August 2000
SC223 : COMPUTER SECURITY

QUESTION 5

Total Marks: 15 Marks

• Question 1
• Question 2
• Question 3
• Question 4
• Cover Page

Click to access
SUGGESTED SOLUTIONS
for Question 5

(a) Explain the two forms of Nonrepudiation services provided in networks. Also identify the lowest of the seven OSI layers to provide each service. [4]

(b) Risk Assessment is one of the major activity of risk analysis. It is further
divided in to six sub activities. Identify and explain any three sub activities. [6]

(c) Economic Assessment is considered as an iterative process. Explain why? [2]

(d) Countermeasure are designed to support security objectives via prevention,
detection and correction. Classify each of the following countermeasures into
one of these three categories. [3]
(i) regular backups of data, stored offsite;
(ii) limiting access to computer facilities to authorised personnel;
(iii) smoke alarms throughout the installation.