UNIVERSITY EXAMINATIONS: 2020/2021
EXAMINATION FOR THE DEGREES OF BACHELOR OF SCIENCE IN
APPLIED COMPUTING
BAC 3216: INFORMATION SYSTEMS SECURITY POLICY
FULLTIME/ PART TIME/DISTANCE LEARNING
DATE: DECEMBER, 2021 TIME: 2 HOURS
INSTRUCTIONS: QUESTION ONE IS COMPULSORY, CHOOSE TWO OTHER
QUESTIONS
QUESTION ONE (20 Marks) Compulsory
a) Using examples, explain the following:
(i) Risk [2
Marks]
(ii) Threat [2
Marks]
(iii) Vulnerability [2
Marks]
(iv) Threat actor [2
Marks]
(v) Asset [2
Marks]
b) Describe the different security policy types organizations can implement. [8
Marks]
c) Highlight the steps taken in performing due diligence for Information Systems security.
[2 Marks]
QUESTION TW0 (15 Marks)
a) Explain the importance of having a security policy in an organization. [5
Marks]
b) Discuss the steps in setting up a Business Continuity Plan. [10
Marks]
QESTION THREE (15 Marks)
a) Explain personnel security policies an organization should implement. [10
Marks]
b) Differentiate between (MTTR) and (MTTF) in reference to Risk Management. [4
Marks]
c) Describe a breach. [1Mark]
QUESTION FOUR (15 Marks)
a) Define Threat modelling and outline its steps. [10Marks]
b) Define two ways to measure and monitor if security controls are effective. [4 Marks]
c) Define cybercrime [1 Mark]
