1

BCS 321 CAT I

Rufus Gichuki - COM/B/01-00115/2019

MASINDE MULIRO UNIVERSITY OF SCIENCE AND TECHNOLOGY

BCS 321: Computer Systems and Security

14/02/2023
 2

a.) Setting the password lifetime at 180 days would increase the risk of an
attacker successfully guessing a password and having access to the account for
a longer period of time. While longer password lifetimes can be more
convenient for users and reduce the frequency of password changes, they also
increase the window of opportunity for attackers to access sensitive
information. By limiting the password lifetime to 90 days, the system
administrators are balancing the need for security with the need for usability.

b.) i. Yes, I agree that without integrity, no system can provide confidentiality.
Confidentiality means that information is kept private and not disclosed to
unauthorized parties. However, if the information has been tampered with or
modified without authorization, it cannot be considered confidential anymore.
Integrity, on the other hand, ensures that information remains unaltered and
accurate, which is crucial for maintaining confidentiality. If there is no
integrity in a system, then there is no guarantee that the information being
kept confidential has not been modified, copied or stolen, and hence
confidentiality cannot be ensured.

ii. Yes, a system can provide integrity without confidentiality. Integrity

ensures that data is accurate, unaltered, and consistent, regardless of whether
the information is kept private or shared with others. So, a system can provide
integrity even if the information is not confidential. For example, a publicly
available database can have mechanisms in place to ensure data integrity,
such as using digital signatures or checksums to detect tampering, even
though the data itself is not confidential.

c.) Requiring employees to report any contact with employees of the company's
competitors, even if it is purely social, may not have the desired effect of
stopping competitors from learning proprietary information. This policy could
create a culture of fear and mistrust among employees and discourage social
interaction, potentially harming morale and productivity. Moreover,
 3

determined competitors may find other ways to obtain proprietary

information, such as through hacking or third-party sources, regardless of
employees' social interactions. A more effective approach would be to
implement strong information security measures, such as access controls and
data encryption, and to provide regular training to employees on the
importance of safeguarding proprietary information.

d.) Sharing a computer between the police and the public defender presents
significant security problems, as both agencies have access to sensitive and
confidential information that should be kept separate. There is a risk of
unauthorized access, data breaches, and potential conflicts of interest.

Sharing the same computer or set of computers between public agencies may be
a cost-saving measure, but it can compromise security and confidentiality. It is
recommended to have separate and secure computer systems for each agency to
minimize the risks of security breaches and protect sensitive information.

e.) Regulation of personal information processing is important for data subjects

because it helps to protect their privacy and ensure that their personal
information is being handled appropriately. Regulation can help prevent
unauthorized access, use, or disclosure of personal information, as well as
safeguard against misuse, abuse, or theft of such data. It can also ensure that
individuals have control over their own data and can exercise their rights to
access, correct, or delete their personal information when necessary.
Additionally, regulation can establish clear guidelines for data handling and
help promote transparency and accountability among those who process
personal information. Overall, regulation of personal information processing
can help to build trust and confidence among data subjects, while also
promoting responsible data management practices

f.) Report the incident to the university's IT department and/or security team
immediately, as this is a serious breach of privacy and security.

Inform your friend that what they did was unethical and illegal, and advise
them to cooperate fully with any investigations.
 4

Avoid any involvement in covering up or concealing the incident, as this

could also result in legal and ethical consequences.

If requested, provide any information you have about the incident to the
university's IT or security team, but do not make any accusations without
evidence.

Consider whether to maintain a friendship with someone who engages in

unethical and potentially criminal behavior. Encourage your friend to find
legal and ethical ways to address any security shortcomings they have
identified.
 5

Reference

European Union Agency for Cybersecurity. (2021). General Data Protection

Regulation (GDPR). Retrieved from
https://www.enisa.europa.eu/topics/data-protection/general-data-
protection-regulation/

Mayer-Schönberger, V., & Cukier, K. (2013). Big data: A revolution that will
transform how we live, work, and think. Houghton Mifflin Harcourt.