UNIVERSITY OF MAURITIUS

FACULTY OF LAW AND MANAGEMENT

SECOND SEMESTER EXAMINATIONS

MAY 2016

PROGRAMME BSC (HONS) MANAGEMENT (MINOR : BUSINESS INFORMATICS) –

LEVEL III

MODULE NAME INFORMATION SYSTEMS SECURITY

DATE Tuesday MODULE CODE CSE 3216(3)

24 May 2016

TIME 09:30 – 11:30 DURATION 2 Hours

Hours

NO. OF NO. OF QUESTIONS

5 4
QUESTIONS SET TO BE ATTEMPTED

INSTRUCTIONS TO CANDIDATES

This paper consists of FIVE Questions.

Answer ANY FOUR (4) Questions.

All questions carry equal marks.

 INFORMATION SYSTEMS SECURITY – CSE 3216(3)

Question 1

(a) Name five main concepts aim at in a secure system.

[5 marks]

(b) Using suitable examples of your own explain the concepts mentioned in (a) and
their respective protection mechanism.
[5 * 2 marks]

(c) A bank ATM system relies on a secret code of 4 digits. Calculate the work factor
of this implementation. Show all your workings.
[4 marks]

(d) All staffs in an organization should be involved in the building of a secure

working environment. How should management participate in that endeavor?
[6 marks]

Question 2

(a) Differentiate between symmetric and public key cryptosytems. Use a suitable
diagram to explain the differences in their operation.
[6 marks]

(b) Outline the six Feistel cipher design principles that are applied to a block cipher
such as DES.
[4 marks]

(c) State the two evidences which confirm the high degree of diffusion and
confusion with DES.
[4 marks]

(d) Illustrate how 3DES with three keys can be backward compatible with the
regular DES.
[4 marks]

(e) Explain using a labeled diagram the operation of a full fledge hybrid cipher
system which also caters for non repudiation and integrity.
[7 marks]

Page 1 of 3
 INFORMATION SYSTEMS SECURITY – CSE 3216(3)

Question 3

(a) Explain the different vertices of the authentication triangle. Use suitable
examples of your own to demonstrate its (authentication triangle) use?
[6 marks]

(b) Differentiate between soft and hard biometric in terms of ease of use,
performance and types of application using them.
[4 marks]

(c) List five important properties which an element should possess before its use as
biometric authentication.
[5 marks]

(d) Most biometric systems operate in verification mode. Use block diagrams to
detail implementation of such systems.
[5 marks]

(e) Explain the four metrics used to assess the performance of a biometric system.
[5 marks]

Question 4

(a) Explain the term firewall and use suitable examples of your own to supplement
your answer.
[3 marks]

(b) Differentiate between the different firewall policies that exist.

[4 marks]

(c) Using suitable diagrams explain operation of the DMZ architecture.

[8 marks]

(d) Comment on the security problems which may still exist although a firewall has
been installed.
[5 marks]

(e) Name five security aspects of a well-designed VPN.

[5 marks]

Page 2 of 3
 INFORMATION SYSTEMS SECURITY – CSE 3216(3)

Question 5

(a) What do you understand by the term watermark? Using an analogy explain how
digital watermark resembles real world watermark.
[6 marks]

(b) Name four uses of watermark.

[4 marks]

(c) Differentiate between steganography and watermarking.

[3 marks]

(d) The keys selected for security are similar to those used in knowledge based
authentication system. Explain six policies you would put in place to enhance the
strength of Wifi networks?
[6 marks]

(e) Comment on three IT laws prevailing in Mauritius.

[6 marks]

- END OF QUESTION PAPER -

Page 3 of 3