UNIVERSITY EXAMINATIONS: 2017/2018
EXAMINATION FOR THE DEGREE OF BACHELOR OF SCIENCE IN APPLIED
COMPUTING
BAC3216 INFORMATION SYSTEMS SECURITY POLICIES
FULL TIME/PARTTIME
DATE: AUGUST 2018 TIME: 2 HOURS
INSTRUCTIONS: Answer Question One & ANY OTHER TWO questions.
QUESTION ONE
a) Define the term residual risks. [2 Marks]
b) Explain the fundamental aspect of documenting risks via the process of risk assessment.
[6 Marks]
c) Outline four risk mitigation strategy options. [4 Marks]
d) Discus how organizations institutionalize its policies, standards and practiced using
education, training and awareness programs. [6 Marks]
e) Explain the main components of information system [6 Marks]
f) List and explain the major protocols used for secure communication. [6 Marks]
QUESTION TWO
a) What is Cipher text? [2 Marks]
b) What are the approaches of implementing firewall? [5 Marks]
c) What are the deliverables of risk assessment process? [4 Marks]
d) Discuss the legal and ethical issues associated with the information security. [6 Marks]
e) How do organizations determine if they are operating up to the required internal and
international standards? [3 Marks]
QUESTION THREE
a) State and explain the phases of security SDLC. [8 Marks]
b) Differentiate between vulnerabilities and threats. [2 Marks]
c) Discuss the various types of threats to information systems. [8 Marks]
d) Identify two strategies used to control risks. [2 Marks]
QUESTION FOUR
a) Discuss the strategies used to control risks. [8 Marks]
b) Discuss the various types of security policies implemented in an organisation. [8 Marks]
c) Briefly discuss the ISO standards that relate to information security policies [4 Marks]
QUESTION FIVE
a) Explain the importance of organizations aligning themselves to the defined policies and ISO
standards. [6 Marks]
b) Discuss the different types of firewall systems. [4 Marks]
c) Discuss any three scanning and analysis tools used to implement a security policy.
[6 Marks]
d) Explain the concept of digital signature indicating why its importance. [4 Marks]
