Get premium membership and access revision papers, questions with answers as well as video lessons.
Information Systems Security And Audit Question Paper
Information Systems Security And Audit
Course:Computer Information Systems
Institution: Kenya Methodist University question papers
Exam Year:2011
FACULTY : SCIENCE AND TECHNOLOGY
DEPARTMENT : CIS AND BIT
TIME : 2 HOURS
INSTRUCTIONS Answer Question ONE and any Other TWO Questions
Question 1
a) In the context of an organization’s information systems:
i) Distinguish among vulnerability, threat, and control. [Use appropriate examples] (3 marks)
ii) Differentiate between computer security and information systems (IS) security control. (4 marks)
b) Preserving confidentiality, integrity, and availability of data is a restatement of the concern over interruption, interception, modification, and fabrication.
i) Define the following systems’ security goals: confidentiality, integrity, and availability. [Use appropriate examples] (3 marks)
ii) Distinguish among the following systems’ threat types: interruption, interception, modification, and fabrication. [Use appropriate examples] (4 marks)
c) How do the first three concepts relate to the last four? Hint: is any of the four equivalent to one or more of the three or is any one of the three encompassed by one or more of the four? (6 marks)
d) Auditing information systems and safeguarding data quality is an important business process in modern organizations:
i) Differentiate between data quality audit and data cleansing. (4 marks)
ii) Describe, with relevant examples, how IS auditing enhance system security control process. (6 marks)
Question 2
a) Critical to IS security is the distinction between policy and mechanism. Distinguish between:
i) Security policy, and
ii) Security mechanism. (4 marks)
b) To say that system security risks analysis is an important issue is an understatement. It is difficult to quantify losses suffered each year by businesses arising from the use, misuse and abuse of information systems.
i) Identify at least five main risks the computer systems are exposed to and, for each of these risks, suggest some appropriate controls. (10 marks)
ii) Show that the three security services–confidentiality, integrity, and availability– are sufficient to deal with the threats of disclosure, disruption, deception, and usurpation. (6 marks)
Question 3
Computer systems play such a in critical role business and daily life that organizations spend large proportion of their ICT budgets on computer security and must take special steps to protect their IS to ensure that they are accurate, reliable, and secure.
a) Distinguish between the following terms in relation to the statement above:
i) Computer crime and computer abuse
ii) Spoofing and sniffing
iii) Authentication and protection
iv) Fault-tolerant and high-availability computing (8 marks)
b) Briefly describe the role of firewalls, intrusion detection systems, and encryption systems in promoting security. (6 marks)
c) Discuss briefly (in general terms) management, organization, and technology challenges faced by firms that purpose to make their systems available, reliable and secure. (6 marks)
Question 4
Computer-based information systems (CBIS) are more vulnerable than manual systems to destruction, error, abuse, and system quality problems. It has been said that controls and security should be the first areas addressed in the design of an information system.
a) Briefly mention at least five key reasons why CBIS are more vulnerable. (10 marks)
b) Describe, with appropriate examples the main types of controls that promote security for CBIS. (10 marks)
Question 5
a) State the importance of encryption, digital signatures and digital certificates in securing electronic communications. (6 marks)
b) Discuss why the principles of complete mediation and logging of file accesses are a necessity to system audit process. (4 marks)
c) Managers need to determine the maximum amount of time the business can survive with its systems down and what parts need to be restored first. List and describe the steps in developing system’s disaster recovery strategy and plan that will ensure business continuity and availability of critical computing services (10 marks)
More Question Papers
Popular Exams
Return to Question Papers