Subject Title: ICT Revision Kit
TOPIC: Data security
April 2022 Question One B
Explain the following terms as applied to data security in e-commerce.
(i) Privacy. 2 marks)
(ii) Integrity. (2 marks)
(iii) Authentication. (2 marks)
(iv) Non-repudiation. (2 marks)
April 2022 Question Three B
It is possible to lose a laptop, a mobile phone or a flash disk.
Discuss four ways you could protect the data in your device to minimise data breach.
April 2022 Question Four A
Discuss the importance of information security policies. (5 marks)
April 2022 Question Six C
Assess three benefits of data backup and recovery procedures in a business. (6 marks)
November 2019 Question One B
Examine how the following security risks affect companies that have established e-commerce operations:
i. Creation of counterfeit sites.
ii. Malicious alterations to websites.
iii. Unauthorised access to sensitive information.
iv. Denial of service.
November 2019 Question Five A
Assess six logical controls which could be instituted by a business to secure it from losing money through electronic fraud.
May 2019 Question Four C
Cherry Wanja has been assigned the task of preparing a contingency and disaster recovery plan for technological and automated systems of the organisation she works for.
Outline two purposes of the plan during the following moments of a disaster:
May 2019 Question Seven B
When assessing risks facing an information system, one would need to consider the impact, likelihood and urgency.
With regard to the above statement, explain:
November 2018 Question Four B and C
Suggest five reasons why voice input could be used as a reliable form of security in management information systems.
Outline three examples of computer crimes in each of the following categories:
i. Crimes that target computer networks directly.
ii. Crimes facilitated by computer networks.
November 2018 Question Five A (ii) and (iii)
Safeland Ltd. is a transport and logistics company operating in the East African region. The management of Safeland Ltd. has decided that the company no longer requires a head office and its strategic aim is to become a virtual organisation.
Describe three measures that could be adopted to ensure that the information held by the organisation remains secure.
Analyse five benefits of having a disaster recovery plan implemented for management information system in Safeland Ltd.
May 2018 Question Two A (ii)
Differentiate between the following terminologies as used in management information systems:
“Loss of infrastructure” and “denial of service”.
May 2018 Question Four A and B
a) The ICT Manager of Usalama Ltd. is concerned about the security of the organisation’s information. He has proposed that all the current passwords be changed into more secure passwords.
Highlight six guidelines that must be followed to ensure that the new passwords cannot be easily cracked.
b) You have been asked to prepare a document on disaster recovery.
In the context of Information Communication Technology (ICT) risk management, propose three items that you would include in the document.
May 2018 Question Five C
Suggest four reasons why it is necessary for an organisation to backup its data
May 2018 Question Six D
Debrix Company has installed a biometric system to control access to its offices.
Highlight examples of biometric data that could be used in such a system.
November 2017 Question One D
A fast growing organisation has information systems that have so for not failed. Before increasing its reliance on information communication technology (ICT), the organisation’s insurer has advised the organisation to carry out a risk analysis and then plan what to do.
(i) Explain what is meant by “risk analysis”.
(ii) Outline four criteria that could be used to select a disaster contingency plan.
November 2017 Question Three A
The security of information technology and the security of data are the two major aspects of information systems security.
Explain what each type of security above entails.
(ii) Summarise six ways of guaranteeing information security in an organisation.
November 2017 Question Five B
The top management of your company has decided that they no longer require a head office and their strategic aim is to become a virtual organisation.
However, the company’s auditors have raised concerns that information held in the virtual company would lack security.
Examine five measures that the management could adopt to ensure that the information held in the virtual platform is secure.
November 2017 Question Seven A
With the aid of an example, distinguish between “project risk” and “business risk”.
Identify two factors used in evaluating risk exposure and how each of these factors might be assessed qualitatively.
May 2017 Question Three B
There are many types of actors who pose risks to businesses via information communication technology (ICT) assets.
Examine five types of actors who could pose risks to an organisation through its ICT assets.
May 2017 Question Six D
Explain the concept of “disaster recovery planning” as used in information communication technology risk management.
May 2017 Question Seven C
Describe the main components that should be included in the organisation’s framework report for improving systems security and control
November 2016 Question One B
Every organisation needs controls that ensure protection of the organisation’s assets, accuracy and reliability of its records and operational adherence to management standards.
Distinguish between the following types of controls used in a computerised information system:
(i) “General controls” and “application controls”.
(ii) “Administrative controls” and “data security controls”.
(iii) “Input controls” and “output controls”.
November 2016 Question Three B
Information communication technology (ICT) risk actions are of two types, that is, “avoidance actions” and “mitigation actions”.
Citing examples where each of the risk actions might be employed, evaluate the relationship between avoidance actions and mitigation actions.
November 2016 Question Six C and D
c) In securing an information system you seek to safeguard against loss of confidentiality, integrity and availability.
Explain the following terms:
(1) Loss of confidentiality.
(ii) Loss of integrity.
(iii) Loss of availability
d) Businesses have come to rely on email as a means of communication.
Explain how email security packages protect against spam
May 2016 Question One B
Explain why the use of ICT risk management techniques is becoming increasingly important in managing information systems.
November 2015 Question Four A
Analyse two major aspects of information system security.
Explain three aspects of guaranteeing effective information system security
November 2015 Question Six B
Enumerate six significant information systems security challenges to a business organisation.
Highlight three capabilities of authentication that could make it overcome information systems security threats.
Pilot paper 2015 Question Three C
Explain sequentially the steps taken during the information systems risk assessment process.
Pilot paper 2015 Question Six A
Corporate governance in information and communication technology (ICT) requires that management plan, control, evaluate and monitor current and future use of information systems.
In light of the above statement:
i. Highlight four specific objectives that must be met in order to provide reasonable assurance of the security of information systems.
ii. Explain four ways in which management policy and controls can be used to safeguard information systems in an organisation.