Академический Документы
Профессиональный Документы
Культура Документы
General instructions:
- Always give explanatory answers (essay), well justified, as though the one reading them does
not already know. Answers with no motives will be treated as guesses and give no point.
- Check that you have received all questions, read the entire exam through.
- Write clearly. Unreadable answers will not, of course, be taken into consideration.
- Assumptions made shall be clearly stated
- The campus guard is just a guard, no interaction on the exam subjects
- The guard can whenever he/she pleases inspect aids like course book
- No talking or collaboration or transmitting of materials between students are accepted, then
you have to leave the exam.
- Cheating will lead to that the result will not be counted for
- See the following page for the Internet rules!
Good Luck
Lars
This page is strictly for those who are taking the exam on Distance
Allowed aids
The final examination is a written test covering allot of the course. Since you will have books available at
the workplace in your ordinary work with security, we have decided that the course book is allowed dur-
ing the final exam. Use this opportunity! You are also allowed to use any dictionary in order to under-
stand the essence of the questions.
Start Max 5
hours later
This page is strictly for those who are taking the exam on Distance
Exam-place for students of the course __________________
Guard: Lars.Furberg@ltu.se/Sarfraz.iqbal@ltu.se
Question 3 (2 points)
Multiple Choice
Identify the letter of the choice that best completes the statement or answers the question.
1) ___ was the first and only operating system created with security as its primary goal.
a. UNIX c. MULTICS
b. DOS d. ARPANET
2) The ____ is a methodology for the design and implementation of an information system in an organization.
a. DSLC c. LCSD
b. SDLC d. CLSD
3) The Security Area Working Group acts as an advisory board for the protocols and areas developed and
promoted by the Internet Society and the ____.
a. IETF c. ISOC
b. ISO/IEC d. IRTF
4) In the ____ approach, the sensor detects an unusually rapid increase in the area temperature within a relatively
short period of time.
a. fixed temperature c. fixed rate
b. permanent temperature d. rate-of-rise
5) ____ are often involved in national security and cyber-security tasks and move from those environments into the
more business-oriented world of information security.
a. Marketing managers c. Business analysts
b. Military personnel d. Lawyers
Question 4 (9 points)
Completion
Complete each sentence or statement.
a) The ____________________ project is the origin of today’s Internet.
b) The expert hacker sometimes is called ____________________ hacker.
c) Attempting to reverse-calculate a password is called ____________________.
d) The ____________________ attempts to prevent trade secrets from being illegally shared.
e) ____________________ is the process of seeking out and studying the practices used in other organizations
that produce results you would like to duplicate in your organization.
f) ____________________ firewalls combine the elements of other types of firewalls — that is, the elements
of packet filtering and proxy services, or of packet filtering and circuit gateways.
g) ____________________ (terminal emulation) access to all internal servers from the public networks should
be blocked.
h) The U.S. government has developed a program, named _________________________ to reduce the risk of
EMR monitoring.
i) Tasks or action steps that come after the task at hand are called ____________________.
j) As new employees are introduced into the organization’s culture and workflow, they should receive as part
of their ____________________ an extensive information security briefing.
Question 5 (74 points)
Essay/Case
Answer the questions with your own words
A well-known University in Stockholm, Sweden has a large datacenter for employees and students in Campus. The University
has a large number of distance students also. The employees of the Datacenter are around 25, male and females. They have a
manager that are educated in Economics and have worked as a ICT Manager in 5 years and have a lot practice on ICT .
One day he was suddenly missing from his work and the work staff become worried. A long time later they found out that he
has escaped from his wife and two kids with a blond secretary. In a later revision on the economics on the University they find
out that he had manipulated the salary system and invented a couple of new employees and their salaries where put on his
account.
A previously done revision by an external consultant on the datacenter department showed a number of problems:
On the weekly meeting very few staff members where present even if they were told to be there to get informed about
the present situation and what things to do on regular basis. The regular backups where not properly marked and they
have not been tested so that the backup where working in an disastrous situation. An employee had big gaming debts
because of online poker. He also regularly asked for a salary in advance because of that. During an unintended power
failure it showed that the employees had troubles restarting critical applications on the servers. During a company
party an employee was bragging about successful cracking of the encryption codes for the company’s employee health
records. A weekend a group of teenagers in the neighborhood has climbed up on the roof via the fire escape ladder and
broken the glass roof and thrown snowballs down at the servers, and no alarm went off. The accident was discovered
on Monday morning. The employees don’t follow the instructions on how to create proper backups, add new user
accounts and updating applications, they were blaming an incompetent manager. In the Data center you often see
visitors like children play freeware and online games on the employee’s computer in their office, when waiting for
their parents. The three employees that work with backups think their work sucks so they play cards instead of making
backups so the tapes that were supposed to be backups were actually blank. In one office department they were still
using outdated Novell network equipment despite that the technicians had warned about it, but the manager thought it
was okay. When one of the computer database administrators was on a business trip the SQL-server application was
experiencing an SQL-injection attack. None of the other computer database administrators were able to solve the
problem. The consequences were that a critical application was left hanging for three days and many students were
furious. An outside cleaning company are cleaning the offices and it turned out that a male Swedish maid gave two of
his cousins the highest scores on an advanced master program through information that were left at the desks. On the
university’s official website an employee had entertained herself through writing demeaning comments about the
University leaders. She had also revealed on Facebook that she was planning shooting the prime minister and all that
she’s missing is the ammunition to the rifle, which she’s trying hard to find it. A famous professor on the university
accidentally left his laptop with important undiscovered research information in his car and the car was stolen. It
turned out that the university doesn’t have a policy to handle research findings and laptops.
Answer the questions with your own words, consider extensive texts. Approx. two pages on each below.
a) Identify and describe in detail at least 10 critical assets in this company case (10p)
b) Investigate and describe in detail 5 different threats and suggest three different countermeasures that works in
different dimensions (Procedure, People, Hardware, Software, Data/Information).(30p)
c) What suggestion/questions should be put to the IT/IS manager as the 5 top priorities about the Datacenter, your
suggestions should cover different dimensions and considering security aspects.(15p)
d) How can you as new manager recreate the confidence for the department among the top management at the
University? Suggestions should focus on the raise of confidence, relation between IS/IT management and Top
management at least 5 suggestions. (15p)
e) Give a short encouraging text to the employees of the department that will give the employees new hopes (4p)