Read the scenario below and answer ALL the questions that follow.

Securing Organizational Information Systems Access Control

A leading business organization recognized the paramount importance of safeguarding sensitive employee and customer

information through robust Information Systems Access Control. Problems surfaced in the application of access control

principles, prompting an Information Systems Access Control strategic initiative.

The organization then set about putting together committees consisting of Information Systems users at various levels of

function within the organization. Each committee was led by up to two Information Systems or Cybersecurity experts with

one of the two being the sitting committee chairman. The role of each committee was to specifically identify common

Information Systems access control violations at all institutional user levels within the organization.

After the identification of all possible Information Systems access control violations at all institutional user levels within

the organization, each committee chairman and his co$-$cybersecurity expert within the same team, would then have to

assess and verify the efficacy of the known fundamental principles that guide the implementation of secure and efficient

information resource access against the most common violations as identified by the committees. This assessment and

verification process was necessary because it made it possible for cybersecurity experts to assess the effectiveness of

the application of each principle considering what would have been found to be the most common access control

violations as perpetrated by the business organization$$s overall user community.

QUESTION $1(20$ Marks$)$

Examine the access control phases that a system goes through in order to finally provide access to information resources

for users.

QUESTION $2(20$ Marks$)$

Provide an analysis that involves the identification, significance as well as implementation challenges of the fundamental

principles on which access control is based.

SECTION B $[60$ MARKS$]$

Answer ANY THREE $(3)$ questions in this section.

QUESTION $3(20$ Marks$)$

Compare and contrast two $(2)$ activities that are linked to Information Security, namely espionage and competitive

intelligence. In your answer, examine the type of individuals who are mainly responsible for the perpetration of espionage.

QUESTION $4(20$ Marks$)$

Critically analyse the six $(6)$ P$\text{'}$s of Information Security by articulating how and why they should be used to properly guide

Information Security in an organisation.

QUESTION $5(20$ Marks$)$

Provide an analysis of how a database proxy can be used to protect an organisation's data resources from cyber$-$attacks.