You are on page 1of 2

CS1014 INFORMATION SECURITY 3 0 0 100

AIM
To study the critical need for ensuring Information Security in Organizations

OBJECTIVES
1. To understand the basics of Information Security
2. To know the legal, ethical and professional issues in Information Security
3. To know the aspects of risk management
4. To become aware of various standards in this area
5. To know the technological aspects of Information Security

UNIT 1 INTRODUCTION 9

History, What is Information Security?, Critical Characteristics of Information, NSTISSC Security Model,
Components of an Information System, Securing the Components, Balancing Security and Access, The
SDLC, The Security SDLC

UNIT II SECURITY INVESTIGATION 9


Need for Security, Business Needs, Threats, Attacks, Legal, Ethical and Professional Issues

UNIT III SECURITY ANALYSIS 9


Risk Management: Identifying and Assessing Risk, Assessing and Controlling Risk

UNIT IV LOGICAL DESIGN 9


Blueprint for Security, Information Security Poicy, Standards and Practices, ISO 17799/BS 7799, NIST
Models, VISA International Security Model, Design of Security Architecture, Planning for Continuity

UNIT V PHYSICAL DESIGN 9


Security Technology, IDS, Scanning and Analysis Tools, Cryptography, Access Control Devices, Physical
Security, Security and Personnel

TOTAL : 45
TEXT BOOK
1. Michael E Whitman and Herbert J Mattord, “Principles of Information Security”, Vikas Publishing House,
New Delhi, 2003

REFERENCES
1. Micki Krause, Harold F. Tipton, “ Handbook of Information Security Management”, Vol 1-3 CRC Press
LLC, 2004.
2. Stuart Mc Clure, Joel Scrambray, George Kurtz, “Hacking Exposed”, Tata McGraw-Hill, 2003
3. Matt Bishop, “ Computer Security Art and Science”, Pearson/PHI, 2002.
------------------------------------------------------------------------------------------------
KCG College of Technology,Chennai-96
Computer Science and Engineering
Elective II CS 1014 INFORMATION SECURITY VII Sem CSE
QUESTION BANK - PART-B
1) Explain in detail the critical characteristics of information
2) Explain the components of an Information System.
3) Explain in detail the various phases of System Development Life Cycle(SDLC)?
4) Explain in detail the Security System Development Life Cycle(SecSDLC)
5) Explain with examples various threats to Information Security.
6) What are dual homed host firewalls?
7) What are deliberate acts of Espionage or tresspass. Give examples.
8) What deliberate software attacks?
9) Enumerate different types of attacks on computer based systems.
10) What are different US laws and International laws on computer based crimes?
11) What are the code of ethics to be adhered to by the information security personnel stipulated
by different professional organizations?
12) What is risk management? Why is the identification of risks by listing assets and
vulnerabilities is so important in the risk management process?
13) Explain in detail different risk control strategies?
14) Explain in detail the three types of Security policies(EISP,ISSP and sysSP).
15) What is Information Security Blue print? Explain its salient features.
16) What are ISO 7799 and BS7799? Explain their different sections and salient features.
17) Explain salient features of NIST security models.
18) Explain with diagrams the design of security architecture.
OR
19) Write short notes on
a) Defense in depth
b) Security perimeter
c) Key technology components
20) Write short notes on
a) Incident Response plan(IRP)
b) Disaster Recovery Plan
c) Business Continuity Plan
21) What is Business Impact Analysis? Explain different stages of BIA in detail.
22) Explain in detail
a) Firewalls categorized by processing mode
b) Different generations of firewall
23) Explain in detail different firewall architectures (OR) Write short notes on
a) Packet filtering Routers
b) Screened Host fire wall
c) Screened subnet firewalls (with DMZ)
24) a) What are the factors to be considered in selecting a right firewall?
b) How firewalls are configured and managed?
c) Outline some of the best practices for firewall use.
25) What are fire wall rules? Explain different fire wall rule sets.
26) What is Iintrusion Detection System(IDS)? Explain different reasons for using IDS and
different terminologies associated with IDS.
27) What are different types of Intrusion Detection Systems available? Explain with diagrams
(OR)
Write short notes on
a) Network-based IDS
b) Host-based IDS
c) Application-based IDS
d) Signature-based IDS

28) What are Honey pots,Honey Nets and Padded cell systems? Explain each.
29) What is Attacking Protocol? Explain a) Foot printing and b) Finger printing.
30) What are the purposes of Scanning and Analysis tools? Who will be using these tools?
Explain the functioning of few of these tools.
31) What is cryptography? Define various encryption terms used.
32) What are cryptographic algorithms?
33) What is RSA algorithm? Explain different steps>
34) What are different possible attacks on crypto systems?
35) List and describe four categories of locks?
36) Explain with a diagram different positions in Information security. What are the functions of
a)CISO,b) Information Security Manager, and c)Security Technician
37) How the credentials of Information Security Personnels are assessed? What are the
certifications the Information Security Personnels should aquire for fitting into their roles?