Problem 1
Explain the important differences between application security engineering and infrastructure security engineering.
Problem 3
Explain why there is a need for both preliminary risk assessment and life cycle risk assessment during the development of a system.
Problem 5
Explain, using an analogy drawn from outside of software engineering, why a layered approach to asset protection should be used.
Problem 6
Explain why it is important to use diverse technologies to support distributed systems in situations where system availability is critical.
Problem 7
What is social engineering? Why is it difficult to protect against it in large organisations?
Problem 8
For any off-the-shelf software system that you use (e.g. Microsoft Word), analyse the configuration facilities included and discuss any problems that you find.
