INFORMATION SYSTEMS SECURITY CAT

 MASAI MARA UNIVERSITY COM 2217-1:INFORMATION SYSTEMS SECURITY CAT 

(30 marks)                                                                                                    4th April 2024

1. Define Information systems security? (1 mark)

Information security is the protection of an organization's important information - digital files and data, paper document, physical media, even human speech - against unauthorized access, disclosure, use or alteration

2. Explain the term Exploit? (1 mark) An exploit is a piece of software, a chunk of data, or sequence of commands that takes advantage of a software "bug" or "glitch" in order to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic

3. What do you understand by the term attack? (1 mark)

attack is a set of actions performed by threat actors, who try to gain unauthorized access, steal data or cause damage to computers, computer networks, or other computing systems.

4. Give a brief description of technical hardware failures or errors? (2 marks)

A hardware error is a malfunction of a hardware component in a computer system. The hardware components contain error detection mechanisms that can detect when a hardware error condition exists. Hardware errors can be classified as either corrected errors, or uncorrected errors.

5. How can you explain vulnerability as used in systems security? (2 mark)

Vulnerability is a weakness which allows an attacker to reduce a system's information assurance.

6. What is meant by Distributed denial of service attack? (2 marks)

a denial-of-service attack is an attempt by attackers to keep users from accessing a networked system, service, website, application, or other resource which are launched at a target from multiple sources but coordinated from a central point

7. Explain the limitations of firewall (3 marks)

Firewalls cannot stop internal users from accessing websites with malicious code, making user education critical.

Firewalls cannot protect against the transfer of virus-infected files or software.

Firewalls cannot prevent misuse of passwords.

Firewalls cannot protect if security rules are misconfigured.

Firewalls cannot protect against non-technical security risks, such as social engineering.

8. Give a brief description of 2 different malicious code you are aware of. (2 mark)

• Virus

Attaches itself to program and propagates copies of itself to other programs

• Trojan horse

Contains unexpected, additional functionality

• Logic bomb

Triggers action when condition occurs

• Time bomb

Triggers action when specified time occurs

• Trapdoor

Allows unauthorized access to functionality

• Worm

Propagates copies of itself through a network

• Rabbit

Replicates itself without limit to exhaust resource

9. Provide the different functions that Information security performs for an organization. (4 mark)

Protecting the confidentiality of data.

Preserving the integrity of data.

Promote the availability of data for authorized use.

Proactively identify risks and propose viable mitigation steps.

Cultivate a proactive risk management culture.

10. What is the difference between the following terms as used in systems security: Integrity and efficiency (2 mark)

integrity is a concept and process that ensures the accuracy, completeness, consistency, and validity of an organization’s data while efficiency is a measure of how well a system performs its designated function using the available resources

11. Explain the following terms 

• Backdoor (1 mark) A backdoor in a computer system, is a method of bypassing normal authentication, securing remote access to a computer, obtaining access to plaintext, and so on, while attempting to remain undetected

• Worm  (1 mark) A worm is a program that spreads copies of itself through a network.

• Virus (1 mark)  Attaches itself to program and propagates copies of itself to other programs

12. What is intellectual property? (2 mark)

• Intellectual property is a broad categorical description for the set of intangible assets owned and legally protected by a company or individual from outside use or implementation without consent

13. How can institutions protect themselves from deliberate software attacks? (3 marks)

•  robust firewalls

•  antivirus software 

• intrusion detection systems (IDS)

14. What are the consequences of Technological obsolescence? (2 mark)

• Inability to support business

• Security vulnerabilities

• Lower IT flexibility

• Higher complexity

• Lack of skills and support from vendors