Exercise 1.1 Examine how end usersâ€™ responsibilities for managing security have changed over time.
Exercise 1.3 It has been frequently proposed to make software vendors liable for deficiencies in their products. Who would benefit from such regulations?
Exercise 1.5 Social networks are a new application that has grown rapidly in recent years. What new security challenges are posed by social networks?
Exercise 1.7 Attacks can come from inside or outside an organization. Are there basic differences in the defences against insider and outsider threats? What is the relative importance of insider threats? Has the relative importance of insider threats changed as the modern IT landscape has been formed?
Exercise 2.1 Define a security policy for an examination system. Examination questions are set by the teacher and checked by an external examiner. Students sit the exam. Then their papers are marked, marks are approved by the examinations committee, results are published, and students may see their own papers. Which assets need to be protected? Who may get access to the documents used in this examination system?
Exercise 2.3 Should a risk analysis of a computer centre include flooding damage to computing equipment even when the centre is in a high and dry location?
Exercise 2.5 Conduct a risk and threat analysis for a mobile phone service, taking into account that calls are transmitted over a radio link between mobile phone and base station, and that with international roaming a subscriber can use the service in visited networks when away from home. Conduct your analysis from the subscribersâ€™ and the network operatorsâ€™ viewpoint.
Exercise 2.7 Conduct a risk and threat analysis for ATM cash withdrawals, both from the customerâ€™s and the bankâ€™s viewpoint.
Exercise 3.1 Conduct a search for further definitions of the security concepts defined in this chapter. Starting points may be the Common Criteria  or the websites of the US TCSEC programme2 and of the Common Criteria Scheme. Many of the major IT companies also have pages on security on their websites.
Exercise 3.3 Examine the relationship between unlinkability and anonymity.
Exercise 3.5 On the computing system you are using, identify the software components that potentially could incorporate security mechanisms.
Exercise 3.7 Look for further examples where a security mechanism in one layer can be bypassed by an attacker who has access to a layer below.