Scribd
Upload
22 views5 pages

Security Assignment

The document outlines an individual assignment for a Bachelor of Computer Science student at the National Institute of Transport, focusing on analyzing security mechanisms in operating systems and information systems. It details various security features such as password protection, firewalls, antivirus software, encryption, and access control, as well as memory protection techniques and file protection mechanisms. Additionally, it discusses the formulation and implementation of an ICT policy within an organization, highlighting common contents, training, monitoring, and factors that may hinder policy adherence.

Uploaded by

wandowatitus73
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
22 views5 pages

Security Assignment

The document outlines an individual assignment for a Bachelor of Computer Science student at the National Institute of Transport, focusing on analyzing security mechanisms in operating systems and information systems. It details various security features such as password protection, firewalls, antivirus software, encryption, and access control, as well as memory protection techniques and file protection mechanisms. Additionally, it discusses the formulation and implementation of an ICT policy within an organization, highlighting common contents, training, monitoring, and factors that may hinder policy adherence.

Uploaded by

wandowatitus73
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

NATIONAL INSTITUTE OF TRANSPORT(NIT)

FACULTY OF INFORMATICS AND TECHNICAL EDUCATION


DEPARTMENT OF COMMPUTING AND COMMUNICATION TECHNOLOGY

STUDENT NAME: WANDOWA TITUS ELISHA


REGISTRATION NO: NIT/BCS/2022/443
PROGRAMME: BACHELOR DEGREE IN COMPUTER SCEINCE
MODULE NAME: INFORMATION SYSTEMS SECURITY
MODULE CODE: ITU08203
LECTURE’S NAME: SARA FLORENCE
SEMESTER: 2

TASK : INDIVIDUAL ASSIGNMENT


ACADEMIC YEAR:2024/2025
1. Use IT skills in analysing security mechanisms in different OS and information
systems

Hint
i. Analyze security features of an information system Information systems use
various methods to keep data safe, such as:

Information systems employ a variety of security mechanisms to protect data integrity,


confidentiality, and availability. These mechanisms are critical for safeguarding sensitive
information from unauthorized access, breaches, and cyberattacks. Key security features
include:

a) Password protection: Ensures only authorized users can access systems by


requiring strong, unique passwords. For example, Windows Active Directory uses
password policies to lock accounts after failed login attempts.

b) Firewalls: Act as a barrier between trusted and untrusted networks, filtering


incoming and outgoing traffic based on predefined rules. Firewalls can be
hardware-based (e.g., Cisco ASA) or software-based (e.g., Windows Defender
Firewall).

c) Antivirus software: Detects, prevents, and removes malware such as viruses,


ransomware, and spyware. Tools like McAfee, Norton, or Windows Defender use
signature-based detection

d) Encryption: Protects data by converting it into an unreadable format using


algorithms like AES-256 or RSA. For instance, HTTPS uses TLS encryption to
secure web communications, ensuring data privacy during transmission.

e) Access control: Defines who can view or modify data through mechanisms like
user authentication and authorization. For example, Role-Based Access Control
(RBAC) in systems

ii. Discuss memory and address protection Operating systems protect memory so
that one program does not interfere with another. This is done using:

a) Virtual memory: is a memory management technique that creates an abstraction


layer, allowing each process to operate as if it has its own dedicated memory
space.

b) Memory isolation: It ensures that each process operates in a separate memory


space, preventing interference or unauthorized access between processes. This is
essential for both security and stability in multi-process environments.
c) Address protection: Address protection mechanisms prevent unauthorized access
to memory addresses, ensuring that processes can only interact with their
allocated memory regions. This is crucial for defending against malicious attacks
and ensuring system integrity.

iii. Discuss file protection mechanisms Files are protected using:

a) File permissions: It define who can access a file and what actions they can
perform, such as reading, writing, or executing. Permissions are a cornerstone of
file security in most operating systems.

b) Encryption: It protects files by converting their contents into an unreadable


format, accessible only with the correct decryption key. This ensures data
confidentiality, even if a file is stolen or accessed without authorization.

c) User roles to limit access: User roles restrict file access based on a user’s
responsibilities or privileges within a system, ensuring that only authorized
individuals can interact with specific files.

iv. Analyze control mechanisms for general object access The system controls access
to things like files, printers, or networks by using:

a) Access Control Lists (ACLs): ACLs are detailed lists that specify which users or
groups can access an object and what operations they can perform (e.g., read,
write, execute).

b) Role-Based Access Control (RBAC): RBAC grants access to objects based on a


user’s role within an organization, simplifying permission management by
grouping privileges under roles.

c) User authentication methods (passwords, biometrics, etc.): Authentication verifies


a user’s identity before granting access to objects, ensuring that only legitimate
users can interact with system resources.
2. Use IT skills in proposing an ICT policy for an organization

Hint
i. Define Policy

A policy is a formalized set of rules or guidelines created to help people in an organization do


their work properly and safely.
ii. Discuss common content of an ICT policy

A good ICT policy usually includes:


a) Acceptable use of computers and internet

b) Data protection and privacy rules

c) Email and password guidelines

d) Backup and recovery plans

e) Software usage and licensing rules

iii. Discuss proper ICT policy implementation

To make sure the ICT policy is followed, an organization should:


a) Train employees on the policy

b) Use monitoring tools

c) Review and update the policy regularly - Enforce rules fairly

iv. Propose an ICT policy based on the requirements

Example: For a school, the ICT policy can include:


- Students should not access gaming or social media sites
- Teachers must back up files regularly
- Only licensed software is allowed

v. Identify factors that hinder ICT policy implementation

Some reasons why ICT policies are not followed include:


a) Lack of employee training
b) Poor communication

c) No support from top management

d) Old or weak IT systems

e) No punishment for breaking rules

You might also like