ISM90PS INFORMATION SECURITY MANAGEMENT MASTERS SECTION A: ANSWER ALL QUESTIONS FROM THIS SECTION QUESTION 1: a. Privacy is defined as use of information only for the purposes known to the data owner. This does not focus on freedom from observation, but rather that information will be used only in ways known to the owner. Discuss three ways by which information privacy can be ensured. (15 Marks) b. Differentiate between a leader and Manager (6 Marks) c. Which of the traits of the two should an IT Security Supervosor have and why (4 Marks Question 2 d. Information Security Is centralized around several characteristics. However three are prominent. Discuss the three prominent characteristics. (15 marks) e. In designing an Information System, the System Development Life Cycle (SDLC) must be followed to achieve a reliable functional System. Similarly, in designing an information security system, information security SDLC must be followed. Compare and contrast between the Information System SDLC and the Information Security System SDLC. Question 3 a. Most often, its recommended that passwords be made up of minimum of eight characters and have at least a number and a letter. Using the concept of password power (1 and 2) with case sensitivity and insensitivity; explain how the minimum of 8 characters, one number and one letter affect password security: b. As an Information Security Consultant, MELCOM Group of stores has consulted you on their difficulty in choosing a specific cryptology technique to encipher their information and communication between their stores. Given the options of Caesar Cipher, Symmetric Cipher and Asymmetric Cipher, which would you recommend to MELCOM Group of stores and why SECTION B: ANSWER ONLY ONE QUESTION FROM THIS SECTION Question 4 a. An Information Security Manager, Chief Security Information Officer (CSIO), Information Security Technician, Chief Executive Officer (CEO) and Chief Information Officer (CIO) work together to achieve information security. Though each of these professionals play a unique role in achieving information security, for some organizations, one professional may be hired to handle two or more roles for two or more professionals as above. Using an example, discuss the role of each professional named above. (15 marks) b. Policy play an important role in information security. As a result, there is a 27 cell matrix that must be followed to ensure that security to the maximum in an organization. In formulating the 27 cell matrix, vision, mission and security policy must be considered among others. Using an example, explain mission, vision and information Security policy. Demonstrate the relationship between them. Question 5 a. Authentication can be achieved through four different mechanisms. Using an example each, describe each of these mechanisms. (10 Marks) b. Using the keyword MATH (with the numerical values of 12 0 19 and 7), encrypt the message, MAKE IT HAPPEN using the Vigenere Cipher c. Compared to block cipher, which will you go for (VIGENERE OR BLOCK Cipher and why? Question 6 a. To Ensure Information Security: usually organizations are viewed in three- community perspectives. Describe these communities. (6 marks) b. In Information Security planning, organizational and contingency plan must be worked out. Three sub-categories of planning must be carried out on both organizational and contingency planning. Discuss these sub-categories of planning under organizational and contingency planning. (12 marks) c. Given the keyword PENCIL, decrypt the cipher text 'RKIASINBZY' using play fair principle (7 Marks)