equal value

EXAM INSTRUCTIONS

1. There are three (3) questions on this exam, each of equal value.

2. Answer all three (3) of these questions.

3. Each question must be answered in your ow

EXAM INSTRUCTIONS

1. There are three (3) questions on this exam, each of equal value.

2. Answer all three (3) of these questions.

3. Each question must be answered in your own words. However, when you use the words of others in any answers, you must use quotation marks and attribute the source right there following APA style recommendations. Also be sure to cite references right there using APA style when you paraphrase the words of others.

4. This is an open-book individual examination. You may use any resources in addition to the textbook, such as other books, articles, and the Web. All questions require research beyond the text, lecture notes, and conferences.  You must, however, do your own work and you may not collaborate with your classmates.

6. Adequate answers for the entire examination should run approximately ten (10 – 12) double-spaced pages (not much more) with one-inch margins and 12-point font.

7. You must provide a separate bibliography for each question following APA style recommendations. The bibliography for each question is outside the scope of the 10 – 12 double-spaced pages and should be placed at the end of each question.

8. Answers will be evaluated on the following criteria: key content, logical flow, clarity, spelling, grammar, and proper citations/bibliography.

PLEASE SEE PAGES 2, 3, and 4 FOR THE EXAM QUESTIONS

EXAM QUESTIONS 

Question 1 

This question is about Vulnerability Analysis as defined and discussed in INFA670 Session 4 and in our Bishop (2003, Chap. 23) textbook.

Select two Vulnerability Analysis tools used in research and/or commercially available and describe their main features and functionality.  Compare and contrast their relative strengths and weaknesses when used in the three (3) scenarios described below:

a.         The system to be developed is intended to be operational in a large enterprise environment and the system itself when fully developed will be of a size typically found in large enterprise deployments such as DOD, large banks or similar sized operations where integration and deployment includes use in a networked environment.

b.         The system to be developed is intended to be operational in a midmarket sized firm which has branches located countrywide.  Familiar examples might include a fast food chain of outlets such as Burger King, a nationwide clothing store or similar set of replicated stores where integration and deployment includes use in a networked environment.

c.         The system to be developed is intended to be operational in a small market firm or small business firm or even in home usage.  Familiar examples might include an income tax preparation package by a small tax consulting firm.

Be sure to frame your answer in logical argumentations and referenced research results using the text and credible outside sources. Ensure that your answer is written in the contexts of security and trusted systems.

Question 2 

This question is based on Exercise 3 in Chapter 21 of our Bishop textbook (2003, pp. 609 – 610). Exercise 3 states:

“‘Recall that criteria creep’ is the process of refining evaluation requirements as the industry gains experience with them, making the evaluation criteria something of a moving target.  (See Section 21.2.4.2.)

This issue is not confined to the TCSEC, but rather is a problem universal to all evaluation technologies”. (Bishop, 2003, pp. 609 – 610)

With this in mind address the following requirements:

a. Analyze the benefits and drawbacks of the Common Criteria (CC) methodology for handling criteria creep.  b. Provide recommendations for ensuring that the benefits can be realized; and for mitigating the drawbacks.

Question 3 

n words. However, when you use the words of others in any answers, you must use quotation marks and attribute the source right there following APA style recommendations. Also be sure to cite references right there using APA style when you paraphrase the words of others.

4. This is an open-book individual examination. You may use any resources in addition to the textbook, such as other books, articles, and the Web. All questions require research beyond the text, lecture notes, and conferences.  You must, however, do your own work and you may not collaborate with your classmates.

6. Adequate answers for the entire examination should run approximately ten (10 – 12) double-spaced pages (not much more) with one-inch margins and 12-point font.

7. You must provide a separate bibliography for each question following APA style recommendations. The bibliography for each question is outside the scope of the 10 – 12 double-spaced pages and should be placed at the end of each question.

8. Answers will be evaluated on the following criteria: key content, logical flow, clarity, spelling, grammar, and proper citations/bibliography.

PLEASE SEE PAGES 2, 3, and 4 FOR THE EXAM QUESTIONS

EXAM QUESTIONS 

Question 1 

This question is about Vulnerability Analysis as defined and discussed in INFA670 Session 4 and in our Bishop (2003, Chap. 23) textbook.

Select two Vulnerability Analysis tools used in research and/or commercially available and describe their main features and functionality.  Compare and contrast their relative strengths and weaknesses when used in the three (3) scenarios described below:

a.         The system to be developed is intended to be operational in a large enterprise environment and the system itself when fully developed will be of a size typically found in large enterprise deployments such as DOD, large banks or similar sized operations where integration and deployment includes use in a networked environment.

b.         The system to be developed is intended to be operational in a midmarket sized firm which has branches located countrywide.  Familiar examples might include a fast food chain of outlets such as Burger King, a nationwide clothing store or similar set of replicated stores where integration and deployment includes use in a networked environment.

c.         The system to be developed is intended to be operational in a small market firm or small business firm or even in home usage.  Familiar examples might include an income tax preparation package by a small tax consulting firm.

Be sure to frame your answer in logical argumentations and referenced research results using the text and credible outside sources. Ensure that your answer is written in the contexts of security and trusted systems.

Question 2 

This question is based on Exercise 3 in Chapter 21 of our Bishop textbook (2003, pp. 609 – 610). Exercise 3 states:

“‘Recall that criteria creep’ is the process of refining evaluation requirements as the industry gains experience with them, making the evaluation criteria something of a moving target.  (See Section 21.2.4.2.)

This issue is not confined to the TCSEC, but rather is a problem universal to all evaluation technologies”. (Bishop, 2003, pp. 609 – 610)

With this in mind address the following requirements:

a. Analyze the benefits and drawbacks of the Common Criteria (CC) methodology for handling criteria creep.  b. Provide recommendations for ensuring that the benefits can be realized; and for mitigating the drawbacks.

Question 3