Essay Questions Answer all questions below in a single document, preferably below the corresponding topic. Responses should be no longer than half a page. One 1. A security program should address issues from a strategic, tactical, and operational view. The security program should be integrated at every level of the enterprise’s architecture. List a security program in each level and provide a list of security activities or controls applied in these levels. Support your list with real-world application data. 2. The objectives of security are to provide availability, integrity, and confidentiality protection to data and resources. List examples of these security states where an asset could lose these security states when attacked, compromised, or became vulnerable. Your examples could include fictitious assets that have undergone some changes. 3. Risk assessment can be completed in a qualitative or quantitative manner. Explain each risk assessment methodology and provide an example of each. Two 1. Access controls are security features that are usually considered the first line of defense in asset protection. They are used to dictate how subjects access objects, and their main goal is to protect the objects from unauthorized access. These controls can be administrative, physical, or technical in nature and should be applied in a layered approach, ensuring that an intruder would have to compromise more than one countermeasure to access critical assets. Explain each of these controls of administrative, physical, and technical with examples of real-world applications. 2. Access control defines how users should be identified, authenticated, and authorized. These issues are carried out differently in different access control models and technologies, and it is up to the organization to determine which best fits its business and security needs. Explain each of these access control models with examples of real-world applications. 3. The architecture of a computer system is very important and comprises many topics. The system has to ensure that memory is properly segregated and protected, ensure that only authorized subjects access objects, ensure that untrusted processes cannot perform activities that would put other processes at risk, control the flow of information, and define a domain of resources for each subject. It also must ensure that if the computer experiences any type of disruption, it will not result in an insecure state. Many of these issues are dealt with in the system’s security policy, and the security model is built to support the requirements of this policy. Given these definitions, provide an example where you could better design computer architecture to secure the computer system with real-world applications. You may use fictitious examples to support your argument. Three 1. Our distributed environments have put much more responsibility on the individual user, facility management, and administrative procedures and controls than in th.