Help in Health Care Informatics Assignment
Part 1: True or False Questions. (10 questions at 1 point each)
- T F A hash algorithm uses a one-way cryptographic function, whereas both secret-key and public-key systems use two-way (i.e., reversible) cryptographic functions.
- T F The strongest 3DES (Triple DES) requires the use of three independent keys.
- T F When it comes to the ethics of a particular situation, there is only one right answer. Answer: _____
- T F Packet filters protect networks by blocking packets based on the packets’ contents. Answer: _____
- T F The biggest advantage of public-key cryptography over secret-key cryptography is in the area of key management/key distribution.
- T F In terms of privacy laws, companies have no advantage over the government in terms of the types of data that a company can collect.
- T F Intrusion Detection Systems (IDS) provide no protection from internal threats.
- T F A Denial-of-Service attack does not require the attacker to penetrate the target’s security defenses.
- T F AES uses the Rijndael algorithm.
- T F A one-time pad is a safe house used only once by an undercover agent.
Part 2: Multiple Choice Questions. Print all the correct answers in the blank following the question; in some cases a fully correct answer may require more than one lettered choice to be selected. (Each question is worth 2 points. There is no guarantee of partial credit for partially correct answers.)
- If person A uses AES to transmit an encrypted message to person B, which key or keys will A have to use:
a. A’s private key
b. A’s public key
c. B’s private key
d. B’s public key
e. None of the keys listed above
- From the perspective of entropy:
- Plaintext will have a higher entropy than the ciphertext
- The unequal frequency of characters in human languages tends to reduce the entropy of plaintext messages in that language
- Encrypted messages appear to be noise-like
- Plaintext requires more transmission bandwidth than ciphertext
- None of the above
- Protection of a software program that uses a unique, novel algorithm could be legally protected by:
a. A patent
b. A copyright
c. A patent and copyright
d. Ethical standards
e. All of the above
- Security threats include which of the following:
a. Unlocked doors
b. Disgruntled employees
d. Un-patched software programs
e. All of the above
- Denial of service attacks include:
a. DNS poisoning
b. Smurf attack
c. Ping of death
d. SYN flood
e. All of the above
Part 3: Short Answer Questions. (10 questions at 5 points each)
- Alan and Beatrice are both users of PKI. Explain how they use their keys to communicate when Alan sends a private message to Beatrice, and provides proof that he sent the message.
- Briefly describe the purpose of firewalls and how they work, including a comparison of at least three principal types.
- What are some of the individual rights associated with information privacy? Do expectations of privacy change depending on the individual’s environment? If so, how?
- There are many threats associated with e-mail. List five (5) of these threats and describe a mitigation strategy for each.
- Decipher the following using a 26-character Caesar Cipher:
EHWWHU EH GHVSLVHG IRU WRR DQALRXV DSSUHKHQVLRQV WKDQ UXLQHG EB WRR FRQILGHQW VHFXULWB
- For the previous question, what are three (3) cryptanalysis techniques that could be used to crack the cipher?
- What is the difference between substitution and transposition encryption?
- What are the similarities and differences between incident response plans and business continuity plans?
- Give one brief example of a computer-security legal issue, and another brief example of a computer-security ethical issue.
- Describe in your own words the importance of security awareness training for computer users, such as employees. Give two examples of threats that can be mitigated through greater security awareness.
Part 4: Essay Questions. Maximum length: two (2) pages each, including references, double spaced. (Two questions at 15 pts each)
- One hundred years ago, Louis Brandeis and Samuel Warren warned us that, “Numerous mechanical devices threaten to make good the prediction that ‘what is whispered in the closet shall be proclaimed from the housetops.’” Cryptography is an enabling technology for self-help privacy. Conversely, cryptography can be used to conceal criminal conspiracies and activities, including espionage. How have computers changed the ways in which we have to keep certain information private? What new threats do computer systems and networks pose to personal privacy? Conversely, what threats are enabled or enhanced by computer systems and networks? How does cryptography help or hinder protection of privacy and public safety? What policies are needed and appropriate in a networked world regarding the use of cryptography?
- While sitting in the break room at work one day, Stan is talking with his friend Joe, who is excitedly describing an idea for a new intrusion detection system (IDS). Joe describes an elegant new algorithm that will flawlessly detect intrusion attacks and respond almost instantly. Stan, who is more of an entrepreneur than inventor, quickly grasps the essence of Joe’s idea, and decides to incorporate the idea into a commercial product, without the knowledge or participation of Joe. In his scheme to commercialize Joe’s idea, Stan plans to hire a programmer to implement Joe’s algorithm, and use the software to control a novel new hardware component. Stan would like to protect the intellectual property of the algorithm, software, and hardware component, but is experiencing some guilt pangs. Discuss the legal and ethical issues of this whole situation.