Get premium membership and access revision papers, questions with answers as well as video lessons.

Cisy 431:Introduction To Information Systems Question Paper

Cisy 431:Introduction To Information Systems 

Course:Computer Science

Institution: Kenya Methodist University question papers

Exam Year:2012



KENYA METHODIST UNIVERSITY

END OF 3''RD ''TRIMESTER 2012 (EVENING) EXAMINATIONS
FACULTY : COMPUTING AND INFORMATICS
DEPARTMENT : COMPUTER SCIENCE AND BUSINESS
INFORMATION
UNIT CODE : BBIT 443/CISY 431
UNIT TITLE : INTRODUCTION TO INFORMATION SYSTEMS
SECURITY
TIME : 2 HOURS




Instructions:

Answer all questions

Question One
1. Define the following terms. (6 marks)

Non- Repudiation
Confidentiality
Attack

2. List three types of information system audit. (3 marks)
3. Explain the main reasons why cyber terrorism is currently high in Kenya. (4 marks)
4. Describe the main types of Antiviruses (3 marks)
5. Using a diagram show the four interrelated domains of COBIT. (4 marks)
6. Describe the three classes of intruders. (6 marks)

7. Briefly describe two techniques used to avoid guessable passwords.

(4 marks)

SECTION B

Answer two questions in this section

Question Two

An organization’s information security is only as good as the policies, procedures and practices designed to maintain it. With a diagram show the relationship between the three and list the objectives of each.

(5 marks)

What are the main functions of IDS and IPS.

(5 marks_

Discuss basic COBIT principles and explain the benefits of implementing COBIT as a governance framework.

(10 marks)

Question Three

Critical to Is security is the distinction between policy and mechanism. Distinguish between:
Security policy and

Security mechanism.

(4 marks)

To say that system security risks analysis is an important issue is an understatement. Its difficult to quantify losses suffered each year by business arising from the use, misuse and abuse of information systems.

Identify at least five main risks the computer systems are exposed to and, for each of these risks, suggest some appropriate control.

(10 marks)

Show that the three security services-confidentiality, integrity, and availability – are sufficient to deal with the threats of disclosure, disruption, deception and usurpation.

(6 marks)

Question Four

Describe the various stages of information system auditing and format of writing audit report.

(10 marks)

Managers need to determine the maximum amount of time the business can survive with its systems down and what parts need to be restored first. List and describe the steps in developing system’s disaster recovery strategy and plan (DRSP) that will ensure business continuity (BC) and availability of critical computing services.

(10 marks)




More Question Papers

Enhance your teaching with our comprehensive Schemes of Work and Notes!

Popular Exams

Return to Question Papers    

© 2008-2024 by KenyaPlex.com. All Rights Reserved | Home | About Us | Contact Us | Copyright | Terms Of Use | Privacy Policy | Advertise