Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
KINGS
COLLEGE OF ENGINEERING
: B.E / IV /VIII
Academic Year
: 2012-2013(Even)
Page 1
UNIT I
FUNDAMENTALS
History, What is Information Security?, Critical Characteristics of Information, NSTISSC Security Model, Components of an Information System, Securing the Components, Balancing Security and Access, The SDLC, The Security SDLC UNIT II SECURITY INVESTIGATION 9
Need for Security, Business Needs, Threats, Attacks, Legal, Ethical and Professional Issues UNIT III SECURITY ANALYSIS 9
Risk Management: Identifying and Assessing Risk, Assessing and Controlling Risk UNIT IV LOGICAL DESIGN 9
Blueprint for Security, Information Security Poicy, Standards and Practices, ISO 17799/BS 7799, NIST Models, VISA International Security Model, Design of Security Architecture, Planning for Continuity UNIT V PHYSICAL DESIGN 9
Security Technology, IDS, Scanning and Analysis Tools, Cryptography, Access Control Devices, Physical Security, Security and Personnel TOTAL: 45 PERIODS TEXT BOOK: 1. Michael E Whitman and Herbert J Mattord, Principles of Information Security, Vikas Publishing House, New Delhi, 2003 REFERENCES: 1. Micki Krause, Harold F. Tipton, Handbook of Information Security Management, Vol 1-3 CRC Press LLC, 2004. 2. Stuart Mc Clure, Joel Scrambray, George Kurtz, Hacking Exposed, Tata McGraw- Hill, 2003 3. Matt Bishop, Computer Security Art and Science, Pearson/PHI, 2002.
Page 2
Page 3
Page 4
Page 5
10) What is the code of ethics to be adhered to by the information security personnel stipulated by different professional organizations? 11) What is Intellectual property? How it can be protected? 12) Who are Hackers? Explain its levels 13) Explain the attack replication vectors 14) Discuss in detail the forces of Nature affecting information security
Page 6
Unit 3 2 Marks 1. What is risk management? 2. What the roles to be played by the communities of interest to manage the risks an organization encounters? Information Technology 3. What is the process of Risk Identification? 4. What are asset identification and valuation. 5. What is Asset Information for People? 6. What are Hardware, Software, and Network Asset Identification? 7. What are Asset Information for Procedures? 8. What are the Asset Information for Data? 9. How information assets are classified? 10. Define the process of Information asset valuation. 11. What are the Questions to assist in developing the criteria to be used for asset valuation? 12. Define data classification and management. 13. What are security clearances? 14. Explain the process of threat identification? 15. How to identify and Prioritize Threats? 18. What is Risk assessment? 16. What are the different threats faced by an information system in an Organization? 17. What is Vulnerability Identification? 19. Mention the Risk Identification Estimate Factors
Page 7
Page 8
Page 9
Page 10
1. What are firewalls? 2. Explain different generations of firewalls. 3. Mention the functions of first generation firewall 4. What are the restrictions of first generation firewall? 5. What is the advantage of Second Generation firewalls? 6. Define stateful inspection firewall 7. What is the disadvantage of third generation firewalls? 8. What is the function of Fifth Generation firewall? 9. How firewalls are categorized by processing mode? 10. What is the drawback of packet-filtering router? 11. What are Screened-Host Firewall Systems 12. What is the use of an Application proxy? 13. What are dual homed host firewalls? 14. What is the use of NAT? 15. What are Screened-Subnet Firewalls? 16. What are the factors to be considered while selecting a right firewall? 17. What are Sock Servers? 18. What are the recommended practices in designing firewalls? 19. What are intrusion detection systems(IDS)? 20. What are different types of IDSs? 21. Define NIDS 22. What is HIDS?
Page 11
Page 12
Page 13
UNIT I 1. Explain in detail about software development life cycle process 2. What is SDLC? Illustrate the security of SDLC 3. Explain in detail about components of information system. 4. Discuss in detail NSTISSC security model UNIT II 1. Discuss in detail the Legal , Ethical and Professionalism issues during security investigation 2. Explain in detail the different types of cryptanalytic attacks. 3. Explain in detail about different type of threats 4. Explain in detail about legal issues during security investigation? UNIT III 1. Explain in detail about Risk Control strategy 2. What is risk Management?.State the methods of identifying and assessing risk management 3. Explain in detail about Risk Control Cycle 4. Explain in detail about Risk handling decision points 5. Explain in detail Cost Benefit Analysis and Exposure Factor UNIT IV 1. List the styles of architecture security models .Discuss them in detail 2. Briefly explain the NIST SECURITY MODEL 3. Explain in detail about designing of security architecture Kings College of Engineering Page 14
IT2042 INFORMATION SECURITY 4. Explain in detail about planning for continuity. UNIT V 1. Explain in detail about IDS and its types. 2. Write short notes on scanning and analysis tools used during design 3. Write notes on the control devices used in security design 4. What is cryptography?.Discuss the authentication models used in cryptography. 5. What is intrusion detection system?.Explain its types in detail.
Page 15
******************************************************************************************************
B.E/B.Tech DEGREE EXAMINATION,NOVEMBER/DECEMBER 2008 Seventh Semester Computer Science and Engineering CS 1014- INFORMATION SECURITY (Regulation 2004)
Time :Three hours Maximum:100 Marks.
Page 16
Page 17
**************************************************************************************************************************************** B.E./B.Tech. DEGREE EXAMINATION, NOVEMBER/DECEMBER 2011. Seventh Semester IT 2042 INFORMATION SECURITY (Regulation 2008) Answer ALL questions PART A (10 2 = 20 marks) 1. What is information security? 2. Why is a methodology important in implementing the information security? 3. Why is information security a management problem? 4. Distinguish between DoS and DDoS. 5. What is risk management? 6. What is the difference between benchmark and baseline? 7. What is information security policy? 8. What are the inherent problems with ISO 17799? 9. Distinguish between symmetric and asymmetric encryption. 10. What are the credentials of information security professionals? PART B (5 16 = 80 marks) 11. (a) (i) Describe the critical characteristics of information. How are they used in the study of computer security? (8) (ii) Explain the security system development life cycle in detail. (8) Or 2webworld 2webworld (b) (i) Explain the NSTISSC security model and the top-down approach to security implementation.(8) (ii) Briefly explain the components of an information system and their security. (8)
12. (a) (i) Explain the various groups of threats faced by an organization. (8) (ii) Discuss the ethical concepts in information security and the prevention to illegal and unethical behavior. (8) Or 2 (b) (i) Explain the four important functions of information security in an organization. (8)
Page 18
13. (a) (i) Describe the process of risk identification in detail. (8) (ii) Discuss the risk control strategies that guide an organization. (8) Or 2 We b) (i) Discuss the risk assessment and the documentation of its results. (8) (ii) Explain the various feasibility studies considered for a project of information security controls and safeguards. (8)
14. (a) (i) Explain the different types of information security policies. (8) (ii) Discuss the features of VISA international security model. (8) Or 2webworld 2webworld (b) (i) Explain the NIST Security model in detail. (8) (ii) Explain the various components used in designing the security architecture. (8) 15. (a) (i) Discuss the different types of intrusion detection systems. (8) (ii) Describe the access controls used for providing physical security. (8) Or 2webworld 2webworld (b) (i) Write notes on scanning and analysis tools used during design.(8) (ii) Discuss the cryptographic tools used for providing the security.(8)
******************************************************************************************************
Page 19