Topic: The Internet, Cloud Computing, IS Security and Blockchain

Search 500 + past questions and counting.
Professional Bodies Filter
Program Filters
Subject Filters
More
Tags Filter
More
Check Box – Levels
Series Filter
More
Topics Filter
More
  • 10 Marks

BMIS – May 2020 – L1 – Q5a – The internet, cloud computing, IS security and blockchain

Explain types of cyber-attacks that might cause a company’s website to shut down.

Your company’s website has been shut down as a result of a cyber-attack.

Required:
Explain SEVEN (7) types of attacks that might have caused the shutdown. (10 marks)

Types of Cyber-Attacks That Might Cause Website Shutdown

  1. Identity Theft:
    This occurs when an imposter obtains key pieces of employees’ identity information in order to impersonate them. The information could then be used to obtain credit, merchandise, or services in the name of the victims. The company may shut down the website upon detection of such activity to take the necessary corrective actions.
  2. Hacking:
    This is unauthorized access to information on the company’s website. Hackers might monitor employees’ emails or file transfers to extract passwords or steal files or information for their personal use.
  3. Phishing:
    Phishing involves an individual attempting to obtain secured and sensitive information from users of the company’s website for malicious personal use. When such activity is detected, the website may be shut down for the necessary corrective measures and devices to be installed to prevent similar attacks in the future.
  4. Electronic Spamming (Spams):
    This involves the sending of unsolicited messages to the company’s email users. Spamming can cause data jams and potentially trigger a shutdown if the website has been programmed to do so as a protective measure. Spams may contain executable files that can cause damage to the company’s website.
  5. Virus or Worms:
    A virus is a computer program that replicates and transfers itself to other computer programs, causing destruction to the programs and files in the company’s website. Worms are parasitic programs that operate unaided, replicating and spreading themselves with the goal of consuming resources and causing system failures. Both can lead to a website shutdown.
  6. Denial of Service (DoS) Attack:
    This type of attack floods the company’s website with an overwhelming amount of traffic, making it inaccessible to legitimate users. The overload can cause the server to crash, resulting in a shutdown of the website.
  7. SQL Injection:
    This attack targets the company’s website database, allowing attackers to execute malicious SQL statements. This can lead to unauthorized access to data, data breaches, and potentially shutting down the website to prevent further damage.

(7 points @ 1.43 marks each = 10 marks)

  • 10 Marks

BMIS – Nov 2023 – L1 – Q5a – The internet, cloud computing, IS security and blockchain

Explain five controls that an organization can adopt to provide security for its computer systems and stored data.

Computer systems are increasingly being exposed to security risks which threaten the security and integrity of the systems and data storage. The good news however is that these risks can greatly be minimised through a variety of controls which provide network and communication security.

Required: Explain FIVE (5) controls which could be adopted by an organisation to provide security for its computer systems and data stored.

Controls to Minimize Risks to Computer Systems and Data i) Authentication – This is the process which enables the computer system to confirm that the person trying to gain access into the system has the authority to do so by requesting some specific information before the system opens up.

ii) Encryption – Encryption is used to reduce the risk of data transmitted across communication links being intercepted or read by unauthorized persons. It involves scrambling the data at one end of the line, transmitting the scrambled data and unscrambling it at the receiver’s end of the line so that a person who intercepts the scrambled data cannot make any meaning out of it.

iii) Regular audit – The organization must conduct periodic information system audit on its database management system to ascertain if there is any attempted intrusion.

iv) Intrusion detection system – This software monitors systems and network resources and promptly alerts the company’s network security staff when it senses a possible intrusion so that preventive measures are put in place.

v) Anti-virus software – It searches the system for viruses and removes them. Anti-virus programmes include an auto-update feature which downloads profiles of new viruses, enabling it to check for all existing or known viruses.

vi) A Firewall – External email links can be protected by way of a firewall that may be configured to virus check all messages, and may also prevent files of a certain type being sent via email. A firewall disables part of the telecoms technology to prevent unauthorized entry.

vii) Restrictions – The organization can also restrict physical access to its servers and mainframe computers by some persons in order to check crimes.

  • 20 Marks

BMIS – Nov 2017 – L1 – Q5 – The internet, cloud computing, IS security and blockchain

Distinguish between data and information, explain the steps in converting data into information, and identify essential qualities of information.

a) Distinguish between data and information.
(2 marks)

b) Explain the steps involved in converting data into information.
(10 marks)

c) Identify and explain FOUR essential qualities of information.
(8 marks)

a) Distinction Between Data and Information:

  • Data consists of raw, unprocessed facts and figures, whereas Information refers to data that has been processed in a way that makes it meaningful for planning or decision-making purposes.
    (2 marks)

b) Steps Involved in Converting Data into Information:

  • Data Gathering: The first step involves gathering data from both internal and external sources.
  • Data Evaluation: In this stage, the collected data is examined and filtered so that irrelevant data is ignored or deleted.
  • Data Analysis: The data is compared with a standard or yardstick, such as comparing actual results with budgets.
  • Interpretation: This stage involves considering, interpreting, and adding meaning to the data, such as explaining why actual results differ from expected outcomes.
  • Distribution: The processed information (processed data) is then distributed to those who require it in the amount and manner they need to perform their jobs.
    (10 marks)

c) Essential Qualities of Information:

  • Accuracy: Information must be reliable, with only facts and figures that add up, and assumptions clearly stated.
  • Completeness: Information should include everything relevant to the decision being considered while avoiding excessive details.
  • Cost-Effectiveness: The cost of obtaining information should not exceed the benefits derived from its use, with efficient collection, analysis, and clear presentation.
  • Understandability: Information should be easy to read and understand so that users can act on it effectively.
    (8 marks)
  • 10 Marks

BMIS – May 2017 – L1 – Q4b – The internet, cloud computing, IS security and blockchain

Identify key risks threatening system security and data integrity and outline methods to minimize these risks.

Computer systems are exposed to security risks that threaten the security and integrity of both the system and data held in it. These threats are becoming increasingly sophisticated and seem to multiply by the day, resulting in endless headaches for IT professionals.

With each new piece of technology arriving on the scene, a security threat seems to accompany it. The key for IT is to constantly evaluate current security measures and policies to identify any shortcomings that may be exposing the company to risk.

Required: Explain THREE main risks that threaten security and integrity of systems and data held in them and TWO ways to minimize such risks. (10 marks)

Security Risks:

  1. Hackers and Eavesdroppers: They attempt to gain unauthorized access to computer systems. This may include efforts to damage a system or steal information. Data transmitted across telecommunications links is vulnerable to interception or examination during transmission (eavesdropping).
  2. Viruses: These can destroy information or data. Viruses are malicious programs that can replicate themselves and spread to other systems, causing significant harm.
  3. Denial of Service Attack: This involves an organized attack where excessive volumes of information are deliberately sent to a server to slow it down or hinder its functions, effectively preventing legitimate users from accessing the service.

Ways to Minimize Risks:

  1. Antivirus Software: This is used to prevent, detect, and remove viruses, ensuring the system is protected against malicious attacks.
  2. Firewalls: Firewalls can be implemented to check and control the inflow of files into the system, preventing harmful files from entering and affecting the system.
  • 20 Marks

BMIS – Nov 2015 – L1 – Q7 – The internet, cloud computing, IS security, and blockchain

Discuss the proper acquisition of software and handling of software defects and problems.

SoEasy is a medium-sized firm in the detergent manufacturing sector. It started operations in 2008 and its customer base is quite large, comprising both foreign and local firms and individuals.

In July 2012, the management of SoEasy approved the automation of its operations using an off-the-shelf package. Around May 2013, a number of defects and problems were identified with the software. The local agents of the software providers were accordingly invited for a discussion and solution of the defects and problems.

The management of SoEasy directed that to save time, the agents should quickly do the fixes on their own for normal operations to continue.

After the agents reported they had completed their job, operations continued without any tests being performed. Two months later, operations nearly came to a halt because of software issues.

Required:
a) Explain how the software should have been acquired and the bugs (software errors) corrected. (10 marks)
b) Advise the management of SoEasy on the way software defects and problems should have been handled in the future. (10 marks)

a) Software Acquisition:

  • SoEasy ought to have ascertained its exact software needs before taking steps to acquire the package.
  • Having identified the package, SoEasy should have carried out a thorough user acceptance test to ensure the software needs were met.
  • SoEasy staff ought to have been sufficiently trained in the use of the software. This training would have been conducted by the agent, a normal component of software acquisition. (5 Marks)

Clearing Software Bugs:

  • An elaborate software maintenance contract should have been entered into between SoEasy and the agents.
  • SoEasy staff should have been fully involved in the software amendment process.
  • Thorough tests (regression tests) should have been carried out by the agents with the participation of user staff to ensure the amendments were properly done and that the resulting programs would work flawlessly. (5 Marks)

b) Future Handling of Software Defects and Problems:

  • Any software maintenance contract in existence should be reviewed to ensure it doesn’t favor only one party.
  • In the future, all software issues should be properly documented and forwarded to the Information Systems (IS) Manager if there is one, or to a manager nominated for the purpose.
  • The documented issues should then be discussed with an IS steering committee.
  • The approved documentation should then be passed on to the Chief Systems Analyst for discussion with his/her team of analysts.
  • Competent programmers and other user staff should then be trained to work on the issues in conjunction with the agents.
  • Regression tests should be carried out on any amended programs to ensure that the amendment exercises have not created new problems.
  • The amended programs should be fully documented, and this documentation should replace any existing ones. (10 Marks)

Total: 20 Marks

  • 10 Marks

BMIS – April 2022 – L1 – Q5b – The internet, cloud computing, IS security and blockchain

Explain four measures to prevent the repetition of a hacking incident in a company’s network.

You are the Chairman of a committee appointed by the Management of your company to investigate the recent hacking of the firm’s computer network and consequent loss of very sensitive information, which disrupted operations for some days.

Required:
State and explain FOUR (4) measures which can be put in place to forestall the repetition of such an incident in the future. (10 marks)

Preventive Measures Against Network Hacking:

  1. Encryption:
    Encryption converts sensitive information into a secret code that can only be decrypted by authorized users with the correct key. This ensures that even if hackers gain access to the data, they cannot read or use it without the decryption key. Implementing strong encryption protocols for data storage and transmission is essential for protecting sensitive information.
  2. Intrusion Detection System (IDS):
    An IDS monitors network traffic for suspicious activities or potential security breaches. It alerts the security team in real-time when it detects any unusual behavior, enabling them to respond promptly to prevent or mitigate a hacking attempt. Regular updates and maintenance of the IDS are crucial for its effectiveness.
  3. Biometric Systems:
    Biometric systems use unique physical characteristics, such as fingerprints, facial recognition, or iris scans, to authenticate users. These systems provide a higher level of security compared to traditional password-based methods, as they are much harder to replicate or steal. Implementing biometric authentication can significantly reduce unauthorized access to the network.
  4. Periodic Audits:
    Regular information systems audits help identify vulnerabilities in the network and ensure that security protocols are up to date. These audits can uncover weaknesses that hackers might exploit, allowing the company to address them before a breach occurs. Audits should be conducted by both internal teams and external cybersecurity experts for a comprehensive assessment.
  5. Firewall Installation:
    A firewall acts as a barrier between the company’s internal network and external threats. It filters incoming and outgoing traffic based on predefined security rules, blocking unauthorized access while allowing legitimate communication. Installing and properly configuring firewalls can prevent many types of cyberattacks.
  6. Access Restrictions:
    Limiting physical and network access to sensitive systems and data to only those employees who absolutely need it reduces the risk of internal and external breaches. Implementing multi-factor authentication (MFA) and regularly updating access controls are also effective measures in securing the network.
  • 10 Marks

BMIS – May 2016 – L1 – Q7b – The internet, cloud computing, IS security and blockchain

State five measures that can be put in place to prevent hacking of a company’s computer network.

Your company’s computer network was recently hacked into by fraudsters, stealing sensitive information. This has affected the credibility of the company. State FIVE measures that can be put in place to prevent a repetition of such an incident in the future.

i) User Authentication: This process ensures and confirms that the person trying to access the system has the right to do so by requesting certain information before the system opens up. It may request a username and a password.

ii) Encryption: With this, any information that is saved or being transmitted is converted from plain code into cipher text or a secret code that can be decrypted using a special code by the recipient of such information.

iii) Restrictions: The company can also restrict physical access to its servers and mainframe computers by some people in order to prevent crimes.

iv) Regular Audits: The company must regularly conduct information systems audits on its database management systems to check whether there is an attempted intrusion.

v) Biometric Systems: The company can also install computer systems that use a person’s traits to detect differences by comparing them to stored data.

vi) Public Key Infrastructure (PKI): This enables the firm’s users of unsecured public networks, such as the internet, to securely and privately exchange data through the use of a private and public cryptographic key pair that is obtained and shared through a trusted partner.

vii) Intrusion Detection System: This software monitors systems and network resources and notifies the company’s network security personnel when it senses a possible intrusion in order to put in preventive measures.

Take control of your business data with insight and in-depth understanding by taking this course. 

Services

Contact Info

  • +233203701923
    +233543919232
  • info@noohrabusiness.com

Get In Touch

Follow us on our social media and get daily updates.

Facebook-f Twitter Linkedin-in Envelope