UNIVERSITY EXAMINATIONS: 2018/2019
EXAMINATION FOR THE DEGREE OF MASTER OF SCIENCE IN
INFORMATION SYSTEMS MANAGEMENT/ MASTER OF SCIENCE IN
DATA COMMUNICATIONS
MDCN5201 MISM5201 INFORMATION SYSTEMS SECURITY
DATE: APRIL 2019 TIME: 2 HOURS
INSTRUCTIONS: Answer Question One & ANY OTHER TWO questions.
QUESTION ONE
a) Explain FIVE reasons why it is difficult to protect information resources. (5 Marks)
b) Explain why the top-down approach to information security is superior to the bottom-up
approach. (3 Marks)
c) In the context of information security, what are some advantages for an organization to
adhere to the requirements of a specific standard? What are some possible shortcomings of
standards in the context of information security? (5 Marks)
d) There are different types of encryption techniques, explain FIVE characteristics that identify a
good encryption technique. (5 Marks)
e) Write short notes on i) Risk Management ii) Information Security Policy (2 Marks)
QUESTION TWO
a) Information security is a major concern for the software industry today as the number of
internal threats is nearly 80%”. Elucidate on this statement, explain the various security
attacks. (7 Marks)
b) Distinguish between
i.) A block cipher and a stream cipher (2 Marks)
ii.) Symmetric and asymmetric encryption. (2 Marks)
c) Explain any FOUR techniques that can be used by an attacker to deduce the cryptography
algorithm. (4 Marks)
QUESTION THREE
a) Discuss the legal and ethical issues associated with the information security.
(8 Marks)
a) Define contingency planning and explain how it is different from routing management
planning. Also enlist the components of contingency planning (7 Marks)
QUESTION FOUR
a) List and describe the various risk mitigation strategy options (6 Marks)
b) Company A and Company B of similar size and potential victims of cyber attacks. Company
A have implemented ISMS and had good maturity for information security management,
whereas Company B had no ISMS in place and only ad-hoc information security
management.
i.) What is an Information Security Management Systems? (1 Mark)
ii.) Assuming that both companies became victims of cyber attacks and the damages were
equal, explain the possible differences, if any, in consequences and sanctions against
management of the companies. (3 Marks)
iii.) Explain any FIVE biggest challenges in ISMS implementation. (5 Marks)