TU Wien:IT Security in Large IT Infrastructures VU (Fankhauser)/Prüfung 2017-06-23
Zur Navigation springen
Zur Suche springen
- (20 pts.) Explain 5 organizational security compliance aspects and why they are essential at large IT infrastructures
- (20 pts.) ISMS
- What is it?
- Name the 3 ISMS requirements (or procedures?) and explain them
- Why does an ISMS help in large IT infrastructures? (-> e.g. it is hard and unnecessary paper work for small infras, and everyone knows everything either; international vs local, traceability needed when having 9999 staff)
- Why is it important for ISMS's to play along with the management?
- (20 pts.) 10 aspects that arise while penetration testing + connection to large IT infrastructures
- (10 pts.) A CEO vs. CISO are talking about founding a startup. They have good ideas to reach a large, international user base but they still disagree on the aspects speed vs. security. The CEO wants the system+app up and done yesterday and the CISO wants to be this a very secure system, what would lead to a later deployment date. Explain the pros and cons for both approaches.
- (20 pts.) Architecture around Deutsche Gesundheitskarte
- What are the "multiple layers of security"? Explain each layer briefly. (-> see slide 9 "Mehrschichtige Sicherheitsmechanismen")
- What's the advantage of having multiple layers? + connection to large IT infrastructures
- What is CVC?
- (10 pts.) Connected cars - you found a security hole in se car - now you have to recall over 9000 cars. What 2 issues do you have when you have to recall them? How could you avoid this situation? + connection to large IT infrastructures (-> international, many users)