|
(a) Explain the two forms
of Nonrepudiation services provided in networks. Also identify the
lowest of the seven OSI layers to provide each service. [4]
- The lowest layer to provide both services
is the application
layer, (1 mark)
- or in some cases the presentation layer. (1 mark)
(b) Risk Assessment
is one of the major activity of risk analysis. It is further
divided in to six sub activities. Identify and explain any three sub
activities. [6]
-Define Security perimeter
-System decomposition
-Identification of threat
-Threat rejection logic
-Determining vulnerability to threat
-Determining Degree of risk
(Any three, 1 mark each for the activity identified and 1 mark each
for
suitable explanation)
(c) Economic Assessment
is considered as an iterative process. Explain why? [2]
- Application of a single countermeasure
may not eliminate the total
risk (1 mark)
- The process is repeated until the residual risk value is considered
to
be at an acceptable level. (1 mark)
(d) Countermeasure are
designed to support security objectives via prevention,
detection and correction. Classify each of the following countermeasures
into
one of these three categories. [3]
(i) regular backups of data, stored offsite;
Ans: Correction
(ii) limiting access to computer facilities to authorised personnel;
Ans: Prevention
(iii) smoke alarms throughout the installation.
Ans: Detection
|