UNIVERSITY EXAMINATIONS: 2018/2019
EXAMINATION FOR THE DEGREE OF BACHELOR OF SCIENCE IN APPLIED
COMPUTING
BAC3216 INFORMATION SYSTEMS SECURITY POLICIES
FULL TIME/PARTTIME
DATE: AUGUST 2019 TIME: 2 HOURS
INSTRUCTIONS: Answer Question One & ANY OTHER TWO questions.
QUESTION ONE
a) Discuss the main elements making up information system. [6 Marks]
b) Expound on the major protocols used to secure communication. [6 Marks]
c) What are residual risks? [2 Marks]
d) How are risk mitigation strategies implemented options? [4 Marks]
e) Explain the fundamental aspect of documenting risks via the process of risk assessment.
[6 Marks]
f) Discus how organizations institutionalize its policies, standards and practiced using
education, training and awareness programs. [6 Marks]
QUESTION TWO
a) Why is it important for organizations to align to the defined policies and ISO standards?
[6 Marks]
b) What are different types of firewall systems. [4 Marks]
c) Discuss the tools used to implement a security policy [6 Marks]
d) Explain the concept of digital signature indicating its importance in security. [4 Marks]
QUESTION THREE
a) Identify two strategies used to control risks. [2 Marks]
b) Differentiate between vulnerabilities and threats. [2 Marks]
c) Examine the phases of security SDLC. [8 Marks]
d) Discuss the various types of threats to information systems. [8 Marks]
QUESTION FOUR
a) What is Cipher text? [2 Marks]
b) What are the approaches of implementing firewall? [5 Marks]
c) What are the deliverables of risk assessment process? [4 Marks]
d) Discuss the legal and ethical issues associated with the information security. [6 Marks]
e) How do organizations determine if they are operating up to the required internal and
international standards? [3 Marks]
QUESTION FIVE
a) Discuss the strategies used to control risks. [8 Marks]
b) Discuss the various types of security policies implemented in an organisation. [8 Marks]
c) Briefly discuss the ISO standards that relate to information security policies [4 Marks]
