Get access to thousands of high quality educational resources

Sit 302: Information System Security Question Paper

Sit 302: Information System Security 

Course:Bachelor Of Science Information Technology

Institution: Kenyatta University question papers

Exam Year:2009



Page 1 of 2
KENYATTA UNIVERSITY
UNIVERSITY EXAMINATIONS 2008/2009
INSTITUTE OF OPEN LEARNING
EXAMINATION FOR THE DEGREE OF BACHELOR OF SCIENCE
(INFORMATION TECHNOLOGY)
SIT 302: INFORMATION SYSTEM SECURITY
=================================================================
DATE: TUESDAY 11TH AUGUST 2009 TIME: 11.00 A.M. – 1.00 P.M.
INSTRUCTIONS:
Answer question ONE and any TWO questions
QUESTION ONE
a) Define the following terms:
i) Authentification
ii) Authorization
iii) Availability (6 marks)
b) Explain why the security of information is of great concern to any given organization
that decides to computerize its operations. (4 marks)
c) Briefly explain why computer crime is considered as a white-collar crime. (4 marks)
d) Explain why an Auditing system should be included in any given information system.
e) Explain reasons that make data to consider as sensitive. (4 marks)
f) Explain how a virus can be a security threat and how the information system can be
protected against viruses. (6 marks)
QUESTION TWO
a) Explain why it is important to include security in system development life cycle.
(3 marks)
Page 2 of 2
b) Briefly explain the security activities carried during the following SDLC phases:
i) Initial phase
ii) Acquisition/development phase
iii) Disposition phase (12 marks)
QUESTION THREE
a) Explain the term security plan. (2 marks)
b) Suppose you have been appointed the information systems security officer for your
organization and you have been given the task of developing a security plan for the
organization. Briefly describe the issues that you shall consider to part of the
contents of the security plant document. (13 marks)
QUESTION FOUR
a) Briefly explain how you can distinguish a risk from other project events.
b) State and explain three strategies for risk reduction. (6 marks)
c) List three basic steps of risk analysis. (3 marks)
QUESTION FIVE
a) Explain the term an “Information security audit”. (2 marks)
b) As an Information security officer in your Organization explain how you
would carry out the auditing of your information security system in the organization.
(13 marks)




More Question Papers

Enhance your teaching with our comprehensive Schemes of Work and Notes!

Exams With Marking Schemes

Popular Exams

Mid Term Exams

End Term 1 Exams

End Term 3 Exams

Opener Exams

Full Set Exams

Return to Question Papers    

© 2008-2025 by KenyaPlex.com. All Rights Reserved | Home | About Us | Contact Us | Copyright | Terms Of Use | Privacy Policy | Advertise