Download Hong Kong Vocational Institute of Vocational Education (Haking

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
Document related concepts

Digital forensics wikipedia , lookup

Transcript 
CIM3562 Test 2
Hong Kong Vocational Institute of Vocational Education
(Chai Wan)
The Department of Computing and Information Management
Laws, Investigations & Ethical Issues in Security (CIM3562)
Test 2 (2011/12)
Time Allowed: 1 hour
Course / Class : 41914F/ 4A/ 4B
Student Number : _____________________
Student Name : _______________________
1
CIM3562 Test 2
Part A -- Multiple Choice (20 %, 2 marks each)
1.
In Hong Kong, personal data is protected in its widest sense by the following laws,
choose the right combination.
(1) Theft Ordinance
(2) Criminal law
(3) Telecommunications Ordinance
(4) Taxation Ordinance
(5) Personal Data (Privacy) Ordinance
A. 1,2,5 B. 2,3,4
C. 2,3,5
D. 3,4,5
2.
Which of the following are involved in setting up and implementing security policy?
1. Defining project scope and planning
2. Information collection
3. Assigning roles and responsibility
4. Developing policy statements
5. Reporting and monitoring
A. 1,2,3 B. 2,3,5
C. 1,3,5
D. 1,2,4
3.
The following are the steps for assessing security risk. What should be (7)?
1.Planning
2.Information Gathering
3. Risk Analysis
4. Vulnerability scanner
5. Identify & Selecting Safeguards
6. Implementation
7. ______________
A. Checking
B. Monitoring
C. Costing
D. Nothing
2
CIM3562 Test 2
4.
In March 2002, the Commissioner of Personal Data Officer issued a draft Code of
Practice on Monitoring and Personal Data Privacy at Work, the Draft Code aimed on 3
aspects, which are they ?
(1) Collection of monitoring records
(2) Notification of monitoring practices
(3) Interception of monitoring records
(4) Handling of monitoring records
(5) Handling complaints
A. 1,2,4 B. 2,3,4 C. 3,4,5 D. 1,3,5
5.
Which one of the following items is not included in the powers of the Commissioner of
Personal Data.
A. investigate suspected contraventions of the PDPO following complaints, tip-offs or
otherwise
B. summon witness to give evidence
C. issue enforcement notices following an investigation
D. suggest period of imprisonment or amount of fine to those violating the PDPO
6.
Three fields are inter-related for investigation of computer crimes, which are they ?
(1) political science
(2) social science
(3) computer science
(4) forensic science
(5) behavioral evidence analysis
A. 1,2,3 B. 2,3,4 C. 2,4,5
D. 3,4,5
7.
Which of following principles is the fundamental principle of forensic science?
A. Louis Exercise Principle
B. Locard’s Exchange Principle
C. Forensic Exchange Principle
D. Victimology Principle
8.
In network transmission, different layers can reveal different addresses, which of the
following relationship is correct ?
A.
Application Layer – Domain Addresses
B.
Physical Layer – server addresses
C.
Transportation and Network Layers – MTA addresses
D.
Data link Layer – Media Access Control addresses
3
CIM3562 Test 2
9.
Which of the following is not a requirement for personal data defined in the Personal
Data (Privacy) Ordinance in Hong Kong?
A. The data should directly or indirectly relate to a living individual.
B. It is practicable to ascertain the identity of the individual by using these data.
C. It should be provided by the individual.
D. The data should be in the form that can be assessed or processed.
10. In an investigation which kinds of risk assessment should we be taken ?
(1) Victim risk
(2) Computer risk
(3) Network risk
(4) Target risk
(5) Offender risk
A. 1,2,3 B. 1,3,4
C. 1,4,5
D. 2,3,4
Part B – Short Questions (59%)
B1. What are the FOUR items of Security Management Cycle. (6%)
1. Assessing Security Risks
2. Implementing & Maintaining
3. Monitoring & Recording
4. Reviewing & Improving
B2. Briefly explain what an Information Security Incident is. Give two examples for
Information Security Incident.
(6%)
An information security incident is an adverse event in an information system and/or a
network that poses a threat to computer or network security in respect of availability, integrity
and confidentiality.
Examples
Theft and burglary
Natural disaster, e.g. floods, typhoons, rainstorms
Possible hazards from the surroundings
Data line failure
System crashes
Packet flooding
Unauthorized access or use of system resources
Unauthorized use of another user’s account
Unauthorized use of system privileges
4
CIM3562 Test 2
Web defacement
System penetration / intrusion
Massive virus attacks
Any TWO
B3. Write down any THREE objectives for Information Security Response.




(6%)
Minimize business losses and subsequent liabilities to the company;
Minimize the possible impact of the incident in terms of information leakage, corruption
and system disruption, etc.;
Ensure that the response is systematic and efficient and that there is prompt recovery for
the compromised system;
Ensure that the required resources are available to deal with incidents, including
manpower, technology, etc.;

Ensure that all responsible parties have a clear understanding regarding the tasks they
need to perform during an incident by following predefined procedures;
 Ensure that all response activities are recognized and co-ordinated;
 Prevent further attacks and damage, and
 Deal with related legal issues.
Any THREE
B4. What are the six steps for Information Security Response.
1. Preparation
2. Detection & Identification
3. Containment
4. Eradication
5. Recovery
6. Aftermath
(6%)
B5. What are the Hong Kong Ordinance that related to protection of personal data & privacy.
(6%)
1. The Personal Data (Privacy) Ordinance (PDPO);
2. The Interception of Communication and Surveillance Ordinance;
3. The Telecommunications Ordinance (TO);
5
CIM3562 Test 2
B6.Give a simple definition of Spamming (濫發).
(4%)
Spamming is the sending of unsolicited bulk e-mail advertisements for goods or services over
the Internet.
B7. From the perspective of forensic science, what are the four steps in processing and
examining evidence? Give a brief explanation for each step.
(12%)
1. Recognition - Determine what devices (hardware & software) contain digital evidence
2. Preservation, collection and documentation - preserved the evidence in original state,
authentic and unaltered.
3. Classification, comparison and individualization - Identify the evidence in general terms
(e.g. email, picture, document) and examine individual characteristics of the evidence
4.
against know items.
Reconstruction - Rebuild deleted, damaged, hidden or encrypted evidence.
B8. Explain the reason why the transport & network layers are so important in computer
forensic.
(4%)
 The transport and network layers are ripe with digital evidence. This is largely because
these layers play such an important role in inter-networking.
 Addresses (Source IP Address & Destination IP Address) on the network layer (e.g. IP
addresses) are used to identify computers and direct information.
 Port numbers (Source Port & Destination Port) in transport layer can be used to identify
which application/software sent /received the segment.
B9. What are the most useful parameters in network layer & transport layer in computer
forensics investigation?
(4%)
Network Layer
1. Source IP Address
2. Destination IP Address
Transport Layer
1. Source Port Number
2. Destination Port Number
6
CIM3562 Test 2
B10.Give FIVE examples of computer forensic tools.
(5%)
1. EnCase
2. The Coroner's Toolkit
3. Helix
4. CAINE
5.DEFT
Part C – Long Question (21%)
C1
(21 marks)
i) What are the SIX major principles of Data Protection?
(9 marks)
Principle 1 - Purpose and manner of collection of personal data
Principle 2 - Accuracy and duration of retention of persona data
Principle 3 - Use of personal data
Principle 4 - Security of personal data
Principle 5 - Information to be generally available
Principle 6 - Access to personal data
ii) Identify which Data Protection Principle should be used in the following scenario and give
a brief explanation to your choice.
(12 marks)
Note: You may refer to the numbering of the principles in Part (i)
1. If an unsuccessful applicant for an employment position asks to have his or her personal
data including resume returned, does the company have to do so?
Principle (You may refer number in Part(i)) :
Principle 2
Brief explanation:
No. The data subject can request the data be erased, and if necessary enforced by the Privacy
Commissioner, but not returned.
7
CIM3562 Test 2
2. Is it acceptable to ask a job applicant where his or her spouse/children work so as to check
whether they work for a competitor or not?
Principle (You may refer number in Part(i)) :
Principle 1
Brief explanation:
If this is the purpose, it is only necessary to ask if the spouse/children work in the same or
similar field. If they are, then further questions could be asked. If they are not, then there
is no need to know and collect what are their occupations and where they work.
3. Does an employee have the right to know the kind of personal data held by the company
including sensitive and confidential data?
Principle (You may refer number in Part(i)) :
Principle 5
Brief explanation:
Yes, the employer is obliged to disclose to the employee the kind of personal data held,
including sensitive and confidential information.
4. Do employees have the right to obtain a copy of their personal record including appraisal
reports?
Principle (You may refer number in Part(i)) :
Principle 6
Brief explanation:
Yes, but with a few exemptions from the right of access for employment-related data, such
as data related to staff planning, or personal data involved in the certain kinds of
evaluative processes (e.g. employment or appointment to office).
--- End of Test Paper ---
8
Related documents
§ 77-31
§ 77-31
Texas City Council Trounces Upon The 1st Amendment
Texas City Council Trounces Upon The 1st Amendment
Consultation Conclusions on the draft Securities and Futures
Consultation Conclusions on the draft Securities and Futures
legal environment for business in pakistan with specific reference
legal environment for business in pakistan with specific reference
Chapter 1: Protocols and Layers
Chapter 1: Protocols and Layers
Activity 3.1.3 Forensic Engineer
Activity 3.1.3 Forensic Engineer
Computer Forensics
Computer Forensics
Introduction to Forensic Science and the Law
Introduction to Forensic Science and the Law
FORENSICS
FORENSICS
FOS: Probability and Statistics in Forensic Science
FOS: Probability and Statistics in Forensic Science
Employment Records Policy
Employment Records Policy
1997-2 358KB Oct 03 2008
1997-2 358KB Oct 03 2008