|
Winter
2012
|
||
|
8
|
Describe
three factors an organisation needs to consider when producing a risk
analysis.
|
[6]
|
|
9
|
A local
council uses a network to manage their client records, appointments and all
their financial functions. The council’s Information Officer is worried about
the confidentiality of the records. Explain why the council should have
a security policy. Other than user accounts and logs, give three examples of
what it should contain.
|
[5]
|
|
10
|
Describe
the use of user accounts and logs as a way of keeping records secure.
|
[3]
|
|
Summer
2012
|
||
|
19
|
With
the increase in the use of computing systems most organisations have adopted
ICT security policies. Discuss in detail three different types of
potential threats to data. For each type of threat, describe the possible
consequences of the destruction of data. You need to use distinctly different
examples to illustrate your threats.
|
[9]
|
|
20
|
Discuss
four possible operational procedures for preventing misuse of data. Use
distinct examples to illustrate your procedures.
|
[8]
|
|
Winter
2013
|
||
|
5
|
A large
Research Agency uses ICT systems to store customer records and all its
financial functions. Explain why the agency should have a security policy and
give two examples of what it should contain, other than user accounts and
logs.
|
[4]
|
|
6
|
Describe
the use of user accounts and logs as a way of maintaining the security of
customer records.
|
[3]
|
|
9
|
Other
than how well the company is equipped to deal with the risk, describe in
detail three of the factors an organisation needs to consider when producing
a risk analysis.
|
[6]
|
|
10
|
A bank
is reviewing its disaster recovery programme. Other than risks, explain with
reasons three factors, which should be included in a disaster recovery
programme.
|
[6]
|
|
Winter
2014
|
||
|
18
|
Due in
parts to potential threats to data, most organisations have now created ICT
security policies. Discuss in detail four distinctly different types of
potential threats to data. For each type of threat, describe a possible
distinctly different consequence of the destruction of the data.
|
[12]
|
|
19
|
Describe
three operational procedures an organisation could put in place to prevent
misuse of data. Use different examples to illustrate each procedure.
|
[6]
|
|
Summer
2014
|
||
|
5
|
The
Data Officer of a large company has written a security policy for that
company. Explain why the company should have a security policy. Other
than user accounts and logs, give three examples of what it should contain.
|
[5]
|
|
6
|
Describe
the use of user accounts and logs as a way of keeping confidential data
secure.
|
[3]
|
|
11
|
A
finance company is carrying out a risk analysis. Describe in detail three of
the factors the company should take into account when
deciding how much to spend to control and minimise the risk to data.
|
[3x2]
|
|
Summer
2015
|
||
|
11
|
Other than establishing a code
of conduct,
discuss five possible operational procedures which could be
introduced to prevent the misuse of data.
Use distinct examples to illustrate these procedures.
|
[5x2]
|
|
13
|
Companies
and their customers are increasingly dependent on electronic
information. The security of
electronic data is very important to every company and their customers.
Describe
three different types of threat to a company’s data and illustrate each type of threat with a different detailed example. For each
of the different threats, describe a distinctly
different consequence for a company or its customers, should the security
of the data be compromised of the data destroyed.
|
[3x3]
|
Wednesday, 7 October 2015
IT3: Topic 5 - Security Policies
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment