CS1014

INFORMATION SECURITY
3 0 0 100
AIM
To study the critical need for ensuring Information Security in Organizations
OBJECTIVES

1. To understand the basics of Information Security

2. To know the legal, ethical and professional issues in Information Security
3. To know the aspects of risk management
4. To become aware of various standards in this area
5. To know the technological aspects of Information Security
UNIT 1
INTRODUCTION
9

History, What is Information Security?, Critical Characteristics of Information, NSTISSC Security Model,
Components of an Information System, Securing the Components, Balancing Security and Access, The
SDLC, The Security SDLC
UNIT II SECURITY INVESTIGATION
9
Need for Security, Business Needs, Threats, Attacks, Legal, Ethical and Professional Issues
UNIT III
SECURITY ANALYSIS
9
Risk Management: Identifying and Assessing Risk, Assessing and Controlling Risk
UNIT IV
LOGICAL DESIGN
9
Blueprint for Security, Information Security Poicy, Standards and Practices, ISO 17799/BS 7799, NIST
Models, VISA International Security Model, Design of Security Architecture, Planning for Continuity
UNIT V PHYSICAL DESIGN
9
Security Technology, IDS, Scanning and Analysis Tools, Cryptography, Access Control Devices, Physical
Security, Security and Personnel

QUESTION BANK
- PART-B
1) Explain in detail the critical characteristics of information
2) Explain the components of an Information System.
3) Explain in detail the various phases of System Development Life Cycle(SDLC)?
4) Explain in detail the Security System Development Life Cycle(SecSDLC)
5)Explain with examples various threats to Information Security.
6) What are dual homed host firewalls?
7) What are deliberate acts of Espionage or tresspass. Give examples.
8) What deliberate software attacks?
9) Enumerate different types of attacks on computer based systems.
10) What are different US laws and International laws on computer based crimes?
11) What are the code of ethics to be adhered to by the information security personnel
stipulated
 by different professional organizations?
12) What is risk management? Why is the identification of risks by listing assets and
vulnerabilities is so important in the risk management process?
13) Explain in detail different risk control strategies?
14) Explain in detail the three types of Security policies(EISP,ISSP and sysSP).
15) What is Information Security Blue print? Explain its salient features.
16) What are ISO 7799 and BS7799? Explain their different sections and salient features.
17) Explain salient features of NIST security models.
18) Explain with diagrams the design of security architecture.
OR
19) Write short notes on
a) Defense in depth
b) Security perimeter
c) Key technology components
20) Write short notes on
a) Incident Response plan(IRP)
b) Disaster Recovery Plan
c) Business Continuity Plan
21) What is Business Impact Analysis? Explain different stages of BIA in detail.
22) Explain in detail
a) Firewalls categorized by processing mode
b) Different generations of firewall
23) Explain in detail different firewall architectures (OR) Write short notes on
a) Packet filtering Routers
b) Screened Host fire wall
c) Screened subnet firewalls (with DMZ)
24) a) What are the factors to be considered in selecting a right firewall?
b) How firewalls are configured and managed?
c) Outline some of the best practices for firewall use.
25) What are fire wall rules? Explain different fire wall rule sets.
26) What is Iintrusion Detection System(IDS)? Explain different reasons for using IDS and
different terminologies associated with IDS.
27) What are different types of Intrusion Detection Systems available? Explain with diagrams
(OR)
Write short notes on
a) Network-based IDS
b) Host-based IDS
c) Application-based IDS
d) Signature-based IDS
28) What are Honey pots,Honey Nets and Padded cell systems? Explain each.
29) What is Attacking Protocol? Explain a) Foot printing and b) Finger printing.
30) What are the purposes of Scanning and Analysis tools? Who will be using these tools?
Explain the functioning of few of these tools.
31) What is cryptography? Define various encryption terms used.
32) What are cryptographic algorithms?
33) What is RSA algorithm? Explain different steps>
34) What are different possible attacks on crypto systems?
35) List and describe four categories of locks?
36) Explain with a diagram different positions in Information security. What are the functions
of
a)CISO,b) Information Security Manager, and c)Security Technician
37) How the credentials of Information Security Personnels are assessed? What are the
certifications the Information Security Personnels should aquire for fitting into their roles?

B.E/B.Tech DEGREE EXAMINATION,NOVEMBER/DECEMBER 2007

Seventh Semester
Computer Science and Engineering
CS1014-INFORMATION SECURITY
(Regulation 2004)
Time :Three hours Maximum:100 Marks.

Answer ALL questions

PART A-(10*2=20marks)
1.State the critical characteristics of information.
2.List the components used in security models.
3.Name the counter measures on threats.
4.Differentiate between threats and attacks.
5.Mention the benefits of risk management.
6.State the roles involved in Risk management.
7.Name the people affected in security policy.
8.State the pros of Visa international security model.
9.List any two IDS.Mention its category of classification
10.What are the basic functions of access controldevices?.

PART B-(5*16=80 marks)

11.(a) Discuss in detail NSTISSC security model.
(Or)
(b)What is SDLC?Illustrate the security of SDLC.
12(a) Explain in detail the different types of cryptanalytic attacks.
(or)
(b)Discuss in detail the Legal ,Ethical and Professionalism issues during security investigation.
13(a)What is risk Management?.State the methods of identifying and assessing risk
management.
(or)
(b)Discuss in detail the process of assessing and controlling risk management issues.
14(a)(i) Compare and contrast the ISO 17700 with BS7799 NIST security models.
(ii) Briefly explain the NIST SECURITY MODEL
(or)
(b) List the styles of architecture security models .Discuss them in detail.
15 (a)(i) What is intrusion detection system ?.Explain its types in detail.
(ii).Write short notes on scanning and analysis tools used during design.
(or)
(b) (i)What is cryptography ?.Discuss the authentication models used in cryptography.
(ii) Write notes on the control devices used in security design