Scribd Logo
Upload

Welcome to Scribd!

  • Assignment #2 IS

    Uploaded by

    Narender Singh Chauhan
    8 views3 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    8 views3 pages

    Assignment #2 IS

    Uploaded by

    Narender Singh Chauhan

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 3

    A ASSIGNMENT-2 (Information Security)

    FILE SUBMITTED TO
    GIAN JYOTI INSTITUTE OF MANAGEMENT
    &
    TECHNOLOGY
    PHASE-2, MOHALI
    AFFILIATED TO

    PUNJAB TECHNICAL UNIVERSITY, JALANDHAR


    FOR THE PARTIAL FULFILLMENT FOR QUALIFYING BCA DEGREE

    SUBMITTED TO: SUBMITTED BY:


    Prof. Siddhartha Shyam Vyas, Ph.D Narender Singh(2011237)
    Q1. Explain multilevel database, and the proposals for multi-level security.
    Multilevel databases are databases that have different levels of security clearance for different users. In a
    multilevel database, each user is assigned a security clearance level, and they can only access data that is at
    or below their level of clearance.
    There are several proposals for multi-level security, including:
    1. Discretionary Access Control (DAC): This model allows users to define the access levels for their data.
    This means that users have control over who can access their data.
    2. Mandatory Access Control (MAC): This model assigns labels to data and users. Users can only access data
    that has a label that matches their own label or a label that is lower than their own.
    3. Role-Based Access Control (RBAC): This model assigns roles to users, and access to data is based on the
    user's role. For example, an administrator role would have access to more data than a standard user role.

    Q2. Explain the following:


     Threats in network
     Network Security Controls

    Threats in network security refer to potential attacks on a network that can compromise the confidentiality,
    integrity, and availability of data. Some common threats in network security include viruses, worms,
    Trojans, spyware, adware, denial-of-service attacks, and phishing attacks.
    Network security controls are measures put in place to protect a network from these threats. Some
    common network security controls include firewalls, intrusion detection systems, antivirus software,
    content filtering, and encryption.

    Q3. Explain the following:


     Security Planning
     Risk Analysis

    Security planning or risk analysis is the process of identifying potential security risks to an organization's
    information systems and determining the appropriate controls to mitigate those risks. The goal of security
    planning is to ensure that an organization's systems are secure and that the organization can continue to
    operate in the event of a security breach.
    The risk analysis process typically involves identifying potential threats, assessing the likelihood of those
    threats occurring, and identifying the potential impact of those threats. Based on this analysis, security
    controls can be implemented to reduce the risk of a security breach.
    Q4. Explain the following:
     Organizational Security Policies
     Physical Security

    Organizational security policies refer to the rules and procedures that an organization puts in place to protect its
    assets. These policies cover a wide range of security issues, including access control, data protection,
    incident response, and security awareness training.
    Physical security refers to the measures that an organization takes to protect its physical assets, such as
    buildings, equipment, and data centers. This can include measures such as surveillance cameras, access
    control systems, and security guards.

    Q5. Explain the Legal, Privacy, and Ethical issues in Computer Security – with reference to protecting
    programs and data, information and the law, Rights of Employees and Employers, Software Failures,
    and Computer Crimes.

    Legal, privacy, and ethical issues in computer security are complex and multifaceted. Protecting programs and
    data involves issues of intellectual property and copyright law. Information and the law include issues of
    data protection and privacy laws. Rights of employees and employers include issues such as monitoring
    employee computer use and ensuring that employees are not using company resources for illegal or
    unethical activities.
    Software failures can result in serious consequences, and organizations can be held liable for any damages
    resulting from these failures. Computer crimes, such as hacking and identity theft, are also major concerns
    for organizations, and can result in significant financial and reputational damage.
    In order to address these issues, organizations need to implement effective security controls and policies, as
    well as provide regular training and awareness programs for employees. Additionally, organizations need
    to stay up-to-date with changes in relevant laws and regulations to ensure that they are in compliance.
    Regenerate response

    You might also like