CS507 Information Systems Assignment 4 solution Fall 2012

Question 1:   (5 Marks)

Following is a class diagram.

You are required to analyze the above Class diagram and identify;


1. The type of relationship among classes

2. Attributes  

Class:                                       Customers: Object/Instance A particular Add, update, delete, validate, etc.

Methods (Operations related to the objects) Attribute                               Name, Address, etc.

Relationship is Inheritance. A person can be a student and teacher. 

Inheritance is usually identified by the phrase “is a kind of.” For example, the term “automobile ” is a
generalization of “van”, “car“, “truck”, and many others. Conversely, we can say that since cars are
automobiles so they inherit all the properties common to all the automobiles e.g. engine, steering, etc.
but capacity and type of engine, size of steering will be different from each class, based on these
differences sub-classes are created. Two concepts are used in relation to inheritance; generalization and

Question 2:   (5 Marks)Suppose you are working as an IT Security professional in a multinational organization. Given is the list of possible threats that can be harmful for the Information system of this organization. Your task is to identify that which of the following threats are logical and which of them are physical.

1. Bomb attack           physical

2. Flood                      physical

3. Loss of electricity physical

4. Malicious code      Logical

5. Unauthorized changes of records   Logical  

Question 3:   (5 Marks)

According to the annual risk assessment of a multinational organization ABC, following are the results.

1. The probability of power failure in a one-year period is 25 percent and the loss while power is down is Rs. 752500 on the average for each occurrence.

2. The User errors have a 95 percent chance of occurring over a yearly period, with average loss of Rs. 15200 for each occurrence.

You have to calculate the amount of expected loss (annual) for Power failure and User errors risks.


In fourth step of the exposure analysis, the amount of expected loss is computed through following formula

A = B x C x D

1. A = Expected Loss

2. B = Chances (in %) of threat occurrence

3. C = Chances (in %) of Threat being successful

4. D = Loss which can occur once the threat is successful


A = 25% * 75% *752500

= 141,093.75