* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download CHENDU COLLEGE OF ENGINEERING &TECHNOLOGY
Computer and network surveillance wikipedia , lookup
Wireless security wikipedia , lookup
Cyberwarfare wikipedia , lookup
Distributed firewall wikipedia , lookup
IT risk management wikipedia , lookup
Post-quantum cryptography wikipedia , lookup
Airport security wikipedia , lookup
Cyberattack wikipedia , lookup
Mobile security wikipedia , lookup
Information security wikipedia , lookup
Security-focused operating system wikipedia , lookup
Cyber-security regulation wikipedia , lookup
Cybercrime countermeasures wikipedia , lookup
DEPARTMENT OF COMPUTER SCIENCE & ENGINEERING Subject Name:IT2042 INFORMATION SECURITY Year/Sem : VI/VIII UNIT I - INTODUCTION PART -A 1. What is information security?nov/dec2011 2. Why is a methodology important in implementing the information security? nov/dec2011 3. Explain in detail about software development life cycle process.nov/dec2012 4. What is SDLC? Illustrate the security of SDLC. nov/dec2012 5. Define information security.may/jun 2013 6. List the critical characteristics of information. may/jun 2013 7. Define security. what are the multiple layers of security.nov/dec2012. 8. When can a computer be a subject and an object of an attack respectively? nov/dec2012. 9. If the C I A triangle is incomplete ,why is it so commonly used in security?may/jun 2014. 10. What does it mean to discover an exploit ?how does an exploit differ from vulnerability? May/jun 2014 11. What is C.I.A? 12. Write a note on the history of information security 13. What is Rand Report R-609? 14. What is the scope of computer security? 15. What is Security? 16. Define Physical security 17. Define Personal Security 18. Define Operations security 19. Define Communications security 20. Define Network security 21. Define Information security 22. What are the critical characteristics of information? 23. What is NSTISSC Security model? 24. What are the components of an information system? 25. What is meant by balancing Security and Access? 26. What are the approaches used for implementing information security? 27. What is SDLC? 28. Explain different phases of SDLC 29. What is Security SDLC? 30. How information security is viewed as a social science? 31. What are the information security roles to be played by various professionals in a PART -B 1. List and explain the various components of an information system.(16) may/jun 2013 2. Explain the components of System Development Life Cycle (SDLC) .(16) may/jun 2013 3. List and explain the critical characteristics of information system(8) may/jun 2014 4. How is the top down approaches to information security superior to the bottom up approaches.(8) may/jun 2014 5. Sketch and explain the various components of system development life cycle waterfall methodology?(16) may/jun 2014 6. Describe the critical characteristics of information. how are they used in the study of computer security.(8) nov/dec2011 7. Explain the security system development life cycle in detail.(8) nov/dec2011 8. Explain the NSTISSC security model and the top down approaches to security implementations.(8) nov/dec2011 9. Briefly explain the components of an information system and their security.(8) nov/dec2011 10. List and explain the various critical characteristics of information.(16)may/jun 2012 11. Explain the differences between Systems Development Life Cycle(SDLC) and security Systems Development Life Cycle(Sec SDLC) may/jun 2012 12. what is information security .Describe the critical characteristics of information.(8) nov/dec2012 13. Briefly explain the components of an information system. How will you balance the security and access?(8) nov/dec2012 14. Explain the NSTISSC security model and the bottom up approaches to security implementation.(8) nov/dec2012 15. Explain the various phase of security system development life cycle.(8) nov/dec2012 16. Explain the four important functions, the information security performs in an organization 17. What are dual homed host firewalls? Explain 18. What are deliberate acts of Espionage or trespass. Give examples. 19. What deliberate software attacks? 20. Explain in detail the different types of cryptanalytic attacks 21. Enumerate different types of attacks on computer based systems. 22. What are different US laws and International laws on computer based crimes? 23. Explain in detail the Legal, Ethical and Professional issues during the security investigation 24. What are threats? Explain the different categories of threat 25. What is the code of ethics to be adhered to by the information security personnel stipulated by different professional organizations? 26. What is Intellectual property? How it can be protected? 27. Who are Hackers? Explain its levels UNIT II-SECURITY INVESTIGATION PART –A 1.Why is information security a management problem?nov/dec2011 2. Distinguish between DoS and DDoS. nov/dec2011 3. What are the threats to information security. nov/dec 2012 4. What are the general categories of unethical and illegal behaviour? nov/dec 2012 5. Why is information security a management problem?What can managements do that technology cannot? May/jun 2014 6. What is intellectual property(IP)? Is it offered the same protection in every country of the world? May/jun 2014 7. What is intellectual property? May/jun 2013 8. What is a policy?How it it different form a law? May/jun 2013 9. What are the various types of malware?How do worms differ from viruses? May /jun 2012 10. What is the best method for preventing an illegal or unethical activity? May /jun 2012 11. What is deliberate acts of sabotage and vandalism? 12. What is Cyber terrorism? 13. What are the deliberate acts of theft? 14. What are deliberate software attacks? 15. What are the forces of Nature affecting information security? 16. What are technical hardware failures or errors? 17. What are technical software failures or errors? 18. What is technological obsolescence? 19. What is an attack? 20. What is a malicious code? 21. Define Virus 22. Define Hoaxes 23. What is Distributed Denial-of-service (DDoS)? 24. What is Back Door? 25. Define Dictionary attack 26. What are the various forms of attacks. 27. What are the attack replication vectors? 28. What is Denial-of-service (DoS) ? 29. Define Spoofing 30. Define Man-in-the-Middle PART -B 1. Explain the various group of threats faced by an organization.(8) nov/dec 2011 2. Discuss the ethical concepts in information security and the preventation to illegal and unethical behaviour.(8) nov/dec 2011 3. Explain the four important function of information security in an organization.(8) nov/dec 2011 4. Describe the attack replication vectors antd the major types of attacks.(8) nov/dec 2011 5. Explain the four important function of information security in an organization.(8) nov/dec2012 6. Explain the ethical concepts in information security.(8) nov/dec2012 7. Explain the major types of attack in details.(16) nov/dec2012 8. How does a threat to information security differ from an attack?Explain the give groups of threats to information security.(16) may/jun 2014 9. Briefly explain about any four information security professional organization with their role and motivation.(16) may/jun 2014 10. What is threat?Brief the five group of threats with suitable example.(16) may/jun 2012 11. List any five information security professional organization with their role and focuses.(16) may/jun 2012 12. What are deliberate acts of Espionage or tresspass. Give examples. 13. What deliberate software attacks? 14. Explain in detail the different types of cryptanalytic attacks 15. Enumerate different types of attacks on computer based systems. 16. What are different US laws and International laws on computer based crimes? 17. Explain in detail the Legal, Ethical and Professional issues during the security investigation 18. What are threats? Explain the different categories of threat 19. What is the code of ethics to be adhered to by the information security personnel stipulated by different professional organizations? 20. What is Intellectual property? How it can be protected? 21. Who are Hackers? Explain its levels 22. Explain the attack replication vectors 23. Discuss in detail the forces of Nature affecting information security 24. Explain deliberate software attacks UNIT III-SECURITY ANALYSIS PART –A 1. What is risk management?nov/dec 2011 2. What is the difference between benchmark and base lines?nov/dec2011 3. What are the thumb rules applied in selecting the preferred risk mitigation strategy? Nov/dec 2012 4. What do yo mean by risk management?nov/dec2012 5. Why do networking components need more examination from an information security perspective than from a system development perspective?may/jun 2014 6. How does a disaster recovery plan different from a business continuity plan?may/jun 2014 7. Why do we have to do periodic reviews in managing risks?may/jun 2013 8. Give the meaning of “dumpster diving”with respect to information?may/jun2013 9. In risk management strtgies why does periodic review have to be a part of the process?apr/maY 2012 10. What is assesst valuation?List any two components of assesst valuation? apr/may 2012 11. What are the Questions to assist in developing the criteria to be used for asset valuation? 12. Define data classification and management. 13. What are security clearances? 14. Explain the process of threat identification? 15. How to identify and Prioritize Threats? 18. What is Risk assessment? 16. What are the different threats faced by an information system in an Organization? 17. What is Vulnerability Identification? 19. Mention the Risk Identification Estimate Factors 20. Give an example of Risk determination. 21. What is residual risk? 22. What is access control? 23. What are the different types of Access Controls? 24. What is the goal of documenting results of the risk assessment? 25. Mention the strategies to control the vulnerable risks. 26. What are the different risk control strategies? 27. Write short notes on Incidence Response Plan 28. Define Disaster Recovery Plan 29. Define Business Continuity Plan 30. What are different categories of controls? PART -B 1. Describe the process of risk identification in detail.(8)nov/dec 2011 2. Discuss the risk control strategies that guide an organization (8)nov/dec2011 3. Discuss the risk assessment and the documentation of its results.(8) nov/dec2011 4. Explain the various feasibility studies considered for a project of information security controls and safeguards.(8)nov/dec2011 5. Explain the riskidentification process in detail.(8)nov/dec2012 6. Explain the various ways of categorizing the controls.(8) nov/dec2012 7. Discuss the risk assessment in detaiol(8) nov/dec2012. 8. Discuss the different risk control strategies.(8) nov/dec2012. 9. Explain the process of riskassessment and documenting the result of risk assessment.(16)my/jun2014 10. What is the cost benefit analysis (CBA)?Explain with suitable formula.(8)may/jun 2014 11. What is benchmarking?Explain the metrices based measures used by the organization to c compare practices. May/jun2014 12. Sketch and explain the components of risk identificationprocess.may/jun2013 13. Brief about the data classification and management process(8)may/jun 2013 14. List and explain the different types of access control.(8) may/jun 2013 15. Illustrate the process of identifying and assessment risks wit hsuitable example.(16)apr/may 2012 16. Brief any four risk control strategies .(8)apr/may2012 17. Sketch and explain the risk control cycle process.(8)apr/may2012 18. Explain in detail the three types of Security policies (EISP,ISSP and sysSP). 19. What is Information Security Blue print? Explain its salient features. 20. Explain the roles to be played by the communities of interest to manage the risks an organization encounters 21. Explain the process of Risk assessment 22. Explain briefly the plans adopted for mitigation of risks 23. Explain how the risk controls are effectively maintained in an organization 24. Write short notes on a) Incidence Response Plan b)Disaster Recovery Plan c)Business continuity plan 25. Explain in detail the process of asset identification for different categories 26. Explain the process of Information asset valuation 27. Discuss briefly data classification and management 28. Explain the process of threat identification? 29. Explain the process of vulnerability identification and assessment for different threats faced by an information security system. UNIT IV-LOGICAL DESIGN PART –A 1. What is information security policies?Nov/dec2011 2. What are the inherent problems with ISO 17799?nov/dec2011 3. What are types of information security policies?nov/dec2012 4. What is contingency planning?nov/dec2012 5. What resources are available on the web to assist an organization in developing best practices as part of a security framework?may/jun2014 6. What is an after action review?When is it performed?Why is it done?may/jun2014 7. Define policy and standards.may/jun2013 8. Give any five major section of ISO/IEC17799 standards.may/jun2013 9. What is the difference between a management an operational and a technical control?When would each be applied as part of a security framework?apr/may 2012 10. What measurement do you use when preparing potential damage assessment?apr/may2012 11. List the management controls of NIST SP 800-26 12. Mention the Operational Controls of NIST SP 800-26 13. What are the Technical Controls of NIST 800-26? 14. What is Sphere of protection? 15. What is Defense in Depth? 16. What is Security perimeter? 17. What are the key technological components used for security implementation? 18. What is Systems-Specific Policy (SysSP)? 19. What is the importance of blueprint? 20. What are the approaches of ISSP? PART -B 1. Explain the different types of information policies.(8)nov/dec2011 2. Discuss the features of VISA international security policies.(8) nov/dec2011 3. Explain the NIST security model in detail.(8) nov/dec2011 4. Explain the various components used in designing the security architecture.(8) nov/dec2011 5. Explain ISO 17799/BS 7799(8)nov/dec2012 6. Explain VISA international security model(8) nov/dec2012 7. Explain the major steps involves in contingency palnning.(16) nov/dec2012 8. Briefly explain the issues specific security policies and VISA international security model.(16)may/jun2014. 9. Explain the process of business impact analysis and incident response planning with an realtime example.(16) may/jun2014 10. What is the purpose of ISO/IEC 17799 standard?Brief the ten major section of ISO/IEC 17799 standards?(16)apr/may 2012 11. Draw the architecture of intrusion detection system.(IDSs)(8) apr/may 2012 12. Describe the various process involved in business impact analysis.(BIA)(8) apr/may 2012 13. Explain NIST SP 800-14 14. Explain Sphere of protection with a neat sketch 15. Explain the key technological components used for security implementation 16. Write short notes on i. Defense in depth ii. Security perimeter 17. Write short notes on i. Incident Response plan(IRP) ii. Disaster Recovery Plan iii. Business Continuity Plan 18. What is Business Impact Analysis? Explain different stages of BIA in detail. 19. Explain Key technology component UNIT V-PHYSICAL DESIGN PART –A 1. Distinguish between symmetric and asymmetric encryption.nov/dec2011 2. What are the credentials of imformation security professionals?nov/dec 2011 3. What are the advantages and disadvantages of using honeypot approaches?nov/dec2012 4. What are the major sources of physical loss?nov/dec2012 5. What is the differences between digital signatures and digital certificates?may/jun2014 6. How do the security consideration for temporary or contract employees differ from those of the regular fill time employee?may/jun2014 7. What is a content filter?may/jun2013 8. List any four physical security controls. May/jun2013 9. What is the spam filter in the context of email?Whre the placed in thr network yo gain the best result for the organization?apr/may2012 10. List the criteria for selecting information security personnel.apr/may2012 11. What are Screened-Host Firewall Systems 12. What is the use of an Application proxy? 13. What are dual homed host firewalls? 14. What is the use of NAT? 15. What are Screened-Subnet Firewalls? 16. What are the factors to be considered while selecting a right firewall? 17. What are Sock Servers? 18. What are the recommended practices in designing firewalls? 19. What are intrusion detection systems(IDS)? 20. What are different types of IDSs? 21. Define NIDS 22. What is HIDS? 23. What is the use of HIDS? 24. What is Application-based IDS? 25. What is Signature-based IDS? 26. What is LFM? 27. What are Honey Pots? 28. What are Honey Nets? 29. What are Padded Cell Systems? 30. What are the advantages and disadvantages of using honey pot or padded cell approach? 31. What are foot printing and finger printing? 32. What are Vulnerability Scanners? 33. Define Packet Sniffers 34. What is Cryptography?. 35. What is Cryptoanalysis? 36. Define Encryption 37. Define Decryption 38. What is Public Key Infrastructure (PKI)? 39. What are the PKI Benefits 40. How E-mail systems are secured? 41. What are the seven major sources of physical loss? 42. What is a Secure Facility? 43. What are the controls used in a Secure Facility? 44. What are the functions of Chief Information Security officer? PART -B 1. Discuss the different types of intrusion detective systems.(8)nov/dec2011 2. Describe the access controls used for providing physicalsecurity.(8)nov/dec2011 3. Write short notes on scanning and analysis tools used during design.(8)nov/dec2011 4. Discuss the cryptographic tools used for providing the security.(8)nov/dec2011 5. Discuss the generation of fire wall in detail.(8)nov/dec 2012 6. Explain the physical security plans to detect and respond to fires and fire hazards.(8) nov/dec2012 7. Explain the various types of intrusion detection systems.(8)nov/dec2012 8. Discuss the roles and responsibilities of information security staff.no/dec2012 9. Explain the working model of single round DES encryption algorithm with neat sketches .Also Compare DES and SDES.(16)may/jun2014 10. How does a screened host architecture for firewall differ from a screened subnet firewall architecture?Which offers more security for the information assets that remins on the trusted network?Explain with neat sketches(16)may/jun2014 11. Explain the different types of intrusion detection systems(IDS) their advantages and disadvantages.(16)may/jun2013 12. Brief about the various cryptography tools.(8)may/jun 2013 13. List and describe thecredentials of the various information security certifications.(8)may/jun 2013 14. What is a firewall? Explain the different types of firewall with implemenatation model and configuration.(16)apr/may2012 15. Explain the various components of single round DES encryption algorithm with a neat diagram.(10) 16. In a public key cryptosystemusing RSA algorithm ,you catch the cipher text 11 sent to a user whose public key is (7,187).what is the plain text message?apr/may 2012 17. What is cryptography? Define various encryption terms used. 18 What is RSA algorithm? Explain different steps> 19. What are different possible attacks on crypto systems? 20. List and describe four categories of locks? 21. Explain with a diagram different positions in Information security. 22. What are the functions of a)CISO b) Information Security Manager c) Security Technician 23. How the credentials of Information Security Personnels are assessed? 24. What are the certifications the Information Security Personnels should acquire for fitting into their roles?