Get access to thousands of high quality educational resources

Bbit 422:Information Systems Security And Audit Question Paper

Bbit 422:Information Systems Security And Audit 

Course:Computer Information Systems

Institution: Kenya Methodist University question papers

Exam Year:2010



FACULTY : SCIENCE AND TECHNOLOY

DEPARTMENT : CIS AND BIT

TIME : 2 HOURS

INSTRUCTIONS Answer Question ONE (compulsory) and any Other TWO Questions


Question 1

Business organizations spend large proportion of their ICT budgets on computer security because computer systems play such a critical role in business, government, and daily life that organizations must take special steps to protect their information systems and to ensure that they are accurate, reliable, and secure. Required:

a) Define the following terms in relation to the statement above:

i) Computer (IS) security

ii) Security breach

iii) IS security control

iv) Confidentiality

v) Computer virus(5marks)

b) Distinguish between the following terms in relation to the statement above:

i) Data privacy and data integrity

ii) Computer crime and computer abuse

iii) Authentication and protection

iv) Spoofing and sniffing

v) Fault-tolerant and high-availability computing

(10marks) c) Computer systems are more vulnerable than manual systems to destruction, error, abuse, and system quality problems. Discuss, giving some key areas where systems are most vulnerable. (8marks)

d) List and describe, with appropriate examples, the main types of controls that promote security for computer hardware, computer networks, computer software, and computerized data. (7marks)


Question 2

a) State at least five (5) common types of computer-based IS security violations. (5marks)

b) Auditing information systems and safeguarding data quality is an important business process in modern organizations. Describe, with relevant examples, how IS auditing enhance system security control process. (5marks)

c) As companies increasingly rely on digital networks for their revenue and operations, they need to take additional steps to ensure that their systems and applications are always available to support their digital business processes.

Required

i) Using Web-based application (internet computing) model diagram, discuss internet security challenges and features of online information systems that make them difficult to control. (5marks)

ii) Identify and describe special measures that must be taken to ensure the reliability, availability, and security of e-commerce and digital business process. (5marks)


Question 3

a) How does hacking compromise system security? How is it controlled? (4marks)

b) Briefly describe the role of firewalls, intrusion detection systems, and encryption systems in promoting security. (6marks)

c) To say that system security risks analysis is an important issue is an understatement. It is difficult to quantify losses suffered each year by businesses arising from the use, misuse and abuse of information systems. Identify and describe the main risks the computer systems are exposed to and, for each of these risks, suggest some appropriate controls.(10marks)


Question 4

a) Distinguish between: Disaster Recovery Plan (DRP) and Business Continuity Plan (BCP)(4marks

b) Managers need to determine the maximum amount of time the business can survive with its systems down and what parts need to be restored first. List and describe the steps in developing system’s disaster recovery strategy and plan. (10marks)

c) Briefly discuss the importance of encryption, digital signatures and digital certificates in securing electronic communications for individuals and companies engaged in electronic commerce. (6marks)


Question 5

a) Discuss the roles that informed consent, legislation, industry-self regulation and technology tools play in protecting individual privacy and information rights of computerized systems’ users. (8marks)

b) It has been said that controls and security should be one of the first areas to be addressed in the design of an information system.

i) With the help of suitable examples of security methods, explain the following two types of Internet security:

• Client-server security.

• Data and transaction security. (6marks)

ii) Briefly discuss management, organization, and technology roles in controlling and securing information systems. (6marks)




More Question Papers

Enhance your teaching with our comprehensive Schemes of Work and Notes!

Exams With Marking Schemes

Popular Exams

Mid Term Exams

End Term 1 Exams

End Term 3 Exams

Opener Exams

Full Set Exams

Return to Question Papers    

© 2008-2025 by KenyaPlex.com. All Rights Reserved | Home | About Us | Contact Us | Copyright | Terms Of Use | Privacy Policy | Advertise