Question Tag: Network Security

Search 500 + past questions and counting.
Professional Bodies Filter
Program Filters
Subject Filters
More
Tags Filter
More
Check Box – Levels
Series Filter
More
Topics Filter
More
  • 10 Marks

BMIS – May 2019 – L1 – Q6a – Introduction to information technology and information systems

Identify and explain controls for network and communication security.

In a sophisticated business environment, computer systems are exposed to security risks that threaten the security and integrity of both the system and the data held in it. The risks associated with hackers, eavesdroppers, and viruses can be minimized through a variety of controls that provide network and communication security.

Required:
Identify FIVE (5) controls that can provide network and communication security and comment on each one of them. (10 marks)

Controls for Network and Communication Security

  1. Anti-virus software:
    Anti-virus software, such as McAfee or Norton, searches systems for viruses and removes them. These programs include an auto-update feature that downloads profiles of new viruses, enabling the software to check for all known or existing viruses. Very new viruses may go undetected by anti-virus software until the software vendor updates their package and the organization installs the update.
  2. Firewall:
    External email links can be protected by a firewall, which may be configured to virus-check all messages and may also prevent files of a certain type, such as .exe files, from being sent via email. Firewalls can be implemented in both hardware and software, or a combination of both, and they disable part of the telecoms technology to prevent unauthorized intrusions.
  3. Encryption:
    Data transmitted across telecommunications links is exposed to the risk of being intercepted or read during transmission, known as ‘eavesdropping.’ Encryption reduces this risk by scrambling the data at one end of the line, transmitting the scrambled data, and unscrambling it at the receiver’s end of the line. A person intercepting the scrambled data is unable to make sense of it.
  4. Electronic signatures:
    Electronic signatures can be provided using public key (or asymmetric) cryptography. Public key cryptography uses two keys: public and private. The private key is only known to its owner and is used to scramble the data contained in a file. The received ‘scrambled’ data is checked against the original file using the public key of the person who signed it.
  5. Authentication:
    Authentication ensures that a message has come from an authorized sender by adding extra data in a form previously agreed upon between the sender and recipient.
  6. Dial-back security:
    Dial-back security operates by requiring the person wanting access to dial into the network and identify themselves first. The system then dials the person back on their authorized number before allowing access.

(6 points well explained @ 1.67 marks each = 10 marks)

  • 10 Marks

BMIS – Nov 2023 – L1 – Q5a – The internet, cloud computing, IS security and blockchain

Explain five controls that an organization can adopt to provide security for its computer systems and stored data.

Computer systems are increasingly being exposed to security risks which threaten the security and integrity of the systems and data storage. The good news however is that these risks can greatly be minimised through a variety of controls which provide network and communication security.

Required: Explain FIVE (5) controls which could be adopted by an organisation to provide security for its computer systems and data stored.

Controls to Minimize Risks to Computer Systems and Data i) Authentication – This is the process which enables the computer system to confirm that the person trying to gain access into the system has the authority to do so by requesting some specific information before the system opens up.

ii) Encryption – Encryption is used to reduce the risk of data transmitted across communication links being intercepted or read by unauthorized persons. It involves scrambling the data at one end of the line, transmitting the scrambled data and unscrambling it at the receiver’s end of the line so that a person who intercepts the scrambled data cannot make any meaning out of it.

iii) Regular audit – The organization must conduct periodic information system audit on its database management system to ascertain if there is any attempted intrusion.

iv) Intrusion detection system – This software monitors systems and network resources and promptly alerts the company’s network security staff when it senses a possible intrusion so that preventive measures are put in place.

v) Anti-virus software – It searches the system for viruses and removes them. Anti-virus programmes include an auto-update feature which downloads profiles of new viruses, enabling it to check for all existing or known viruses.

vi) A Firewall – External email links can be protected by way of a firewall that may be configured to virus check all messages, and may also prevent files of a certain type being sent via email. A firewall disables part of the telecoms technology to prevent unauthorized entry.

vii) Restrictions – The organization can also restrict physical access to its servers and mainframe computers by some persons in order to check crimes.

  • 10 Marks

BMIS – April 2022 – L1 – Q5b – The internet, cloud computing, IS security and blockchain

Explain four measures to prevent the repetition of a hacking incident in a company’s network.

You are the Chairman of a committee appointed by the Management of your company to investigate the recent hacking of the firm’s computer network and consequent loss of very sensitive information, which disrupted operations for some days.

Required:
State and explain FOUR (4) measures which can be put in place to forestall the repetition of such an incident in the future. (10 marks)

Preventive Measures Against Network Hacking:

  1. Encryption:
    Encryption converts sensitive information into a secret code that can only be decrypted by authorized users with the correct key. This ensures that even if hackers gain access to the data, they cannot read or use it without the decryption key. Implementing strong encryption protocols for data storage and transmission is essential for protecting sensitive information.
  2. Intrusion Detection System (IDS):
    An IDS monitors network traffic for suspicious activities or potential security breaches. It alerts the security team in real-time when it detects any unusual behavior, enabling them to respond promptly to prevent or mitigate a hacking attempt. Regular updates and maintenance of the IDS are crucial for its effectiveness.
  3. Biometric Systems:
    Biometric systems use unique physical characteristics, such as fingerprints, facial recognition, or iris scans, to authenticate users. These systems provide a higher level of security compared to traditional password-based methods, as they are much harder to replicate or steal. Implementing biometric authentication can significantly reduce unauthorized access to the network.
  4. Periodic Audits:
    Regular information systems audits help identify vulnerabilities in the network and ensure that security protocols are up to date. These audits can uncover weaknesses that hackers might exploit, allowing the company to address them before a breach occurs. Audits should be conducted by both internal teams and external cybersecurity experts for a comprehensive assessment.
  5. Firewall Installation:
    A firewall acts as a barrier between the company’s internal network and external threats. It filters incoming and outgoing traffic based on predefined security rules, blocking unauthorized access while allowing legitimate communication. Installing and properly configuring firewalls can prevent many types of cyberattacks.
  6. Access Restrictions:
    Limiting physical and network access to sensitive systems and data to only those employees who absolutely need it reduces the risk of internal and external breaches. Implementing multi-factor authentication (MFA) and regularly updating access controls are also effective measures in securing the network.
  • 10 Marks

BMIS – May 2016 – L1 – Q7b – The internet, cloud computing, IS security and blockchain

State five measures that can be put in place to prevent hacking of a company’s computer network.

Your company’s computer network was recently hacked into by fraudsters, stealing sensitive information. This has affected the credibility of the company. State FIVE measures that can be put in place to prevent a repetition of such an incident in the future.

i) User Authentication: This process ensures and confirms that the person trying to access the system has the right to do so by requesting certain information before the system opens up. It may request a username and a password.

ii) Encryption: With this, any information that is saved or being transmitted is converted from plain code into cipher text or a secret code that can be decrypted using a special code by the recipient of such information.

iii) Restrictions: The company can also restrict physical access to its servers and mainframe computers by some people in order to prevent crimes.

iv) Regular Audits: The company must regularly conduct information systems audits on its database management systems to check whether there is an attempted intrusion.

v) Biometric Systems: The company can also install computer systems that use a person’s traits to detect differences by comparing them to stored data.

vi) Public Key Infrastructure (PKI): This enables the firm’s users of unsecured public networks, such as the internet, to securely and privately exchange data through the use of a private and public cryptographic key pair that is obtained and shared through a trusted partner.

vii) Intrusion Detection System: This software monitors systems and network resources and notifies the company’s network security personnel when it senses a possible intrusion in order to put in preventive measures.

Take control of your business data with insight and in-depth understanding by taking this course. 

Services

Contact Info

  • +233203701923
    +233543919232
  • info@noohrabusiness.com

Get In Touch

Follow us on our social media and get daily updates.

Facebook-f Twitter Linkedin-in Envelope