No.

1 (a) Actions that should be allowed for the client portal:

1. Loan application submission: Clients should be able to submit loan applications online through the
portal.

2. Loan status tracking: Clients should be able to check the status of their loan applications and view
updates on the portal.

3. Document upload: Clients should be able to upload necessary documents related to their loan
applications.

4. Online payment: Clients should be able to make loan payments securely through the online payment
option.

Actions that should be restricted for the client portal:

1. Access to sensitive information: Clients should not have access to confidential company data or other
clients' information.

2. System configuration: Clients should not have the ability to modify system settings or alter the
functionality of the portal.

3. Unauthorized transactions: Measures should be in place to prevent unauthorized access to client

accounts and transactions.

4. Data manipulation: Clients should not have the ability to manipulate or modify their loan details or
other data in the system.

(b) Possible loopholes that may have led to the attacks on the Information System:

1. Vulnerable receipting module: The receipting module might have had a security vulnerability that
allowed unauthorized access or manipulation of data.

2. Insufficient access controls: There might have been weak access controls in place, allowing
unauthorized individuals to gain access to sensitive areas of the system.

3. Inadequate network security: Sharing Wi-Fi with neighboring companies could have exposed the
system to potential attacks or unauthorized access.

4. Lack of data encryption: If data transmission and storage were not properly encrypted, it could have
made it easier for attackers to intercept or manipulate the data.

5. Weak system monitoring: Insufficient monitoring of system activities and logs could have made it
difficult to detect suspicious behavior or anomalies.
(c) Security features compromised by the attacks:

1. Data integrity: The integrity of the receipting module was compromised, as the discrepancy between
the system's receipt and the actual receipt in the accounts section indicates data manipulation.

2. Confidentiality: The attacks might have compromised the confidentiality of client data and other
sensitive information stored within the system.

3. Availability: The system experienced issues such as slow processing, sudden shutdowns, and loss of
data, which affected the availability of services for both clients and staff.

4. Authentication and access control: Unauthorized access to the system might have occurred, allowing
individuals to manipulate data or perform actions they should not have been able to.

(d) Practice/procedure to identify the fault in the receipt module before the client's complaint:

Regular reconciliation: The company should have implemented a regular reconciliation process where
the system-generated receipts are cross-checked with the receipts issued by the accounts section. By
comparing the two, any discrepancies or anomalies could have been identified promptly. This
reconciliation should be performed periodically, ensuring that the receipts match and any discrepancies
are investigated and resolved immediately.

To safeguard the equipment and software in the computer laboratory at Kyambogo College, it is
important to implement various security measures. Here are some key measures that should be
undertaken:

1. Physical Security:

a. Install secure locks and access control mechanisms on the computer laboratory doors to prevent
unauthorized access.

b. Implement surveillance cameras to monitor the laboratory and deter theft or vandalism.

c. Ensure that windows and other entry points are properly secured to prevent unauthorized entry.
 d. Keep an inventory of all equipment and conduct regular checks to ensure everything is accounted
for.

2. Network Security:

a. Set up a robust firewall to protect the computer laboratory network from external threats.

b. Implement strong passwords and user authentication mechanisms for all network devices and
computers.

c. Regularly update and patch the operating systems, software, and firmware on all devices to address
security vulnerabilities.

d. Install and regularly update antivirus and anti-malware software on all computers to protect against
malicious software.

3. Data Security:

a. Implement data backup procedures to regularly backup critical data stored in the computer
laboratory.

b. Encrypt sensitive data to prevent unauthorized access in case of theft or unauthorized access.

c. Educate staff and students about the importance of data security, including safe browsing habits,
avoiding suspicious emails or downloads, and reporting any security incidents.

4. User Access Control:

a. Create individual user accounts for staff and students, each with appropriate access privileges based
on their roles and responsibilities.

b. Implement strong password policies and regularly enforce password changes.

c. Monitor and log user activities within the computer laboratory to detect any suspicious behavior or
unauthorized access.

5. Training and Awareness:

a. Conduct regular training sessions for staff and students on cybersecurity best practices, including
password security, safe browsing, and identifying potential security threats.
 b. Promote a culture of security awareness and encourage reporting of any security incidents or
concerns.

6. Maintenance and Upkeep:

a. Regularly maintain and update all hardware and software to ensure they are running the latest
security patches and updates.

b. Keep an inventory of all software licenses and ensure compliance with software vendor
agreements.h

By implementing these security measures, Kyambogo College can significantly enhance the protection of
the donated ICT equipment and software in the computer laboratory, reducing the risk of theft,
unauthorized access, and data breaches.j y