CS1014 INFORMATION SECURITY 3 0 0 100

AIM

To study the critical need for ensuring Information Security in Organizations

OBJECTIVES

1. To understand the basics of Information Security2. To know the legal, ethical and professional issues in Information Security3. To know the aspects of risk management4. To become aware of various standards in this area5. To know the technological aspects of Information Security

UNIT 1 INTRODUCTION 9

History, What is Information Security?, Critical Characteristics of Information, NSTISSC Security Model, Components of an Information System, Securing the Components, Balancing Security and Access, The SDLC, The Security SDLC

UNIT II SECURITY INVESTIGATION 9

Need for Security, Business Needs, Threats, Attacks, Legal, Ethical and Professional Issues

UNIT III SECURITY ANALYSIS 9

Risk Management: Identifying and Assessing Risk, Assessing and Controlling Risk

UNIT IV LOGICAL DESIGN 9

Blueprint for Security, Information Security Poicy, Standards and Practices, ISO 17799/BS 7799, NIST Models, VISA International Security Model, Design of Security Architecture, Planning for Continuity

UNIT V PHYSICAL DESIGN 9

Security Technology, IDS, Scanning and Analysis Tools, Cryptography, Access Control Devices, Physical Security, Security and Personnel

TOTAL : 45TEXT BOOK

1. Michael E Whitman and Herbert J Mattord, “Principles of Information Security”, Vikas Publishing House, New Delhi, 2003

REFERENCES

1. Micki Krause, Harold F. Tipton, “ Handbook of Information Security Management”, Vol 1-3 CRC Press LLC, 2004.

2. Stuart Mc Clure, Joel Scrambray, George Kurtz, “Hacking Exposed”, Tata McGraw-Hill, 20033. Matt Bishop, “ Computer Security Art and Science”, Pearson/PHI, 2002.

------------------------------------------------------------------------------------------------KCG College of Technology,Chennai-96

Computer Science and EngineeringElective II CS 1014 INFORMATION SECURITY VII Sem CSE

QUESTION BANK - PART-B1) Explain in detail the critical characteristics of information2) Explain the components of an Information System.3) Explain in detail the various phases of System Development Life Cycle(SDLC)?4) Explain in detail the Security System Development Life Cycle(SecSDLC)5) Explain with examples various threats to Information Security.6) What are dual homed host firewalls?7) What are deliberate acts of Espionage or tresspass. Give examples.8) What deliberate software attacks?9) Enumerate different types of attacks on computer based systems.10) What are different US laws and International laws on computer based crimes?

11) What are the code of ethics to be adhered to by the information security personnel stipulated by different professional organizations?

12) What is risk management? Why is the identification of risks by listing assets and vulnerabilities is so important in the risk management process?

13) Explain in detail different risk control strategies?14) Explain in detail the three types of Security policies(EISP,ISSP and sysSP).15) What is Information Security Blue print? Explain its salient features.16) What are ISO 7799 and BS7799? Explain their different sections and salient features.17) Explain salient features of NIST security models.18) Explain with diagrams the design of security architecture. OR19) Write short notes on

a) Defense in depthb) Security perimeterc) Key technology components

20) Write short notes ona) Incident Response plan(IRP)b) Disaster Recovery Planc) Business Continuity Plan

21) What is Business Impact Analysis? Explain different stages of BIA in detail.22) Explain in detail

a) Firewalls categorized by processing modeb) Different generations of firewall

23) Explain in detail different firewall architectures (OR) Write short notes ona) Packet filtering Routersb) Screened Host fire wallc) Screened subnet firewalls (with DMZ)

24) a) What are the factors to be considered in selecting a right firewall?b) How firewalls are configured and managed?c) Outline some of the best practices for firewall use.

25) What are fire wall rules? Explain different fire wall rule sets.26) What is Iintrusion Detection System(IDS)? Explain different reasons for using IDS and

different terminologies associated with IDS.27) What are different types of Intrusion Detection Systems available? Explain with diagrams

(OR)Write short notes on

a) Network-based IDSb) Host-based IDSc) Application-based IDSd) Signature-based IDS

28) What are Honey pots,Honey Nets and Padded cell systems? Explain each.29) What is Attacking Protocol? Explain a) Foot printing and b) Finger printing.30) What are the purposes of Scanning and Analysis tools? Who will be using these tools?

Explain the functioning of few of these tools.31) What is cryptography? Define various encryption terms used.32) What are cryptographic algorithms?33) What is RSA algorithm? Explain different steps>34) What are different possible attacks on crypto systems?35) List and describe four categories of locks? 36) Explain with a diagram different positions in Information security. What are the functions

of a)CISO,b) Information Security Manager, and c)Security Technician37) How the credentials of Information Security Personnels are assessed? What are the

certifications the Information Security Personnels should aquire for fitting into their roles?