Question One: Basic security concepts and terminology
Computer security is the protection of computer systems and the information infrastructure. Threats can originate from various sources. Describe 2 categories of threats, and provide examples (Answer should not exceed 6 lines).
Question Two: Information Security Models ( 6 marks)
The spheres of security, sphere of use and sphere of protection, illustrate the different sources which constitute risks to information, as well as the layers of defense. Describe 3 layers in the sphere of protection model and describe how those 3 layers can help in protecting the information. (Answer should not exceed 6 lines), (Answer should not exceed 6 lines).
Question Three: Security Planning
Security planning involves developing information security plans for any organization. Incident Response (IR), Disaster Recovery (DR), and Business Continuity (BC) are usually developed and used by organizations. Explain both the Business Continuity, and Disaster Recovery planning concepts, and include at least 5 sections (headings) from each plan. (Answer should not exceed 6 lines),
1.THE TWO CATEGORIES OF THREATS ARE:1.MALWARE 2.TROJANS
Malware. Software that performs a malicious task on a target device or network, e.g. corrupting data or taking over a system.
Trojans. Named after the Trojan Horse of ancient Greek history, the Trojan is a type of malware that enters a target system looking like one thing, e.g. a standard piece of software, but then lets out the malicious code once inside the host system.
2. 1.Technology: Policies, network level threats and measures, operating system level measures, measures on the platform level of databases, measures and threats within database applications and other applications
2.Physical: physical policies, site characteristics in regard to power, electricity, air conditioning and access
3.Human: Policies, corporate culture and personal ethics.
3.BUSINESS CONTINUITY AND DISASTER RECOVERY: BC and DR are closely related practices that support an organization's ability to remain operational after an adverse event. The goal of BCDR is to limit risk and get an organization running as close to normal as possible after an unexpected interruption. These practices enable an organization to get back on its feet after problems occur, reduce the risk of data loss and reputational harm, and improve operations while decreasing the chance of emergencies.the sections are:1.Policy, purpose, and scope. 2.Goals and objectives. 3.Assumptions. 4.Key roles and responsibilities.5.Business impact analysis (BIA) results.
Get Answers For Free
Most questions answered within 1 hours.