Examine how end users’ responsibilities for managing security have changed over time.

1. Examine how end users’ responsibilities for managing security have changed over time.

2.It has been frequently proposed to make software vendors liable for deficiencies in their products. Who would benefit from such regulations?

3. Social networks are a new application that has grown rapidly in recent years. What new security challenges are posed by social networks

4.Define a security policy for an examination system. Examination questions are set by the teacher and checked by an external examiner. Students sit the exam. Then their papers are marked, marks are approved by the examinations committee, results are published, and students may see their own papers. Which assets need to be protected? Who may get access to the documents used in this examination system?

5.Should a risk analysis of a computer centre include flooding damage to computing equipment even when the centre is in a high and dry location?

6.Conduct a risk and threat analysis for a mobile phone service, taking into account that calls are transmitted over a radio link between mobile phone and base station, and that with international roaming a subscriber can use the service in visited networks when away from home. Conduct your analysis from the subscribers’ and the network operators’ viewpoint.

7. Conduct a risk and threat analysis for ATM cash withdrawals, both from the customer’s and the bank’s viewpoint.

8. Attacks can come from inside or outside an organization. Are there basic differences in the defences against insider and outsider threats? What is the relative importance of insider threats? Has the relative importance of insider threats changed as the modern IT landscape has been formed?

9.Conduct a search for further definitions of the security conceptsdefined in this chapter. Starting points may be the Common Criteria or the websites of the US TCSEC programme2 and of the Common Criteria Scheme. Many of the major IT companies also have pages on security on their websites.

10. Examine the relationship between unlinkability and anonymity.

11. On the computing system you are using, identify the software components that potentially could incorporate security mechanisms.

12. Look for further examples where a security mechanism in one layer can be by passed by an attacker who has access to a layer below.