WJEC - A2 ICT
  • Home
    • Messages
    • About the course
    • Timetables
    • Term dates
    • Important dates
    • Useful links
  • Exam
    • Exam Theory
  • Tests
    • Test: Networks
    • Test: the Internet
    • Test: HCIs
    • Test: Working with ICT
    • Test: ICT Security Policies
    • Test: Database Systems
    • Test: Management of Change
    • Test: MIS
    • Test: SDLC
  • Coursework
    • Coursework
    • Rules
    • User Requirements
    • Design Specification
    • Implementation
    • Testing
    • User Documentation
    • Evaluation
  • Progress
    • Option B Progress>
      • Marks - User Requirements
      • Marks - Design Specification
      • Marks - Implementation
      • Marks - Testing
      • Marks - User Documentation
      • Marks - Evaluation
      • Total Marks
    • Option C Progress>
      • Marks - User Requirements
      • Marks - Design Specification
      • Marks - Implementation
      • Marks - Testing
      • Marks - User Documentation
      • Marks - Evaluation
      • Total Marks
  • Careers
    • Careers in ICT and Computing
    • Computer Forensics
    • Cyber Security
    • Network Manager
    • Information Systems Manager
    • Computer Games Designer
    • Computer Aided Design (CAD)

Test:    ICT Security Policies

All of these questions have appeared on past papers.

1          A large company has branches all over the UK and uses its ICT systems to manage 
            customer records and all its financial dealings. The company’s Data Officer has written a 
            security policy to protect the data held by the company.

            Describe the use of user accounts and logs as a way of ensuring the confidentiality of 
            customer records. [2]

2          Explain two other factors which the company should take into account when designing 
            its security policy. [4]

3          A large travel agency has concerns about losing data. They are reviewing their disaster 
            recovery procedures.

            Explain with reasons four factors which should be included in a disaster recovery plan. [8]

4          A Health Authority is very dependent on their ICT system for administration. The Health Authority 
            is undertaking a risk analysis.

            (a)        Describe in detail two of the factors the Health Authority should take into account when 
                        deciding how to develop, control and minimise the risk to data. [2×2]

            (b)        Identify a problem that could arise if steps are not taken to minimise the risk, discuss its 
                         possible impact and describe in detail a suitable strategy to overcome it. [4]

5          Most organisations now have ICT security policies.

             (a)        Discuss in detail the potential threats to data and the possible consequences of 
                          accidental or deliberate destruction of data. Illustrate your answer with distinctly 
                          different examples in each case. [9]

            (b)        Discuss four methods which could be used to prevent the deliberate destruction 
                         or misuse of data. [4×2]

6          A local doctor’s practice uses a network to manage patient records, appointments and all its 
            financial functions. The Practice Manager is worried about the confidentiality of the patient 
            records.

            (a)        Explain why the practice should have a security policy and give two examples of what 
                         this should contain, other than user accounts and logs. [4]

            (b)        Describe the use of user accounts and logs as a way of ensuring the confidentiality 
                         of patient records. [3]

7          Describe two of the factors an organisation needs to consider when producing a risk analysis. [4]

 
Powered by Create your own unique website with customizable templates.