All Syllabus

Home About Search Engineering Notes              

ALGORITHM ANALYSIS

COMPUTER ORGANIZATION AND ARCHITECTURE

DATABASE MANAGEMENT SYSTEM

Microprocessors and Microcontrollers

OPERATING SYSTEMS

Artificial Intelligence

DISTRIBUTED SYSTEMS

GRAPHICS and MULTIMEDIA

NUMERICAL METHODS

PRINCIPLES OF COMPILER DESIGN

INFORMATION SECURITY

Software Project Management

NETWORK PROTOCOLS

MOBILE COMPUTING

DEPARTMENT OF COMPUTER SCIENCE & ENGINEERING

INFORMATION SECURITY

Unit 1

2 Marks


1. What is information security?
2. What is C.I.A?
3. Write a note on the history of information security
4. What is Rand Report R-609?
5. What is the scope of computer security?
6. What is Security?
7. Define Physical security
8. Define Personal Security
9. Define Operations security
10. Define Communications security
11. Define Network security
12. Define Information security
13. What are the critical characteristics of information?
14. What is NSTISSC Security model?
15. What are the components of an information system?
16. What is meant by balancing Security and Access?
17. What are the approaches used for implementing information security?
18. What is SDLC?
19. Explain different phases of SDLC
20. What is Security SDLC?
21. How information security is viewed as a social science?
22. What are the information security roles to be played by various professionals in a
typical organization?

23. What are the three types of data ownwership and their responsibilities?
24. What is the difference between a threat agent and a threat?
25. What is the difference between vulnerability and exposure?
26. What is attack?
27. What is hacking?
28. What is security blue print?
29. What is MULTICS?
30.What is ARPANET?
31.Define E-mail spoofing

16 Marks

1) Explain the four important functions, the information security performs in an organization
2) What are dual homed host firewalls? Explain
3) What are deliberate acts of Espionage or tresspass. Give examples.
4) What deliberate software attacks?
5) Explain in detail the different types of cryptanalytic attacks
6) Enumerate different types of attacks on computer based systems.
7) What are different US laws and International laws on computer based crimes?
8) Explain in detail the Legal, Ethical and Professional issues during the security investigation
9) What are threats? Explain the different categories of threat
10) What is the code of ethics to be adhered to by the information security personnel stipulated by
different professional organizations?
11) What is Intellectual property? How it can be protected?
12) Who are Hackers? Explain its levels
13) Explain the attack replication vectors
14) Discuss in detail the forces of Nature affecting information security

Unit 2

2 Marks


1) What are the four important functions, the information security performs in an
organization?
2) What are threats?
3) What are the different categories of threat? Give Examples.
4) What are different acts of Human error or failure?
5) How human error can be prevented?
6) What is Intellectual property?
7) How Intellectual property can be protected?
8) What is deliberate acts of espionage or trespass?
9) Who are Hackers? What are the two hacker levels?
10) What is information extortion?
11) What is deliberate acts of sabotage and vandalism?
12) What is Cyber terrorism?
13) What are the deliberate acts of theft?
14) What are deliberate software attacks?
15) What are the forces of Nature affecting information security?
16) What are technical hardware failures or errors?
17) What are technical software failures or errors?
18) What is technological obsolescence?
19) What is an attack?
20) What is a malicious code?
21) Define Virus

22) Define Hoaxes
23) What is Distributed Denial-of-service (DDoS)?
24) What is Back Door?
25) Define Dictionary attack
26) What are the various forms of attacks.
27) What are the attack replication vectors?
28) What is Denial-of-service (DoS) ?
29) Define Spoofing
30) Define Man-in-the-Middle

16 Marks

1) Explain the four important functions, the information security performs in an organization
2) What are dual homed host firewalls? Explain
3) What are deliberate acts of Espionage or tresspass. Give examples.
4) What deliberate software attacks?
5) Explain in detail the different types of cryptanalytic attacks
6) Enumerate different types of attacks on computer based systems.
7) What are different US laws and International laws on computer based crimes?
8) Explain in detail the Legal, Ethical and Professional issues during the security investigation
9) What are threats? Explain the different categories of threat
10) What is the code of ethics to be adhered to by the information security personnel stipulated
by different professional organizations?
11) What is Intellectual property? How it can be protected?
12) Who are Hackers? Explain its levels
13) Explain the attack replication vectors
14) Discuss in detail the forces of Nature affecting information security

Unit 3
2 Marks

1. What is risk management?
2. What the roles to be played by the communities of interest to manage the risks an
organization encounters?
• Information Technology
3. What is the process of Risk Identification?
4. What are asset identification and valuation.
5. What is Asset Information for People?
6. What are Hardware, Software, and Network Asset Identification?
7. What are Asset Information for Procedures?
8. What are the Asset Information for Data?
9. How information assets are classified?
10. Define the process of Information asset valuation.
11. What are the Questions to assist in developing the criteria to be used for asset
valuation?
12. Define data classification and management.
13. What are security clearances?
14. Explain the process of threat identification?
15. How to identify and Prioritize Threats?
18. What is Risk assessment?
16. What are the different threats faced by an information system in an Organization?
17. What is Vulnerability Identification?
19. Mention the Risk Identification Estimate Factors

20. Give an example of Risk determination.
21. What is residual risk?
22. What is access control?
23. What are the different types of Access Controls?
24. What is the goal of documenting results of the risk assessment?
25. Mention the strategies to control the vulnerable risks.
26. What are the different risk control strategies?
27. Write short notes on Incidence Response Plan
28. Define Disaster Recovery Plan
29. Define Business Continuity Plan
30. What are different categories of controls?

16 Marks

1. What is risk management? State the methods of identifying and assessing risk management
2. Discuss in detail the process of assessing and controlling risk management issues
3. What is risk management? Why is the identification of risks by listing assets and vulnerabilities
is so important in the risk management process?
4. Explain in detail different risk control strategies
5. Explain asset identification and valuation
6. Explain in detail the three types of Security policies (EISP,ISSP and sysSP).
7. What is Information Security Blue print? Explain its salient features.
8. Explain the roles to be played by the communities of interest to manage the risks an
organization encounters
9. Explain the process of Risk assessment
10. Explain briefly the plans adopted for mitigation of risks
11. Explain how the risk controls are effectively maintained in an organization

13) Write short notes on a) Incidence Response Plan b)Disaster Recovery Plan c)Business
continuity plan
12. Explain in detail the process of asset identification for different categories
13. Explain the process of Information asset valuation
14. Discuss briefly data classification and management
15. Explain the process of threat identification?
16. Explain the process of vulnerability identification and assessment for different threats faced by an information security system

Unit 4
2 Marks

1. What is a policy?
2. What are the three types of security policies?
3. What is Security Program Policy?
4. Define Issue-Specific Security Policy (ISSP)
5. What are ACL Policies?
6. What is Information Security Blueprint?
7. Define ISO 17799/BS 7799 Standards and their drawbacks
8. Mention the Drawbacks of ISO 17799/BS 7799
9. What are the objectives of ISO 17799?
10. What is the alternate Security Models available other than ISO 17799/BS 7799?
11. List the management controls of NIST SP 800-26
12. Mention the Operational Controls of NIST SP 800-26
13. What are the Technical Controls of NIST 800-26?
14. What is Sphere of protection?
15. What is Defense in Depth?

16. What is Security perimeter?
17. What are the key technological components used for security implementation?
18. What is Systems-Specific Policy (SysSP)?
19. What is the importance of blueprint?
20. What are the approaches of ISSP?

16 Marks

1. What are ISO 7799 and BS7799? Explain their different sections and salient features.
2. Explain salient features of NIST security models.
3. Explain with diagrams the design of security architecture.
4. Explain how information security policy is implemented as procedure
5. What are the three types of security policies? Explain
6. Compare and contrast the ISO 17700 wit BS 7799 NIST security model
7. Explain the NIST security model
8. List the styles of security architecture models. Discuss them in detail
9. Explain NIST SP 800-14
10. Explain Sphere of protection with a neat sketch
11. Explain the key technological components used for security implementation
12. Write short notes on
i. Defense in depth ii. Security perimeter
13. Write short notes on
i. Incident Response plan(IRP)
ii. Disaster Recovery Plan
iii. Business Continuity Plan
14. What is Business Impact Analysis? Explain different stages of BIA in detail.
15. Explain Key technology component

Unit 5

2 Marks


1. What are firewalls?
2. Explain different generations of firewalls.
3. Mention the functions of first generation firewall
4. What are the restrictions of first generation firewall?
5. What is the advantage of Second Generation firewalls?
6. Define stateful inspection firewall
7. What is the disadvantage of third generation firewalls?
8. What is the function of Fifth Generation firewall?
9. How firewalls are categorized by processing mode?
10. What is the drawback of packet-filtering router?
11. What are Screened-Host Firewall Systems
12. What is the use of an Application proxy?
13. What are dual homed host firewalls?
14. What is the use of NAT?
15. What are Screened-Subnet Firewalls?
16. What are the factors to be considered while selecting a right firewall?
17. What are Sock Servers?
18. What are the recommended practices in designing firewalls?
19. What are intrusion detection systems(IDS)?
20. What are different types of IDSs?
21. Define NIDS
22. What is HIDS?

23. What is the use of HIDS?
24. What is Application-based IDS?
25. What is Signature-based IDS?
26. What is LFM?
27. What are Honey Pots?
29. What are Honey Nets?
30. What are Padded Cell Systems?
31. What are the advantages and disadvantages of using honey pot or padded cell
approach?
32. What are foot printing and finger printing?
33. What are Vulnerability Scanners?
34. Define Packet Sniffers
35. What is Cryptography?.
36. What is Cryptoanalysis?
37. Define Encryption
38. Define Decryption
39. What is Public Key Infrastructure (PKI)?
40. What are the PKI Benefits
41. How E-mail systems are secured?
42. What are the seven major sources of physical loss?
43. What is a Secure Facility?
44. What are the controls used in a Secure Facility?
45. What are the functions of Chief Information Security officer?

16 Marks

1. Explain in detail

i. Firewalls categorized by processing mode
ii. Different generations of firewall
2. Explain in detail different firewall architectures (OR) Write short notes on
iii. Packet filtering Routers
iv. Screened Host fire wall
v. Screened subnet firewalls (with DMZ)
3. What are the factors to be considered in selecting a right firewall?
4. Explain how firewalls are configured and managed?
5. Outline some of the best practices for firewall use.
6. What are fire wall rules? Explain different fire wall rule sets.
7. What is intrusion Detection System(IDS)? Explain different reasons for using IDS and different
terminologies associated with IDS.
8. What are different types of Intrusion Detection Systems available? Explain with diagrams
9. Write short notes on
vi. Network-based IDS
vii. Host-based IDS
viii. Application-based IDS
ix. Signature-based IDS
10. What are Honey pots,Honey Nets and Padded cell systems? Explain each.
11. What is Attacking Protocol? Explain a) Foot printing and b) Finger printing.
12. What are the purposes of Scanning and Analysis tools? Who will be using these tools?
Explain the functioning of few of these tools.
13. What is cryptography? Define various encryption terms used.
14. What is RSA algorithm? Explain different steps>
15. What are different possible attacks on crypto systems?

16. List and describe four categories of locks?
17. Explain with a diagram different positions in Information security.
18. What are the functions of a)CISO,b) Information Security Manager, and c)Security Technician
19. How the credentials of Information Security Personnels are assessed?
20. What are the certifications the Information Security Personnels should aquire for fitting into
their roles?

UNITWISE IMPORTANT QUESTIONS


UNIT I

1. Explain in detail about software development life cycle process
2. What is SDLC? Illustrate the security of SDLC
3. Explain in detail about components of information system.
4. Discuss in detail NSTISSC security model
UNIT II
1. Discuss in detail the Legal , Ethical and Professionalism issues during security
investigation
2. Explain in detail the different types of cryptanalytic attacks.
3. Explain in detail about different type of threats
4. Explain in detail about legal issues during security investigation?
UNIT III
1. Explain in detail about Risk Control strategy
2. What is risk Management?.State the methods of identifying and assessing risk
management
3. Explain in detail about Risk Control Cycle
4. Explain in detail about Risk handling decision points
5. Explain in detail Cost Benefit Analysis and Exposure Factor
UNIT IV
1. List the styles of architecture security models .Discuss them in detail
2. Briefly explain the NIST SECURITY MODEL
3. Explain in detail about designing of security architecture

4. Explain in detail about planning for continuity.
UNIT V
1. Explain in detail about IDS and its types.
2. Write short notes on scanning and analysis tools used during design
3. Write notes on the control devices used in security design
4. What is cryptography?.Discuss the authentication models used in cryptography.
5. What is intrusion detection system?.Explain its types in detail.