|
(a) Following are the
restatement of the concerns over preserving confidentiality, integrity,
and availability of data. Explain each of them in brief with suitable
example.
1. Interruption [2]
2. Interception [2]
3. Modification [2]
4. Fabrication [2]
Interruption:
- An asset of the computer system becomes lost, unavailable, or
unusable.
- eg; malicious destruction of a hardware device or erasure of a
program or file.
Interception:
- Means unauthorised party gaining access to an computer asset.
- eg; wiretapping to obtain data in network.
Modification:
- Means unauthorised party not only gaining access but tampers with
an asset.
- eg; change the values in database, alter a program etc.
Fabrication:
- Means insert spurious transactions to a network communication
system or add records to a existing database.
(b) Provide any two reasons, why an arbiter not desirable in a protocol
for exchange of secrets? [2]
- Sender and receiver may not be able to
find a neutral third party
- Arbitration causes a time delay in communication
- Secrecy becomes vulnerable, because the arbiter has access to
sensitive information
(Any two, 1 mark each)
(c) Suppose a program to print paycheques secretly leaks a list of
names of
employees earning more than a certain amount each month. List any
three
controls that could be instituted to limit the vulnerability of this
leakage? [3]
- Do not leave the printer unattended
- Dispose the draft copy and the printer ribbon that may disclose
the
characters printed
- Prevent unauthorised visitors or intruders (1 mark each)
(d) In the context of computer security, explain the terms threat,
vulnerability, and attack. [3]
Threat: is a circumstance or occurrence that
has the potential to cause
harm, or affect the assets and resources of a system (1 mark)
Vulnerability: is an unfortunate characteristics that makes it possible
for threat to be offered; a weakness in the security system that might
be exploited (1 mark)
Attack: is some action taken by a human, exploiting some vulnerability
(1 mark)
(e) Provide any three examples of Pest Program. [3]
- Trojan Horse
- Virus
- Worm
- Logic Bomb (any three, 1 mark each)
(f) Identify the three characteristics that makes a “good”
disaster plan. [3]
- Should provide provision to test and refine
the plan with regular
training exercise
- Make provision for maintaining and improvements when required
- Support from the top management should exist
(1 mark each)
(g) Explain the two major differences between written and digital
signatures. [4]
Written signature is physically appended
to a given document by means
of paper that contains both message and signature (1 mark), whereas
a
digital signature is separate from the document being signed (1 mark).
A written signature is the same for all documents, (1 mark), whereas
a
digital signature depends on the document being signed (1 mark).
(h) List any four possible consequences of the most common disasters
that can
strike a computer system. [4]
- The loss of vital business records
- The loss of communication systems
- The possible failure of computer security systems
- The inability to use important programs
Other answers are possible. (1 mark each)
|