,125 Legal and Court Costs = $3,000 Victim's Pain and Suffering = $10,000

What was the total cost involved in selling 12.5 million cars at a unit cost of $11 each?

$137.5 million

The number of burned vehicles accounted for in the total benefit analysis was 2,100.

True

How many serious burn injuries were accounted for in the savings of the cost-benefit analysis?

180

Study Notes

Introduction to Information Security and Management

• Course code: CS 4394
• Instructor: Dr. Qingchuan Zhao
• The course material was adapted from various sources, including lectures by Dr. L.F. Kwok, Dr. W.D. Young, Prof. M. Bishop, Prof. V. Shmatikov, A. Kanagala et al., Prof. V. Paxson, and Prof. N. Li.

What Does Security Mean?

• Security is a multifaceted concept used in various contexts. Examples include personal security, corporate security, personnel security, energy security, homeland security, operational security, communication security, network security, and system security.
• Security is fundamentally about protecting assets against threats.
• This includes understanding what assets need protection and identifying the kinds of threats they face.
• The nature of protection might differ depending on the specific threat.

Security on a Personal Level

• Online retailers often request personal information.
• Individuals should consider the protections they desire against potential threats when providing their information.
• Key aspects of personal security include authentication (to prevent phishing), authorization, privacy, integrity, availability, and non-repudiation.

Security on an Institutional Level

• Examples of security challenges facing institutions include:
  • Large corporations experiencing data breaches impacting thousands of customers.
  • Students potentially altering their grades using unauthorized access to academic systems.
  • Online retailers facing massive malicious traffic overload, impacting service availability for legitimate users.
• These scenarios highlight the difficulty defining security within the digital realm.

Attacks are Becoming More Prevalent

• Increased online connectivity exposes more valuable assets.
• The barriers to accessing these targets have been lowered.
• Attacks are becoming more sophisticated with readily available tools and strategies.

Case Study: The Infamous Ford Pinto

• The Ford Pinto, produced between 1971 and 1980, was a subject of controversy due to safety concerns.
• The vehicle faced significant criticism for its design and materials choices.
• Its issues led to numerous lawsuits, highlighted by the notable "Grimshaw v. Ford Motor Co." case.
• Cost-benefit analyses regarding product safety emerged as a central point of contention.
• The analysis revealed that the cost of potentially fixing the safety concerns was less than the financial value for the product.
• Ultimately, the company opted to recall the vehicle.

Risk Management

• Identifying and assessing risk is crucial in security.
• Risk acceptance involves tolerating certain risks.
• Risk avoidance involves not engaging in activities that pose risk.
• Mitigation acts to lessen risk.
• Risk transfer moves risk to another entity (e.g., insurance).
• Risk management often includes assessing assets, threats, and vulnerabilities to prioritize measures and manage risks.
• There are specific computations associated with risk management, such as annualized loss expectancy (ALE).

Description

Explore the fundamentals of information security in this quiz based on the course CS 4394. Learn about various security contexts including personal, corporate, and operational security, along with understanding threats and asset protection. Test your knowledge on the essentials of managing security in diverse environments.