Download CHENDU COLLEGE OF ENGINEERING &TECHNOLOGY

DEPARTMENT OF COMPUTER SCIENCE & ENGINEERING
Subject Name:IT2042 INFORMATION SECURITY
Year/Sem : VI/VIII
UNIT I - INTODUCTION
PART -A
1. What is information security?nov/dec2011
2. Why is a methodology important in implementing the information security? nov/dec2011
3. Explain in detail about software development life cycle process.nov/dec2012
4. What is SDLC? Illustrate the security of SDLC. nov/dec2012
5. Define information security.may/jun 2013
6. List the critical characteristics of information. may/jun 2013
7. Define security. what are the multiple layers of security.nov/dec2012.
8. When can a computer be a subject and an object of an attack respectively? nov/dec2012.
9. If the C I A triangle is incomplete ,why is it so commonly used in security?may/jun 2014.
10. What does it mean to discover an exploit ?how does an exploit differ from vulnerability?
May/jun 2014
11. What is C.I.A?
12. Write a note on the history of information security
13. What is Rand Report R-609?
14. What is the scope of computer security?
15. What is Security?
16. Define Physical security
17. Define Personal Security
18. Define Operations security
19. Define Communications security
20. Define Network security
21. Define Information security
22. What are the critical characteristics of information?
23. What is NSTISSC Security model?
24. What are the components of an information system?
25. What is meant by balancing Security and Access?
26. What are the approaches used for implementing information security?
27. What is SDLC?
28. Explain different phases of SDLC
29. What is Security SDLC?
30. How information security is viewed as a social science?
31. What are the information security roles to be played by various professionals in a
PART -B
1. List and explain the various components of an information system.(16) may/jun 2013
2. Explain the components of System Development Life Cycle (SDLC) .(16) may/jun 2013
3. List and explain the critical characteristics of information system(8) may/jun 2014
4. How is the top down approaches to information security superior to the bottom up
approaches.(8) may/jun 2014
5. Sketch and explain the various components of system development life cycle waterfall
methodology?(16) may/jun 2014
6. Describe the critical characteristics of information. how are they used in the study of computer
security.(8) nov/dec2011
7. Explain the security system development life cycle in detail.(8) nov/dec2011
8. Explain the NSTISSC security model and the top down approaches to security
implementations.(8) nov/dec2011
9. Briefly explain the components of an information system and their security.(8) nov/dec2011
10. List and explain the various critical characteristics of information.(16)may/jun 2012
11. Explain the differences between Systems Development Life Cycle(SDLC) and security Systems
Development Life Cycle(Sec SDLC) may/jun 2012
12. what is information security .Describe the critical characteristics of information.(8) nov/dec2012
13. Briefly explain the components of an information system. How will you balance the security
and access?(8) nov/dec2012
14. Explain the NSTISSC security model and the bottom up approaches to security
implementation.(8) nov/dec2012
15. Explain the various phase of security system development life cycle.(8) nov/dec2012
16. Explain the four important functions, the information security performs in an organization
17. What are dual homed host firewalls? Explain
18. What are deliberate acts of Espionage or trespass. Give examples.
19. What deliberate software attacks?
20. Explain in detail the different types of cryptanalytic attacks
21. Enumerate different types of attacks on computer based systems.
22. What are different US laws and International laws on computer based crimes?
23. Explain in detail the Legal, Ethical and Professional issues during the security investigation
24. What are threats? Explain the different categories of threat
25. What is the code of ethics to be adhered to by the information security personnel stipulated by
different professional organizations?
26. What is Intellectual property? How it can be protected?
27. Who are Hackers? Explain its levels
UNIT II-SECURITY INVESTIGATION
PART –A
1.Why is information security a management problem?nov/dec2011
2. Distinguish between DoS and DDoS. nov/dec2011
3. What are the threats to information security. nov/dec 2012
4. What are the general categories of unethical and illegal behaviour? nov/dec 2012
5. Why is information security a management problem?What can managements do that
technology cannot? May/jun 2014
6. What is intellectual property(IP)? Is it offered the same protection in every country of the
world?
May/jun 2014
7. What is intellectual property? May/jun 2013
8. What is a policy?How it it different form a law? May/jun 2013
9. What are the various types of malware?How do worms differ from viruses? May /jun 2012
10. What is the best method for preventing an illegal or unethical activity? May /jun 2012
11. What is deliberate acts of sabotage and vandalism?
12. What is Cyber terrorism?
13. What are the deliberate acts of theft?
14. What are deliberate software attacks?
15. What are the forces of Nature affecting information security?
16. What are technical hardware failures or errors?
17. What are technical software failures or errors?
18. What is technological obsolescence?
19. What is an attack?
20. What is a malicious code?
21. Define Virus
22. Define Hoaxes
23. What is Distributed Denial-of-service (DDoS)?
24. What is Back Door?
25. Define Dictionary attack
26. What are the various forms of attacks.
27. What are the attack replication vectors?
28. What is Denial-of-service (DoS) ?
29. Define Spoofing
30. Define Man-in-the-Middle
PART -B
1. Explain the various group of threats faced by an organization.(8) nov/dec 2011
2. Discuss the ethical concepts in information security and the preventation to illegal and unethical
behaviour.(8) nov/dec 2011
3. Explain the four important function of information security in an organization.(8) nov/dec 2011
4. Describe the attack replication vectors antd the major types of attacks.(8) nov/dec 2011
5. Explain the four important function of information security in an organization.(8)
nov/dec2012
6. Explain the ethical concepts in information security.(8) nov/dec2012
7. Explain the major types of attack in details.(16) nov/dec2012
8. How does a threat to information security differ from an attack?Explain the give groups of threats
to
information security.(16) may/jun 2014
9. Briefly explain about any four information security professional organization with their role and
motivation.(16) may/jun 2014
10. What is threat?Brief the five group of threats with suitable example.(16) may/jun 2012
11. List any five information security professional organization with their role and focuses.(16)
may/jun
2012
12. What are deliberate acts of Espionage or tresspass. Give examples.
13. What deliberate software attacks?
14. Explain in detail the different types of cryptanalytic attacks
15. Enumerate different types of attacks on computer based systems.
16. What are different US laws and International laws on computer based crimes?
17. Explain in detail the Legal, Ethical and Professional issues during the security investigation
18. What are threats? Explain the different categories of threat
19. What is the code of ethics to be adhered to by the information security personnel stipulated by
different professional organizations?
20. What is Intellectual property? How it can be protected?
21. Who are Hackers? Explain its levels
22. Explain the attack replication vectors
23. Discuss in detail the forces of Nature affecting information security
24. Explain deliberate software attacks
UNIT III-SECURITY ANALYSIS
PART –A
1. What is risk management?nov/dec 2011
2. What is the difference between benchmark and base lines?nov/dec2011
3. What are the thumb rules applied in selecting the preferred risk mitigation strategy? Nov/dec
2012
4. What do yo mean by risk management?nov/dec2012
5. Why do networking components need more examination from an information security
perspective than from a system development perspective?may/jun 2014
6. How does a disaster recovery plan different from a business continuity plan?may/jun 2014
7. Why do we have to do periodic reviews in managing risks?may/jun 2013
8. Give the meaning of “dumpster diving”with respect to information?may/jun2013
9. In risk management strtgies why does periodic review have to be a part of the
process?apr/maY 2012
10. What is assesst valuation?List any two components of assesst valuation?
apr/may 2012
11. What are the Questions to assist in developing the criteria to be used for asset valuation?
12. Define data classification and management.
13. What are security clearances?
14. Explain the process of threat identification?
15. How to identify and Prioritize Threats?
18. What is Risk assessment?
16. What are the different threats faced by an information system in an Organization?
17. What is Vulnerability Identification?
19. Mention the Risk Identification Estimate Factors
20. Give an example of Risk determination.
21. What is residual risk?
22. What is access control?
23. What are the different types of Access Controls?
24. What is the goal of documenting results of the risk assessment?
25. Mention the strategies to control the vulnerable risks.
26. What are the different risk control strategies?
27. Write short notes on Incidence Response Plan
28. Define Disaster Recovery Plan
29. Define Business Continuity Plan
30. What are different categories of controls?
PART -B
1. Describe the process of risk identification in detail.(8)nov/dec 2011
2. Discuss the risk control strategies that guide an organization (8)nov/dec2011
3. Discuss the risk assessment and the documentation of its results.(8) nov/dec2011
4. Explain the various feasibility studies considered for a project of information security controls
and safeguards.(8)nov/dec2011
5. Explain the riskidentification process in detail.(8)nov/dec2012
6. Explain the various ways of categorizing the controls.(8) nov/dec2012
7. Discuss the risk assessment in detaiol(8) nov/dec2012.
8. Discuss the different risk control strategies.(8) nov/dec2012.
9. Explain the process of riskassessment and documenting the result of risk
assessment.(16)my/jun2014
10. What is the cost benefit analysis (CBA)?Explain with suitable formula.(8)may/jun 2014
11. What is benchmarking?Explain the metrices based measures used by the organization to c
compare practices. May/jun2014
12. Sketch and explain the components of risk identificationprocess.may/jun2013
13. Brief about the data classification and management process(8)may/jun 2013
14. List and explain the different types of access control.(8) may/jun 2013
15. Illustrate the process of identifying and assessment risks wit hsuitable example.(16)apr/may
2012
16. Brief any four risk control strategies .(8)apr/may2012
17. Sketch and explain the risk control cycle process.(8)apr/may2012
18. Explain in detail the three types of Security policies (EISP,ISSP and sysSP).
19. What is Information Security Blue print? Explain its salient features.
20. Explain the roles to be played by the communities of interest to manage the risks an
organization encounters
21. Explain the process of Risk assessment
22. Explain briefly the plans adopted for mitigation of risks
23. Explain how the risk controls are effectively maintained in an organization
24. Write short notes on a) Incidence Response Plan b)Disaster Recovery Plan c)Business
continuity plan
25. Explain in detail the process of asset identification for different categories
26. Explain the process of Information asset valuation
27. Discuss briefly data classification and management
28. Explain the process of threat identification?
29. Explain the process of vulnerability identification and assessment for different threats faced
by an information security system.
UNIT IV-LOGICAL DESIGN
PART –A
1. What is information security policies?Nov/dec2011
2. What are the inherent problems with ISO 17799?nov/dec2011
3. What are types of information security policies?nov/dec2012
4. What is contingency planning?nov/dec2012
5. What resources are available on the web to assist an organization in developing best practices
as part of a security framework?may/jun2014
6. What is an after action review?When is it performed?Why is it done?may/jun2014
7. Define policy and standards.may/jun2013
8. Give any five major section of ISO/IEC17799 standards.may/jun2013
9. What is the difference between a management an operational and a technical control?When
would each be applied as part of a security framework?apr/may 2012
10. What measurement do you use when preparing potential damage assessment?apr/may2012
11. List the management controls of NIST SP 800-26
12. Mention the Operational Controls of NIST SP 800-26
13. What are the Technical Controls of NIST 800-26?
14. What is Sphere of protection?
15. What is Defense in Depth?
16. What is Security perimeter?
17. What are the key technological components used for security implementation?
18. What is Systems-Specific Policy (SysSP)?
19. What is the importance of blueprint?
20. What are the approaches of ISSP?
PART -B
1. Explain the different types of information policies.(8)nov/dec2011
2. Discuss the features of VISA international security policies.(8) nov/dec2011
3. Explain the NIST security model in detail.(8) nov/dec2011
4. Explain the various components used in designing the security architecture.(8) nov/dec2011
5. Explain ISO 17799/BS 7799(8)nov/dec2012
6. Explain VISA international security model(8) nov/dec2012
7. Explain the major steps involves in contingency palnning.(16) nov/dec2012
8. Briefly explain the issues specific security policies and VISA international security
model.(16)may/jun2014.
9. Explain the process of business impact analysis and incident response planning with an
realtime example.(16) may/jun2014
10. What is the purpose of ISO/IEC 17799 standard?Brief the ten major section of ISO/IEC
17799 standards?(16)apr/may 2012
11. Draw the architecture of intrusion detection system.(IDSs)(8) apr/may 2012
12. Describe the various process involved in business impact analysis.(BIA)(8) apr/may 2012
13. Explain NIST SP 800-14
14. Explain Sphere of protection with a neat sketch
15. Explain the key technological components used for security implementation
16. Write short notes on
i. Defense in depth
ii. Security perimeter
17. Write short notes on
i. Incident Response plan(IRP)
ii. Disaster Recovery Plan
iii. Business Continuity Plan
18. What is Business Impact Analysis? Explain different stages of BIA in detail.
19. Explain Key technology component
UNIT V-PHYSICAL DESIGN
PART –A
1. Distinguish between symmetric and asymmetric encryption.nov/dec2011
2. What are the credentials of imformation security professionals?nov/dec 2011
3. What are the advantages and disadvantages of using honeypot approaches?nov/dec2012
4. What are the major sources of physical loss?nov/dec2012
5. What is the differences between digital signatures and digital certificates?may/jun2014
6. How do the security consideration for temporary or contract employees differ from those of
the regular fill time employee?may/jun2014
7. What is a content filter?may/jun2013
8. List any four physical security controls. May/jun2013
9. What is the spam filter in the context of email?Whre the placed in thr network yo gain the
best result for the organization?apr/may2012
10. List the criteria for selecting information security personnel.apr/may2012
11. What are Screened-Host Firewall Systems
12. What is the use of an Application proxy?
13. What are dual homed host firewalls?
14. What is the use of NAT?
15. What are Screened-Subnet Firewalls?
16. What are the factors to be considered while selecting a right firewall?
17. What are Sock Servers?
18. What are the recommended practices in designing firewalls?
19. What are intrusion detection systems(IDS)?
20. What are different types of IDSs?
21. Define NIDS
22. What is HIDS?
23. What is the use of HIDS?
24. What is Application-based IDS?
25. What is Signature-based IDS?
26. What is LFM?
27. What are Honey Pots?
28. What are Honey Nets?
29. What are Padded Cell Systems?
30. What are the advantages and disadvantages of using honey pot or padded cell approach?
31. What are foot printing and finger printing?
32. What are Vulnerability Scanners?
33. Define Packet Sniffers
34. What is Cryptography?.
35. What is Cryptoanalysis?
36. Define Encryption
37. Define Decryption
38. What is Public Key Infrastructure (PKI)?
39. What are the PKI Benefits
40. How E-mail systems are secured?
41. What are the seven major sources of physical loss?
42. What is a Secure Facility?
43. What are the controls used in a Secure Facility?
44. What are the functions of Chief Information Security officer?
PART -B
1. Discuss the different types of intrusion detective systems.(8)nov/dec2011
2. Describe the access controls used for providing physicalsecurity.(8)nov/dec2011
3. Write short notes on scanning and analysis tools used during design.(8)nov/dec2011
4. Discuss the cryptographic tools used for providing the security.(8)nov/dec2011
5. Discuss the generation of fire wall in detail.(8)nov/dec 2012
6. Explain the physical security plans to detect and respond to fires and fire hazards.(8)
nov/dec2012
7. Explain the various types of intrusion detection systems.(8)nov/dec2012
8. Discuss the roles and responsibilities of information security staff.no/dec2012
9. Explain the working model of single round DES encryption algorithm with neat sketches
.Also Compare DES and SDES.(16)may/jun2014
10. How does a screened host architecture for firewall differ from a screened subnet firewall
architecture?Which offers more security for the information assets that remins on the trusted
network?Explain with neat sketches(16)may/jun2014
11. Explain the different types of intrusion detection systems(IDS) their advantages and
disadvantages.(16)may/jun2013
12. Brief about the various cryptography tools.(8)may/jun 2013
13. List and describe thecredentials of the various information security certifications.(8)may/jun
2013
14. What is a firewall? Explain the different types of firewall with implemenatation model and
configuration.(16)apr/may2012
15. Explain the various components of single round DES encryption algorithm with a neat
diagram.(10)
16. In a public key cryptosystemusing RSA algorithm ,you catch the cipher text 11 sent to a user
whose public key is (7,187).what is the plain text message?apr/may 2012
17. What is cryptography? Define various encryption terms used.
18 What is RSA algorithm? Explain different steps>
19. What are different possible attacks on crypto systems?
20. List and describe four categories of locks?
21. Explain with a diagram different positions in Information security.
22. What are the functions of
a)CISO
b) Information Security Manager
c) Security Technician
23. How the credentials of Information Security Personnels are assessed?
24. What are the certifications the Information Security Personnels should acquire for fitting
into their roles?