Answer ALL questions in this section. Please write the question number cleary in your answer scripts. QUESTION 1 a) The C.I.A. triad has been the standard for computer security since the early days of the invention of the digital mainframe computer. However, the vast array of constantly evolving threats has prompted the development of a more robust model to meet the unique characteristics of information security. Outline THREE (3) other major characteristics, in addition to the C.I.A. triad, that will sufficiently address the complexities of today's and future information security environment. (6 marks) b) Outline the main differences between Discretionary Access Control (DAC) and RoleBased Access Control (RBAC) policies. Provide ONE (1) example of an application that employs DAC policy and ONE (1) example of an application that employs RBAC policy. (8 marks) c) Suppose that UNIMY has the following type of documents in its database. Create a suitable and concise data classification and user accessibility/privilege system on a need-to-know basis i.e., a system that is well-balanced in terms of an adequate level of data privacy/protection, accessibility, convenience and with minimum administrative efforts to manage. Clearly identify all the end-users and their access privilege for each of the data types below based on the data classification system you have designed. Board of Directors meeting minutes, company resolutions; University Senate papers, meeting mimutes; Student registration, Statement of Account, Course files, Exam questions, Exam results; Bank account statements, Audited accounts \& reports, Staff salaries; Staff personal profile, performance appraisals, training certificates; Research project status, Research papers Gotmals, conferences); Building floorplan, Repair \& Replacement records, Utilities (electricity \& water) (11 marks)