April 1999
SC223: COMPUTER SECURITY

QUESTION 3

Total Marks: 20 Marks

 Click here to access other questions

GRADE A
Sample student's solutions are indicated in green.
Return to Question 3

 
(a) List four security-related functions which are performed by an operating system. [4]
The four security-related functions which are performed by an operating system are:
  1. Authentication of users
  2. Protection of memory
  3. Inter-process communication and synchronization
  4. File and I/O device access control.

 
(b) (i) List two major goals associated with legal issues surrounding computer security. [2]
  • Protection of code and data
  • Protection of computing against criminal

 
(ii) Distinguish between the terms copyright and patent right. [4]
Copyright is designed to protect the expression of idea. It covers works of art, literature and writing. IT allows regular and free exchange if ideas.

Patent right is designed to protect the device or process that carrying out an idea, not the idea itself. It applies to the results of science, technology and engineering.

 
(c) (i) Distinguish between an internal auditor and an external auditor with regards to their responsibilities and scope of activities. [4]
Internal auditor has a high level role which aims at reporting the managerial effectiveness of the organization. The primary role is to check the system and procedures to see whether they are being enforced.

External auditors' primary function is to express an opinion on account procedures by an organization based upon examination of books and records. The external auditors is not responsible for the detection of fraud.

 
(ii) Describe three suspicious activities which one might encounter during a security audit. [6]
The 3 suspicious activities are :
  1. Account without password
    This is usually comes with the system or they might be set up for guest or demo. Anyone can login using such account.
  2. Account with easily guessed password
    These includes password selected by user, password associated with administrator or guest account. A malicious intruder may try to guess it and systematically crack it.
  3. Group account
    Accounts that allow multiple people to login is risky, If somebody uses account to break into the system, there's no way of telling who is responsible.