1
.
You
must
examine
the
components
on
how
information
can
be
compromised
:
-
?
____________________
.
-
?
Integrity
.
-
?
Availability
.
-
?
Authentication
.
-
?
Authorization
.
2
.
There
is
a
price
to
pay
when
a
half
-
hearted
security
plan
is
put
into
action
.
It
can
result
in
____________________
disaster
.
A
password
policy
that
allows
users
to
use
blank
or
weak
passwords
is
a
hacker's
paradise
.
No
firewall
or
proxy
protection
between
the
organization's
private
local
area
network
(
LAN
)
and
the
public
Internet
makes
the
company
a
target
for
cyber
crime
.
3
.
Few
safeguards
can
be
implemented
against
natural
disasters
.
The
best
approach
is
to
have
disaster
____________________
plans
and
contingency
plans
in
place
.
Other
threats
such
as
____________________
,
wars
,
and
terrorist
attacks
could
be
included
here
.
Although
they
are
human
-
caused
threats
,
they
are
classified
as
disastrous
.
4
.
The
most
dangerous
attackers
are
usually
insiders
(
or
former
insiders
)
,
because
they
know
many
of
the
____________________
and
security
measures
that
are
already
in
place
.
Insiders
are
likely
to
have
specific
goals
and
objectives
,
and
have
legitimate
access
to
the
system
.
Employees
are
the
people
most
familiar
with
the
organization's
computers
and
applications
,
and
they
are
most
likely
to
know
what
actions
might
cause
the
most
damage
.
Insiders
can
plant
viruses
,
Trojan
horses
,
or
worms
,
and
they
can
browse
through
the
file
system
.
5
.
?
Trojan
horses
.
These
are
malicious
programs
or
software
code
hidden
inside
what
looks
like
a
normal
program
.
When
a
user
runs
the
normal
program
,
the
hidden
code
runs
as
well
.
It
can
then
start
deleting
files
and
causing
other
____________________
to
the
computer
.
Trojan
horses
are
normally
spread
by
e
-
mail
attachments
.
The
____________________
virus
that
caused
denial
-
of
-
service
attacks
throughout
the
world
in
1999
was
a
type
of
Trojan
horse
.
6
.
?
Password
cracking
.
This
is
a
technique
attackers
use
to
surreptitiously
gain
system
access
through
another
user's
____________________
.
This
is
possible
because
users
often
select
weak
passwords
.
The
two
major
problems
with
passwords
is
when
they
are
easy
to
guess
based
on
knowledge
of
the
user
(
for
example
,
wife's
maiden
name
)
and
when
they
are
susceptible
to
dictionary
attacks
(
that
is
,
using
a
dictionary
as
the
source
of
guesses
)
.
7
.
?
Denial
-
of
-
service
attacks
.
This
attack
exploits
the
need
to
have
a
service
available
.
It
is
a
growing
trend
on
the
Internet
because
Web
sites
in
general
are
open
doors
ready
for
abuse
.
People
can
easily
flood
the
Web
server
with
communication
in
order
to
keep
it
busy
.
Therefore
,
companies
connected
to
the
Internet
should
prepare
for
(
DoS
)
attacks
.
They
also
are
difficult
to
____________________
and
allow
other
types
of
attacks
to
be
subdued
.
8
.
?
Eavesdropping
.
E
-
mail
headers
and
contents
are
transmitted
in
the
clear
text
if
no
____________________
is
used
.
As
a
result
,
the
contents
of
a
message
can
be
read
or
altered
in
transit
.
The
header
can
be
modified
to
hide
or
change
the
sender
,
or
to
redirect
the
message
.
9
.
?
Eavesdropping
.
This
allows
a
cracker
(
hacker
)
to
make
a
complete
copy
of
network
____________________
.
As
a
result
,
a
cracker
can
obtain
sensitive
information
such
as
passwords
,
data
,
and
procedures
for
performing
functions
.
It
is
possible
for
a
cracker
to
eavesdrop
by
wiretapping
,
using
radio
,
or
using
auxiliary
ports
on
terminals
.
It
is
also
possible
to
eavesdrop
using
software
that
monitors
packets
sent
over
the
network
.
In
most
cases
,
it
is
difficult
to
detect
eavesdropping
.
10
.
?
Packet
modification
.
This
involves
one
system
intercepting
and
modifying
a
packet
destined
for
another
system
.
Packet
information
may
not
only
be
modified
,
it
could
also
be
____________________
.