November/December 2013 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. List the different phases that are present in the SSDLC.

What is meant by Replay Attack? What are the three general categories of unethical and illegal behavior? Differentiate between a threat and a attack. What is the difference between intrinsic value and acquired value? Give any three risk controlling strategies in risk management. What are the inherent problems with ISO 17799 and why hasnt the U.S. adopted it? State the objectives of Visa International Security model. How does false reject rate differ from false accept rate? Differentiate between the anomaly and statistical based detection. (a) (i) Describe the critical characteristics of information. How are they used in the study of computer security? (8) (ii) Briefly explain the components of a information system and their security. How will you balance security and access? (8) (b) (i) Explain in detail about the security system development life cycle. (8) (ii) What is Information security? Explain the NSTISSC security model and the top down approach to security implementation. (8) 12. (a) (i) Explain the ethical concepts in information security and the deterrence to illegal and unethical behavior. (8) (ii) Define an attack. Describe attack replication vectors and major types of attacks. (8) (b) (i) Write detailed notes on codes of ethics , certifications and professional organizations. (8) (ii) What is a threat? Explain in detail the various groups of threats facing an organization. (8) 13. (a) (i) Explain the various feasibility studies considered for a project of information security controls and safeguards. (8) (ii) What are the risk control strategies that guide an organization ? Elaborate. (b) (i) Illustrate risk assessment with a suitable example. (8) (ii) Explain in detail about Cost Benefit Analysis and Exposure Factor. (8) 14. (a) (i) Explain in detail the NIST Security model. (8) (ii) What are the components are used in design of security architecture ? Explain. (8) (b) (i) Explain the major steps involved in contingency planning. (8) 15. (a) (i) Write short notes on various access controls used for providing physical security. (8) (8)

(ii) Describe the various methods of power management and conditioning. (8) (b) (i) Explain the key difference between symmetric and asymmetric encryption with suitable examples. (8) (ii) Discuss in detail about the various types of Intrusion detection Systems. (8)

May/June 2013 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. Differentiate between Information and Communication Security. Give the critical characteristics of Information. What is the need for providing security? What are the threats to Information Security? What is meant by risk management? How will you assess the level of risk? What is BS7799? Give the model of VISA? What is personnel security? What is IDS? (a) (i) Explain in detail NSTISSC security model. (8) (ii) Discuss briefly the various components of Information system. (8) (b) (i) Write a note on the history of Information security (8) (ii) Explain in detail SDLC. (8) 12. (a) (i) Explain the various categories of illegal and unethical behavior with suitable examples. (8) (ii) Write a note on various types of security threats. (8) (b) Explain the various types of security attacks prevention mechanisms. (16) 13. (a) Write a detailed note on risk identification and assessment. (16) (b) Discuss briefly about controlling the risk. (16) 14. (a) (i) Explain the blueprint for security. (8) (ii) Write a note on Information Security Policy. (8) (b) Write a detailed note on the design of security architecture. (16) 15. (a) (i) What are Trusted Systems? Explain in detail. (10) (ii) Discuss briefly Intrusion detection mechanisms. (6) (b) Write a detailed note on cryptography. (16)

November /December 2012 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. List any four layers of security that an organization employs to protect its operations. What is meant by Masquerading? What are the three general categories of unethical and illegal behavior? Which law amended the computer Fraud and Abuse Act of 1986 , and when did it changed ? What is the difference between intrinsic value and acquired value ? Which community of interest usually takes the lead in Information security risk management? What are the inherent problems with ISO 17799 and why hasnt the U.S. adopted it? What is the need for clean desk policy? How does false reject rate differ from false accept rate? What are the merits of the Dynamic Packet Filtering Firewalls? (a) (i) Describe the critical characteristics of Information. How are they used in the study of computer security? (8) (ii) Briefly explain the components of an information system and their security. How will you balance security and access? (8) (b) (i) Explain in detail about the security system development life cycle. (8) (ii) Explain the NSTISSC security model and the top-down approach to security implementation.(8) (a) (i) Explain the ethical concepts in Information security and the deterrence to illegal and unethical behavior. (8) (ii) Define an attack. Describe attack replication vectors and major types of attacks. (8) (b) (i) Write detailed notes on codes of ethics , Certifications and Professional organization. (8) (ii) Explain in detail the various groups of threats facing an organization. (8) (a) (i) Explain the various feasibility studies considered for a project of information security controls and safeguards. (8) (ii) What are the risk control strategies that guide an organization? Elaborate. (8) (a) (i) Explain in detail the NIST security model. (8) (ii) What are the components used in design of security architecture? Explain. (b) (i) Explain the major steps involved in contingency planning. (8) (ii) State the four phases of an incident response? Describe them. (8) (a) (i) Write short notes on various access controls used for providing physical security. (8) (ii) Describe the various methods of power management and conditioning. (8) (b) (i) Explain the key difference between symmetric and asymmetric encryption with suitable examples. (8) (ii) Discuss in detail about the various types of Intrusion detection Systems. (8)

12.

13.

14.

15.

May/June 2009 1. List the characteristics of information. 2. Name the components used in to build a secure system. 3. Among the known plaintext and chosen cipher text attacks , which is more powerful? 4. State the business needs of information security. 5. List the steps to identify risk. 6. Name the procedures to control risk. 7. What is meant by Blueprint in security? 8. Name any four processes of BS7799? 9. What kind of cryptanalysis becomes easier when the number of rounds in DES is less? 10. What is meant by physical security? 11. (a) (i) Explain the NSTISSC security model with a neat diagram. (10) (ii) State the functions of the components used in to build a secure system. (6) (b) (i) Illustrate the security SDLC with a neat sketch. (10) (ii) Too much of security for a system leads to access problems. Justify the statement. (6) 12. (a) (i) What are the major types of attacks in an network? How do you prevent the attacks?(8) (ii) What are the major components of threat? Explain briefly with individual components? (8) (b) Discuss in detail the legal , ethical and professional issues in information security? (16) 13. (a) Define vulnerability. Illustrate the procedure of identifying the risk in an organization? (16) (b) Discuss in detail the assessing and controlling procedures in risk management qwith suitable example. (16) 14. (a) Explain the standards and practices of ISO 17799. (16) (b) (i) With a neat sketch discuss the VISA international security model. (8) (ii) Discuss in detail the NIST model. (8) 15. (a) What is cryptography ? What are the key functions used in AES , DES types of algorithm. Discuss in detail. (16) (b) (i) Name some intrusion techniques. Explain its prevention and detection mechanisms. (10) (ii) Write short notes on access control devices. (6)

November/ December 2009 1. 2. 3. 4. 5. 6. 7. Define the term Information Security. List the components of an information system in the context of security. What do you mean by attack in the context of security? What is the need for data security? What are the issues analyzed during development stages of application software? List the methods for controlling risk. State the role of ISO 17799.

8. 9. 10. 11.

List the components of NIST models. Define the term IDS. State the types of cryptography. (a)(i) Discuss the evolution of information security models and standards. (8) (ii) Explain the methods for securing the components. (8) (b) Explain the needs and methods of balancing security and access to computer data. (16) 12. (a) Define and discuss the term Threat in the context of security. (16) (b) Discuss in detail the ethical issues addresses in the context of Information security. (16) 13. (a) Explain the methods for identifying and assessing risk. (16) (b) (i) Describe the policies for RISK MANAGEMENT . (8) (ii) Develop a case study for analyzing the risk for the following situation: University needs to collect