Professional Documents
Culture Documents
Security and Cryptograpy
Security and Cryptograpy
CRYPTOGRAPHY
BBIT/2019/56044
Answer
premises access. Mitigated through intallation of biometrics and cctvs to all the
entrances
Students and administration databases- mitigated through implimenting firewalls
and antivirus software as well as strong persons
communication - Consider using a well-reputed endpoint security solution
across all network endpoint devices, especially since malware has a
tendency to infect the entire network.
financial transactions –employ an address verification of the transactions made
use of receipts and strong passwords
a) Discuss the tools and procedures an ethical hacker would use to detect system penetration
for each area mentioned in (a) above and suggest suitable counter Measurers (5 marks)
Answer
Abusing trusted platforms that won't raise alarms
Upstream attacks that capitalize on a brand value, reputation or popularity.
Funelling crypto currency payments via hard-to-trace methods.
Using common channels and protocols
Using signed binaries to run obfuscated malware.
b) Computer security can be said to be the art or science of protecting computer resources
from unauthorized access, use or alteration. State and explain four key objectives that are
prioritized when protecting computer resources of the bank
(4 marks)
Answer
Protect customer data
Cyber criminals sell personal information on the black market to be used in further
hacking schemes. As banks need to ensure proper cyber security systems are in place to
protect their network and most importantly, their customers' personal information.
c) How do you classify access control into key computer resource areas. With examples,
identify the three key areas to secure and suggest an access control measure for each area
within Military Department. (4 marks)
Answer
Discretionary access control (DAC)
With DAC models, the data owner decides on access. DAC is a means of assigning access rights
based on rules that users specify.
d) Briefly explain three types of identity authentication procedures within a A Sacco system.
(3 Marks)
Answer
Identification
Identity is the starting point of access security. Users are given unique identifiers, and are known
by these personal credentials – their username and password. When a sacco deploy an identity
management system, their primary goal is to properly, and with the highest level of confidence,
identify each user wishing to connect into the corporate IT system.
Authentication
Authentication is the stage in the security process where a user needs to prove their claimed
identity. Once users within a network can be securely identified and authenticated, it’s equally
important for them to have the appropriate authorizations.
Authorization
Even if a user’s digital identity can be authenticated, they should never be granted unrestricted
access within an IT network. Weak authorization can lead to over-privileged users and the risk of
accidental or deliberate abuse of root privileges.
e) Identify two future technologies that are under research and how they are anticipated to
negatively influence day to day human activities.
(5 marks)
Answer
Artificial Intelligence and robotics. Example self driving cars etc.s
The AI takeover of jobs will widen economic divides, leading to social upheaval. The
efficiencies and other economic advantages of code-based machine intelligence will continue to
disrupt all aspects of human work. While some expect new jobs will emerge, others worry about
massive job losses, widening economic divides and social upheavals, including populist
uprisings
Grover is one AI system capable of writing a fake news article from nothing more than a
headline. AI systems such as GROVER create articles more believable than those written by
humans.
f) Giving examples explain how as an IT Consultant you can develop a Computer Security
policy for an Airline Company.
(5 marks)
Answer
Identify your risks - A good way to identify your risks can be through the use of
monitoring or reporting tools.
Learn from others - There are many types of security policies, so it's important to
see what other organizations like yours are doing.
Make sure the policy conforms to legal requirement. Depending on your data
holdings, jurisdiction and location, you may be required to conform to certain
minimum standards to ensure the privacy and integrity of your data, especially if
your company holds personal information. Having a viable security policy
documented and in place is one way of mitigating any liabilities you might incur
in the event of a security breach
Policy construction – design the policy based on the knowledge acquired or
gathered.
Policy implementation - A detailed implementation plan is now required to
translate the design into reality.
Policy monitoring and maintenance- monitor the final system for errors and
improvement as well as maintaining it.
Refferences
https://www.tutorialspoint.com/internet_security/internet_security_quick_guide.htm