CMIT 425 Week 2 Assignment


Instructions: Answer all questions in a single document. Then submit to the

CMIT 425 Week 2 Assignment
appropriate assignment folder. Each response to a single essay question should

be about a half-page in length (about 150 words).

1. Not all information has the same importance and value to a company. How

data is classified is an important factor used in determining the amounts of

funding and resources that should be applied to protecting each type of

data. Describe the data classification levels within commercial and military

organizations and provide examples of the types of information that would

be classified at each classification level.

2. It takes a team of individuals throughout the organization working together

to safeguard the integrity and confidentiality of data resources. Describe

the layers of responsibility within an organization when it comes to asset

security and data protection. For each role, discuss their responsibility

within the organization for asset security.

3. The architecture of a computer system is very important and comprises

many topics. The system must ensure that memory is properly segregated

and protected, ensure that only authorized subjects access objects, ensure

that untrusted processes cannot perform activities that would put other

processes at risk, control the flow of information, and define a domain of

resources for each subject. It also must ensure that if the computer

experiences any type of disruption, it will not result in an insecure state.

Many of these issues are dealt with in the system’s security policy, and the

security mode is built to support the requirements of this policy. Explain

the concept of a trusted computing base and describe how it is used to

enforce the system’s security policy. Provide examples of specific elements

(hardware, software or firmware) in the architecture of the computer

system could be used that provide security within the TCB.

