SECTION B: SHORT ANSWER QUESTIONS (30 MARKS)
1. What are the four types of security threats you understand? (4 marks)
- Hackers
- Industrial espionage
- Employee sabotage
- Fraud and theft
- Loss of physical and infrastructure support.
- Errors and omission.
2. Why is security threats categorized according to risk impact? (2 marks)
- Analysing possible threats.
- By analysing systems vulnerability.
3. How is security measures selected in an organization? (2 marks)
- According to ICT security policy.
- According to organization internal security policy.
4. What do you understand by the term security threats? (2 marks)
- Malicious act or elements that seek to damage/steal data or disrupt digital life.
5. What are the 3 security control measures? (3 marks)
- Preventive
- Detective
- Responsive
6. In your understanding, what are any 4 ICT security policy? (4 marks)
- Acceptable use of ICT resources.
- Information classification.
- Personal information on collection, holding and usage.
- Physical security of ICT resources.
7. What is ICT security policy? (2 marks)
- A document that has a set of rules enacted by an organization to ensure that all users or networks abide by prescription on security of data.
8. How is security systems performance evaluated? (3 marks)
- Define the threat and collect its data.
- Identify feasible solutions.
- Select the best solution and determine whether its working
9. Where are ICT security policies set? (2 marks)
- Organizational level
- Acts of parliament
- UN policies on Information security
10. What are the principles of ICT security policies? (4 marks)
- Confidentiality
- Integrity
- Availability
- Privacy
11. When are ICT security policies put in Kenya gazette? (2 marks)
- After the president accents an act of parliament into law.
12. Malkia is an editor in a company that wants to test their systems using a hacker.
What major test should the hacker carry out? (1 mark)
- Validation of input data to test integrity.
13. Youve been using a computer that is vulnerable to hacking, give two reasons for this? (2 marks)
● You observe unexpected software installed.
● Your mouse moves between programs and makes selections.
14. How would you tell that an organization is undergoing security threats on their systems? (4 marks)
- Physical damage.
- Loss of essential services.
- Compromise of information.
- Technical failures.
- Compromise of functions: abuse of rights .
15. As an intern in an organization dealing with census data, how would you advise on protection of big data? (3 marks)
- Protect authentication gateways.
- Use latest antivirus protection.
- Schedule periodic audits.
- Encrypt data both at rest and motion.
SECTION C: EXTENDED RESPONSE QUESTIONS (50 MARKS)
1. After finishing this unit, TVET invites you to talk about ICT security threats control. What are the main steps that must be undertaken in curbing ICT security threats? (10marks)
- Security threat is a potential cause of an incident that may result in harm of systems and organization e.g. objects and human.
- Security measures are enforced to prevent the threats e.g. firewall and use of strong passwords.
- ICT security policies are formulated either at organizational level or as per act of parliament to guide the measures taken.
- Information systems are made up of both physical and logical resources which vulnerability to attacks should be considered on both sides.
- Tests are carried out to assess he security plan put in place.
- Performance of the security systems is evaluated.
2. As an employee in a firm dealing with Information Systems, there are 5 things you are not expected to do. Come up with any 5 (10marks)
- Use of weak passwords.
- Use of systems without installing latest antivirus.
- Lack of having regular audits on the system usage.
- Granting all users same rights.
- Not having secured measures between offline and online platforms e.g. firewall.
- Disclosing information to members outside the organization.
- Manipulating information to interfere with its integrity.
- Sabotaging information flow e.g. through intentional breakdown of the system.
- Physical damage of information systems.
3. In ICT security measures are chosen based on threats. Discuss these measures (10 marks)
- Use strong passwords.
- Control access e.g. user level rights and privileges.
- Update programs and systems regularly.
- Carry out penetration tests to diagnose loopholes.
- Raise awareness to employees on need of keeping data safe.
- Backup data in offline storage.
- Use security software e.g. anti-spyware.
4. Kenya as a country has obstacles in controlling ICT security threats. What are these obstacles? (10 marks)
- Lack of ICT security legal and regulatory framework.
- Lack of information security awareness and persistent information security culture.
- Lack of specific sector policies e.g. education.
- Reliance on imported hardware and software.
- Lack of a child online protection framework.
- Lack of necessary knowledge, information security professionals and skills within government body.
- Resistance to change especially in public sector.
- Inadequate fund allocation to ICT security systems.
- Inadequate standards and maturity models for ICT security.
5. Assuming the government has invited you to lecture on how to overcome obstacles in 4 above, come up with illustrated highlights of the lecture. (10marks)
- Introduction of ICT security legal and regulatory framework.
- More fund allocation to ICT security systems.
- Coming up with more standards and maturity models for ICT security.
- Introduction of necessary knowledge, information security professionals and skills within government body.
- Reliance on imported hardware and software.
- Introduction of a child online protection framework.
- Introduction of specific sector policies e.g. education.
- Embracing change especially in public sector.
- Introduction of information security awareness and persistent information security culture.