Unit 1

1. How does an organization ensure multiple layers of security in place to protect its
operations?
2. What are the three components of the C.I.A. triangle? Explain its use and drawback. How
does the CNSS Security Model complete the shortcomings of the CIA triangle.
3. Describe the critical characteristics of information. How are they used in the study of
computer security?
4. Identify the six components of an information system. Which are most directly affected by
the study of computer security? Which are most commonly associated with its study
5. Identify the security considerations for each phase of the Systems Development Life
Cycle(SDLC).
6. Explain the phases Security Systems Development Life Cycle (SecSDLC). Analyze the steps
unique to the SecSDLC.
7. Demonstrate that organizations have a business need for information security.
8. Identify the threats posed to information security and the more common attacks (any 5 can
be asked) associated with those threats, and differentiate threats to the information within
systems from attacks against the information within systems.
9. Discuss each of the major types of attacks used against controlled systems.
10. Define management’s role in the development, maintenance, and enforcement of
information security policy, standards, practices, procedures, and guidelines.
11. What are the differences between a policy, a standard, and a practice? What are the three
types of security policies? Where would each be used? What type of policy would be needed
to guide use of (a) the Web, (b) E-mail, (c)Office equipment for personal use?
12. Explain the significance of Enterprise Information Security Policy (EISP) and explain in detail
the components of a good EISP.
13. Explain the significance of Issue-Specific Security Policy (ISSP) and the various approaches to
creating and managing ISSPs within an organization. Also explain the components of a good
ISSP.
14. Describe what an information security blueprint is, identify its major components with
reference to the ISO 27000 series, and explain how it supports the information security
program.

Unit 2

1. Define the three types of security goals and explain the attacks that threaten each of them.
2. Distinguish between cryptanalytic and noncryptanlytic attacks.
3. Explain in detail the services related to security goals.
4. Discuss the security mechanisms that provide the different security services. What is the
relationship between services and mechanisms?
5. Distinguish between the following with an example:
a. Passive and Active attacks
b. Cryptography and Steganography
c. Repudiation and Replaying.
6. Calculate using Euclidean Algorithm. GCD(831,366), GCD(1760, 2740), GCD(270, 192).
7. Write the Extended Euclidean algorithm to find the multiplicative inverse of a number and
compute the multiplicative inverse of 23 in Z 100, 7 in Z180, 11 in Z26
 8. What are Linear Diophantine equations? Write the steps to obtain solution for the same.
Find the particular and general solutions to the equation 25x+ 10y=15.
9. Explain the following concepts with reference to modular arithmetic. Give examples
a. Modulo operator
b. Set of residues
c. Congruence
d. Additive and multiplicative inverses
10. Define linear congruence. What algorithm can be used to solve an equation of type ax ≡ b
(mod n)?How can we solve a set of linear equations?
11. Explain the working of symmetric key ciphers with the help of a block schematic diagram.
12. Explain the different types of cryptanalytic attacks.
13. Distinguish between stream and block ciphers.

**Numericals can be changed.