help

It has been said that we live in a highly volatile, "breach assume" environment.  What does "breach assume" mean to a business?  Assuming the role of Chief Information Security Officer (CISO), what measures would you lead, including technology and policies, to ensure that your company was in a stable breach assume posture?

Be sure to discuss specific tools and technologies, including how they would create a Defense-in-Depth approach.

2. (15 pts) Common Criteria

As applied to Information Assurance, what is the Common Criteria, and how does each criteria play a role in building a trusted system?  Be specific.

3. (20 pts) Authentication

Differentiate between Authentication and Access Control.  Provide and describe 3 types of each, (not including passwords), commonly used by organizations. 

Explain why NIST has changed it's stance on strong passwords~what is the current NIST guideline on strong passwords?

4. (20 pts) Cryptography

Describe and differentiate between the SHA, RSA, and AES algorithms.  What role does hashing play, and why is it important to Information Assurance?

Of the three algorithms, SHA / RSA / AES, which provides the most value in terms of the CIA Triad and why?

5. (15 pts) Encryption

What is encryption, and how is used?  Define and differentiate between private- and public-key encryption.  How does public-key cryptography provide both sender authentication and confidentiality?

6. (10 pts) Cybersecurity Models

Define the Bell-Lapadula and Biba models.  How are these models used to ensure any tenet of the CIA Triad?