Problem 1
Explain the important differences between application security engineering and infrastructure security engineering.
Problem 3
Explain why there is a need for risk assessment to be a continuing process from the early stages of requirements engineering through to the operational use of a system.
Problem 5
Explain, using an analogy drawn from a non-software engineering context, why a layered approach to asset protection should be used.
Problem 6
Explain why it is important to use diverse technologies to support distributed systems in situations where system availability is critical.
Problem 7
What is social engineering? Why is it difficult to protect against it in large organizations?
Problem 8
For any off-the-shelf software system that you use (e.g., Microsoft Word), analyze the configuration facilities included and discuss any problems that you find.
