Published by: Sujan
Published date: 24 Mar 2023
This is the question set along with answers of Information System Security Fall 2022, which was taken by the Pokhara University.
POKHARA UNIVERSITY - Information System Security
Level:Bachelor semester: Fall Year: 2022
Programme:BCIS Full Marks:100
Course: Information System Security Pass Marks:45
Candidates are required to answer in their own words as far as practicable. The figures in the margin indicate full marks.
Section “A”
Very Short Answer Questions
Attempt all the questions.[10*2]
1. What are the critical characteristics of Information?
2. What do you mean by Deviations in QoS in context of threats and attacks ?
3. Briefly introduce SET.
4. What is PKI?
5. Define Information System Audit.
6. For what purpose, Digital Forensic is done ?
7. What are three main characteristics of Hash function?
8. What are the ethical concepts in Information Security?
9. What is business resumption planning ?
10. What is the IPsec tunnel? Where is it used ?
Section “B”
Descriptive Answer Questions
Attempt any six questions. [6*10]
11. a) What are the characteristics of an Information System ?
b) Explain about the NIST security model briefly.
12. Explain briefly about Mail Bombing and Spams. Explain how DOS and DDOS attacks are done with diagrams.
13. Compare public key cryptography with private key cryptography. What is the importance of digital Signature? Explain the signing and verification process of digital signature.
14. What is an Intrusion? What are the various type of Intrusion Detection System? How can Intrusion be prevented?
15. Define information security risk? How risk identification is done ? Explain Different risk handling strategies.
16. What are the basic components of contingency planning? Draw the diagram which shows the steps for contingency planning. Explain incident Response planning.
17. Differentiate between Traditional Forensics and Digital Forensics. Explain about data acquisition types and methods.
Section “C”
Case Analysis
18. Please go through case of “A Business Trip to South America” and respond to following questions:
SCENARIO: A 10-person consulting firm sent a small team to South America to complete a client project. During their stay, an employee used a business debit card at a local ATM. A month after returning to the US, the firm received overdraft notices from their bank. They identified fraudulent withdrawals of $13,000, all originating from South America. There was an additional $1,000 overdraft fee.
ATTACK: The criminals installed an ATM skimmer device to record card account credentials. Many false debit cards were manufactured and used at ATMs in different cities across South America. Skimming occurs when criminals install devices on ATMs, point-of-sale (POS) terminals, fuel pump, etc. to capture data or record cardholders’ PINs. Criminals use the data to create fake debit or credit cards and then steal from victims’ accounts.
RESPONSE: Realizing they had been defrauded, the firm contacted thor bank and closed the impacted account immediately. Their attempts to pursue reimbursement from the bank were unsuccessful. The commercial account used at the ATM for local currency had different protections from consumer accounts and the bank was not required to reimburse them for their losses. The bank went on to deduct the $1,000 overdraft fee from the firm owner’s personal account. The firm severed tires with that bank. The new bank offered comprehensive fraud protection guarantees. The firm created two business accounts:
The firm updated travel protocols, banning the use of company-provided debit cards. Employees now prepay expenses electronically, pay cash, or use a major credit card, as necessary.
IMPACT: The entire cash reserve for the small business was wiped out, netting losses of almost $15,000.
a. What lesson can we learn from this case? [4]
b. What are some steps you think the firm could have taken to prevent this incident? [4]
c. Is your business susceptible? How are you going to reduce your risk ? [4]
d. What are current legal provision in Nepal to address this scenario and what could be improved legal provision? [8]