a) Define contingency planning and outline the contents of a contingency plan. b) In ensuring control over the IS department resources, the company can...

      

a) Define contingency planning and outline the contents of a contingency plan.
b) In ensuring control over the IS department resources, the company can adopt physical or logical access controls. With appropriate examples, explain the two forms of control. c) Define the following terms as they related to information systems.
i) Hackers
ii) Viruses

  

Answers


Gregory
a) Contingency planning
A contingency is an unscheduled interruption of computing services that requires measures outside the day to day routine operating procedures. A contingency plan must provide for standby procedures to continue operations, recovery procedures to correct the breakdown and personnel management policies for the procedures.

Contents of a contingency plan include:
? Definition of responsibilities.
? Setting priorities.
? Back-up and standby arrangements.
? Communication with staff.
? Public relations.
? Risk assessment.

b) The two forms of control
Physical access control
This ensures intruders do not get near computer equipment or storage media.

Methods of controlling human access include:
? Personnel (security guards)
? Mechanical devices (lock and keys)
? Electronic identification (card swipe systems, keypad systems)

Logical access systems
These are controls designed to prevent those who have access to a terminal or computer from gaining access to data or software. A logical access system performs three operations when access is requested:
? Identification of the user.
? Authentication of the user identity.
? Check on user authority.

Logical access is accomplished through:
- Password systems
- Encryption
- Biometrics

Password systems
A password is a set of characters, which may be allocated to a user, terminal or facility which are required to be keyed into the system before further access is permitted. Passwords should be kept secret, changed regularly and should not be obvious.

Encryption
Data transmitted over telecommunication links or networks suffers three security dangers:
? Hardware faults.
? Unauthorised access by eavesdroppers.
? Direct intervention by an impostor who sends false messages down the line.

Encryption involves scrambling the data at one end of the line, transmitting the scrambled data and unscrambling (decrypting) it at the receiving end of the line.

Authentication involves making sure that the message has come from an authorised user by the addition of an extra identification field to the message.

Biometrics- use of human biological features e.g retina, sound, to identify or authenticate individuals accessing the system.

c) Hackers and Viruses
A hacker is a person who attempts to invade the privacy of a system. A virus is a piece of software that invades programs or data, and which replicates itself and causes harm to data or the IS.

Viruses are written by programmers and are usually placed in:
? Free software.
? Pirated software. ? Games software.

Examples of viruses are:
? TROJANS. This is a program that while visibly carrying out one function, secretly carries out another.
? WORM. This is a program that replicates itself inside a computer system.
? TRAP DOORS. These are undocumented entry points into the system to which malicious code can be attached.
? LOGIC BOMBS. These are pieces of code triggered by a certain event.
? TIME BOMBS. These are pieces of code triggered by a certain date.

Protection against viruses includes:
? Vaccine programs.
? Guarding against introduction of unauthorised software.
? Cleaning of disks before downloading.


Gregorymasila1 answered the question on March 28, 2018 at 12:38


Next: Name the methods of classroom management?
Previous: a) State the characteristics of a quality software product ...

View More Computer Science Questions and Answers | Return to Questions Index


Exams With Marking Schemes

Related Questions