Distinguish between vulnerability, threat, and control. List at least three kinds of harm a company could experience from electronicespionage or unauthorized viewing of confidential company materials.1.8 Exercises1. Distinguish between vulnerability, threat, and control.2. Theft usually results in some kind of harm. For example, if someone stealsyour car, you may suffer financial loss, inconvenience (by losing your mode oftransportation), and emotional upset (because of invasion of your personalproperty and space). List three kinds of harm a company might experience fromtheft of computer equipment.3. List at least three kinds of harm a company could experience from electronicespionage or unauthorized viewing of confidential company materials.4. List at least three kinds of damage a company could suffer when the integrityof a program or company data is compromised.5. List at least three kinds of harm a company could encounter from loss ofservice, that is, failure of availability. List the product or capability to whichaccess is lost, and explain how this loss hurts the company.6. Describe a situation in which you have experienced harm as a consequence ofa failure of computer security. Was the failure malicious or not? Did the attacktarget you specifically or was it general and you were the unfortunate victim?7. Describe two examples of vulnerabilities in automobiles for which automanufacturers have instituted controls. Tell why you think these controls areeffective, somewhat effective, or ineffective.8. One control against accidental software deletion is to save all old versions ofa program. Of course, this control is prohibitively expensive in terms of cost ofstorage. Suggest a less costly control against accidental software deletion. Isyour control effective against all possible causes of software deletion? If not,what threats does it not cover?9. On your personal computer, who can install programs? Who can changeoperating system data? Who can replace portions of the operating system? Canany of these actions be performed remotely?10. Suppose a program to print paychecks secretly leaks a list of names of employeesearning more than a certain amount each month. What controls could be instituted tolimit the vulnerability of this leakage?11. Preserving confidentiality, integrity, and availability of data is a restatement of theconcern over interruption, interception, modification, and fabrication. How do thefirst three concepts relate to the last four? That is, is any of the four equivalent to oneor more of the three? Is one of the three encompassed by one or more of the four?12. Do you think attempting to break in to (that is, obtain access to or use of) acomputing system without authorization should be illegal? Why or why not?13. Describe an example (other than the ones mentioned in this chapter) of datawhose confidentiality has a short timeliness, say, a day or less. Describe an exampleof data whose confidentiality has a timeliness of more than a year.14. Do you currently use any computer security control measures? If so, what?Against what attacks are you trying to protect?15. Describe an example in which absolute denial of service to a user (that is, the usergets no response from the computer) is a serious problem to that user.