Is a good graphical user interface an appropriate criterion for buying a security product? It might be. For instance, the example of the program where it
is too easy to hit the wrong button. This actually occurred on the Norwegian stock exchange.
Suppose you are starting a new business which
deals with a secret new technology. Describe, in overview, how you
would design a secure work environment for the company. Think of
physical issues, software issues and work practices.
Think about physical procedures, passes, identity cards. Then think about the
placement of people and computers. Is it easy to look over someone's shoulder, or
gain access to others' computers when they are not there. Think about the network.
Hosts with secrets should not be on the internet. Think file permissions and access
controls. Firewalls. Social engineering: could someone fool and employee into breaking
security? Could someone tap the network and plant listening devices? Use of encryption.
Restriction of employees' freedom at work.
How would you use the Unix find command to find files which
were writable by anyone? How would you use cfengine to do this?