In the context of Information Systems Security, write short notes on ALL of the following headings:- a. Why are computer systems more vulnerable to destruction, error,...

      

In the context of Information Systems Security, write short notes on ALL of the following
headings:-
a. Why are computer systems more vulnerable to destruction, error, abuse and misuse than
manual systems?
b. What is meant by the term Risk Assessment?
c. What are Worms and Viruses?
d. Outline the process of Public Key Encryption.

  

Answers


gregory
Information Systems Security is the safeguarding of the computer system from attacks or
destruction. Computer systems are vulnerable due the following reasons.
a. Destruction/error/abuse/misuse: -
i. Hardware failure due to natural causes; electrical failure; etc.
ii. Software failure; bugs; poor design etc.
iii. Human errors.
iv. Theft/corruption of data.
v. System penetration by illegal access.
vi. Complex computer system difficult to replicate manually.
vii. As data is more compact, potential loss is greater.
viii. As data is more compact potential damage by abuse/misuse greater.
ix. Advent of networks has greatly increased the potential of unauthorised access.
Paper based systems are less compact and intercommunication is much harder.
b. Risk Assessment: -
Risk can be defined as the product of the amount that may be lost due to a security
exposure and the probability or frequency that such a loss will occur. Potential threats may
be identified by past experience, use of experts or brainstorming techniques as well as their
anticipated frequency (once per month etc.) and potential monetary cost. The controls that
might be necessary to counter the threat are also estimated and a judgment made whether
the control costs are more or less than the threat and if so should the control procedures be
implemented. Controls may be general or application controls.
]General controls are those controls which are not specific in nature. This may include
things like authorization of use and the general awareness of the risks by the employees.
Application controls are those controls over the inputs, processing and the output. This may
includes things such are validation checks and maintenance of data.
c. Worms & Viruses: -
A worm is a program that transfers itself from computer to computer over a network and
plants itself as a separate file on the target computer. This program is destructive in nature
and may destroy data or utilize tremendous computer and communication resources but
does not replicate like viruses.
A worm does not change other programs but can run independently and travel from
machines to machines over the network. Worms can also have portions of themselves
running on many different machines.
A virus is contagious and is a set of illicit instructions which are passed onto any other
programs or documents with which it comes into contact. Viruses are malicious computer
programs. Traditional viruses attach themselves on other executable code, infect the user‘s
computer, replicate themselves on the user‘s hard disk and then damage data, hard disk or
files. Viruses attack the following parts of a computer:-
o Executable program files
o File directory systems
o Boot and system areas that start the computer
o Data files
d. Public Key Encryption (PKE): -
Encryption means encoding a message into some form of code so that only the person
receiving the message can decode the message. PKE uses two keys, a public key and a
private key. The sender uses the public key to encrypt a message which is transmitted over
the internet. When the message is received the recipients use their own private key to decode
the message.
In encryption the message is converted from the plain text into a secure code called cipher
text and cannot be understood before decryption to plain text again.
Encryption key is piece of information that is used within the encryption logarithm to make
encryption or decryption process unique making the user to require a correct key to decipher
the meaning.
Encryption logarithm is a mathematically based function or calculation which encrypts or
decrypts.
In the PKE the two keys work together as a pair. The public key is known to everyone but
the private key is known to an individual thus the only person who can decrypt the message.
gregorymasila answered the question on February 15, 2018 at 15:56


Next: The development of powerful desktop computers coupled to telecommunication networks has revolutionized the way organizations may carry out their business. The following are some alternatives for...
Previous: Organizations are now moving from Strategic Management systems towards Enterprise systems and yet further to Industrial Networks and Extended Enterprise systems. a. Describe the features of...

View More Computer Science Questions and Answers | Return to Questions Index


Exams With Marking Schemes

Related Questions