BIT 3102 INFORMATION SYSTEMS SECURITY AND CRYPTOGRAPHY– DISTANCE LEARNING KCA Past Paper

UNIVERSITY EXAMINATIONS: 2014/2015
ORDINARY EXAMINATION FOR THE BACHELOR OF SCIENCE
IN INFORMATION TECHNOLOGY
BIT 3102 INFORMATION SYSTEMS SECURITY AND CRYPTOGRAPHY– DISTANCE LEARNING
DATE: DECEMBER, 2014 TIME: 2 HOURS
INSTRUCTIONS: Answer Question ONE and any other TWO

QUESTION ONE
a) Describe briefly four types of programmed threats. (4 Marks)
b) Describe briefly the steps involved in implementing access control services.
(5 Marks)
c) Describe briefly the following security models:
(i) Bell LaPadula (BLP) model (2 Marks)
(ii) Biba model (2 Marks)
d) Discuss the problems associated with symmetric key algorithms. (6 Marks)
e) Knowing or estimating possible losses helps you select and apply the proper
safeguards based on both the probable impact of a disaster and the cost of
implementing the safeguards. In this regard discuss the safeguard selection
criteria. (6 Mark)
f) Outline briefly any five important factors to consider when choosing a firewall solution. (5 Marks
QUESTION TWO
a) Relations between encryption and signature methods became possible with the
“digitalization” of both and the introduction of the computational-complexity
approach to security.
(i) State the THREE requirements that a scheme for unforgeable signatures must possess. (3 Marks)
(ii) State the THREE requirements for a scheme that would perform message authentication. (3 Marks)
b). Cryptography is the study of the mathematical algorithms and functions used to
secure messages. These algorithms fall into two camps: restricted and open. Explain which of the above the algorithm is preferable and why you could
choose it. (6 Marks)
c). Discuss briefly the benefits and limitations of asymmetric key encryption.
(6 Marks)
d) Differentiate between cryptanalysis and cryptology. (2 Marks)
QUESTION THREE
a) Discuss briefly any five access control attacks that are directed against people.
(5 Marks)
b) Once security goals are in place, there are a number of concepts that can be
applied to reinforce security within your organization. Techniques such as
personnel management are critical components to strengthening organizational
security. Employing these techniques will help you increase security levels and
protect your information systems from intrusive, unauthorized access.
(i) When hiring a new employee, it is important to match the appropriate employee
with the applicable job and security responsibilities. Outline the Baseline hiring
procedures. (5 Marks)
(ii) From a security standpoint, what security benefit does mandatory vacations
provide? (2 Marks)
(iii) How is a sensitivity profiling developed and what is the benefit? (2 Marks)
(iv) How can you address the major considerations of sensitivity profiling for job positions? (2 Marks)
c) Define the following terminologies:
(i) Disaster Recovery Plan (DRP) (1 Mark)
(ii) Mandatory Access Control (MAC) (1 Mark)
(iii) Emanation (1 Mark)
(iv) Dumpster diving (1 Mark)
QUESTION FOUR
a) Explain briefly the five steps undertaken in risk analysis (5
Marks)
b) Discuss any five challenges faced by information technology support organizations (10 Marks)
c) In a non-electronic banking scenario, a customer, A, may write instructions to his
bank to transfer funds from his account to another customer B’s account. A third
party (messenger) delivers the instructions to the bank. Explain the integrity and
authentication concerns in this scheme and how they are typically addressed.
(5Marks)
QUESTION FIVE
a) Identify any six key security threats in the e-commerce environment. (7 Marks)
b) Discuss any four design principles for secure systems. (8 Marks)
c) Describe how public key encryption is used to establish the authenticity of a
message that is exchanged between two parties, say Alice and Bob. (5 Marks)

(Visited 89 times, 1 visits today)
Share this:

Written by