Data and Information Security - CW3551 - Important Questions On Model Paper With Answers
Data and Information Security - CW3551 - Important Questions On Model Paper With Answers
4th Semester
2nd Semester
Deep Learning -
AD3501
Embedded Systems
Data and Information Human Values and
and IoT - CS3691
5th Semester
7th Semester
8th Semester
Open Elective-1
Distributed Computing Open Elective 2
- CS3551 Project Work /
Elective-3
Open Elective 3 Intership
Big Data Analytics - Elective-4
CCS334 Open Elective 4
Elective-5
Elective 1 Management Elective
Elective-6
Elective 2
All Computer Engg Subjects - [ B.E., M.E., ] (Click on Subjects to enter)
Programming in C Computer Networks Operating Systems
Programming and Data Programming and Data Problem Solving and Python
Structures I Structure II Programming
Database Management Systems Computer Architecture Analog and Digital
Communication
Design and Analysis of Microprocessors and Object Oriented Analysis
Algorithms Microcontrollers and Design
Software Engineering Discrete Mathematics Internet Programming
Theory of Computation Computer Graphics Distributed Systems
Mobile Computing Compiler Design Digital Signal Processing
Artificial Intelligence Software Testing Grid and Cloud Computing
Data Ware Housing and Data Cryptography and Resource Management
Mining Network Security Techniques
Service Oriented Architecture Embedded and Real Time Multi - Core Architectures
Systems and Programming
Probability and Queueing Theory Physics for Information Transforms and Partial
Science Differential Equations
Technical English Engineering Physics Engineering Chemistry
Engineering Graphics Total Quality Professional Ethics in
Management Engineering
Basic Electrical and Electronics Problem Solving and Environmental Science and
and Measurement Engineering Python Programming Engineering
lOMoARcPSD|45374298
www.BrainKart.com
4. Define Vulnerability.
Vulnerability refers to the security flaws in a system that allows an attack to be successful.
Weaknesses or gaps in a security program that can be expoited by threats to gain unauthorized access
to an asset.
5. What is intellectual property?
Intellectual property is “the ownership of ideas and control over the tangible or virtual
representation of those ideas” .
Many organizations are in business to create intellectual property
□ trade secrets
□ copyrights
□ trademarks
□ patents
What is a policy? How it is different from law?
Policies: A body of expectations that describe acceptable and unacceptable employee behaviors in
6. the workplace.
It functions as organizational laws, complete with penalties, judicial practices, and sanctions to require
https://play.google.com/store/apps/details?id=info.therithal.brainkart.annauniversitynotes
lOMoARcPSD|45374298
www.BrainKart.com
complaints.
The difference between policy and a law, however, is that ignorance of a policy is an acceptable
defense.
7. Who are hackers? What are the two hacker levels?
The classic perpetrator of deliberate acts of espionage or trespass is the hacker. Hackers are
“people who use and create computer software [to] gain access to information illegally”. Generally two
skill levels among hackers:
□ Expert hacker
□ unskilled hacker(Script kiddies)
8. Distinguish between DoS and DDoS.
https://play.google.com/store/apps/details?id=info.therithal.brainkart.annauniversitynotes
lOMoARcPSD|45374298
www.BrainKart.com
end. (For example, the US census data reveals information about the voters like their gender,
age, race, and so on.
Possession – the possession of information is the quality or state of having ownership or
control of some object or item. Breach of possession does not result in breach of
confidentiality.(Illegal possession of encrypted data never allows someone to read it without
proper decryption methods)
ii) Explain any five professional in information security with their role and focus.
Senior Management
Chief Information Officer
• The senior technology officer
• Primarily responsible for advising the senior executive(s) for strategic planning
Chief Information Security Officer
Responsible for the assessment, management, and implementation of securing the
information in the organization
Referred to as the Manager for Security
Security Project Team
A number of individuals who are experienced in one or multiple requirements of both the
technical and non-technical areas:
The champion
The team leader
Security policy developers
Risk assessment specialists
Security professionals
Systems administrators
End users
Data Ownership
Data owner: responsible for the security and use of a particular set of information
Data custodian: responsible for storage, maintenance, and protection of information
Data users: end users who work with information to perform their daily jobs supporting the
mission of the organization
11.b) i) Explain in detail about the various components of an information system.
An Information System (IS) is much more than computer hardware; it is the entire set of software,
hardware, data, people, and procedures necessary to use information as a resource in the organization
Software component of IS comprises applications, operating systems, and assorted command
utilities.
Hardware is the physical technology that houses and executes the software, stores and carries
the data, provides interfaces for the entry and removal of information from the system.
Data – Data stored, processed, and transmitted through a computer system must be protected.
Data is the most valuable asset possessed by an organization and it is the main target of
intentional attacks.
People – Though often overlooked in computer security considerations, people have always
been a threat to information security and they are the weakest link in a security chain..
Procedures – Procedures are written instructions for accomplishing when an unauthorized
user obtains an organization’s procedures, it poses threat to the integrity of the information.
Networks - Information systems in LANs are connected to other networks such as the internet
and new security challenges are rapidly emerge.
ii) Give a brief note on NSTISSC security model.
‘National Security Telecommunications & Information systems security committee’ document.
- It is now called the National Training Standard for Information security professionals.
The NSTISSC Security Model provides a more detailed perspective on security.
While the NSTISSC model covers the three dimensions of information security, it omits
discussion of detailed guidelines and policies that direct the implementation of controls.
Another weakness of using this model with too limited an approach is to view it from a single
perspective.
https://play.google.com/store/apps/details?id=info.therithal.brainkart.annauniversitynotes
lOMoARcPSD|45374298
www.BrainKart.com
-The 3 dimensions of each axis become a 3x3x3 cube with 27 cells representing areas that must be
addressed to secure today’s Information systems.
- To ensure system security, each of the 27 cells must be properly addressed during the security
process.
-For ex, the intersection between technology, Integrity & storage areas requires a control or
safeguard that addresses the need to use technology to protect the Integrity of information while in
storage.
12.a) Explain the components of System Development Life Cycle (SDLC) with neat sketch.
Information security must be managed in a manner similar to any other major system implemented in
the organization
Using a methodology
– ensures a rigorous process
– avoids missing steps
The goal is creating a comprehensive security posture/program
Investigation
What is the problem the system is being developed to solve?
– The objectives, constraints, and scope of the project are specified
– A preliminary cost/benefit analysis is developed
– A feasibility analysis is performed to assesses the economic, technical, and behavioral feasibilities
of the process.
Analysis
Consists primarily of
– assessments of the organization
– the status of current systems
– capability to support the proposed systems
Analysts begin to determine
– what the new system is expected to do
– how the new system will interact with existing systems
Ends with the documentation of the findings and a feasibility analysis update
Logical Design
Based on business need, applications are selected capable of providing needed services
Based on applications needed, data support and structures capable of providing the needed inputs
are identified
Finally, based on all of the above, select specific ways to implement the physical solution are
chosen
At the end, another feasibility analysis is performed
Physical Design
Specific technologies are selected to support the alternatives identified and evaluated in the logical
design
Selected components are evaluated based on a make-or-buy decision
Entire solution is presented to the end-user representatives for approval
Implementation
Components are ordered, received, assembled, and tested
Users are trained and documentation created
Users are then presented with the system for a performance review and acceptance test
https://play.google.com/store/apps/details?id=info.therithal.brainkart.annauniversitynotes
lOMoARcPSD|45374298
www.BrainKart.com
https://play.google.com/store/apps/details?id=info.therithal.brainkart.annauniversitynotes
lOMoARcPSD|45374298
www.BrainKart.com
13.b) Discuss the ethical concepts in information security and the prevention to illegal and unethical
behavior.
They shall not use a computer to harm other people
They shall not interfere with other people's computer work
They shall not snoop around in other people's computer files
They shall not use a computer to steal
They shall not use a computer to bear false witness
They shall not copy or use proprietary software for which you have not paid
They shall not use other people's computer resources without authorization or proper
compensation
They shall not appropriate other people's intellectual output
They shall think about the social consequences of the program you are writing or the system
you are designing
They shall always use a computer in ways that insure consideration and respect for your fellow
humans
Ethical Differences across Cultures
Cultural differences create difficulty in determining what is and is not ethical
Difficulties arise when one nationality’s ethical behavior conflicts with ethics of another
national group
Example: many of ways in which Asian cultures use computer technology is software piracy
Ethics and Education Overriding factor in leveling ethical perceptions within a small
population is education
Employees must be trained in expected behaviours of an ethical employee, especially in
areas of information security
Proper ethical training vital to creating informed, well prepared, and low-risk system user
Deterring Unethical and Illegal Behavior
– Responsibility of information security personnel to do everything in their power to
deter(prevent) unethical and illegal acts, using policy, education, training, and
technology as controls or safeguards to protect the information and systems
– Many underestimate the value of policy
– Three general categories of unethical behavior that organizations and society should seek
to eliminate:
https://play.google.com/store/apps/details?id=info.therithal.brainkart.annauniversitynotes
lOMoARcPSD|45374298
www.BrainKart.com
–Ignorance
• The first method of deterrence is education.This is
accomplished by means ofdesigning ,publishing and
disseminating organization policies and relevant laws.
• Training and awareness program
–Accident
Individuals with authorization and privileges to manage
information within theorganization are most likely to cause
harm or damage by accident.
• Careful planning and control helps prevent accidental modification to
systems data.
–Intent
Protecting a system against those with intent to cause
harm or damage is best accomplished by means of
technical controls and vigorous litigation or
prosecutionif these controls fail.
– Deterrence(to prevent from occurring) is the best method for preventing an
illegal or unethicalactivity
–Example: laws, policies, and technical controls
– Generally agreed that laws, policies and their associated penalties only deter if
three conditions are present:
–Fear of penalty
–Probability of being caught
–Probability of penalty being administered
14.a) List the different types of threats and also explain any four of them.
https://play.google.com/store/apps/details?id=info.therithal.brainkart.annauniversitynotes
lOMoARcPSD|45374298
www.BrainKart.com
Bell-LaPadula model is a security method created for the US government to preserve the
confidentiality of information
https://play.google.com/store/apps/details?id=info.therithal.brainkart.annauniversitynotes
lOMoARcPSD|45374298
www.BrainKart.com
SSL ARCHITECTURE
SSL components
• Four Protocols
– Handshake Protocol
– Change Cipher Spec Protocol
– Alert Protocol
– Record Protocol
Handshake protocol
https://play.google.com/store/apps/details?id=info.therithal.brainkart.annauniversitynotes
lOMoARcPSD|45374298
www.BrainKart.com
Handshake protocol-Phase 1
Handshake protocol-Phase 2
Handshake protocol-Phase 3
Handshake protocol-Phase 4
https://play.google.com/store/apps/details?id=info.therithal.brainkart.annauniversitynotes
lOMoARcPSD|45374298
www.BrainKart.com
Record Protocol
https://play.google.com/store/apps/details?id=info.therithal.brainkart.annauniversitynotes
lOMoARcPSD|45374298
www.BrainKart.com
https://play.google.com/store/apps/details?id=info.therithal.brainkart.annauniversitynotes
lOMoARcPSD|45374298
www.BrainKart.com
SET transactions
https://play.google.com/store/apps/details?id=info.therithal.brainkart.annauniversitynotes
lOMoARcPSD|45374298
www.BrainKart.com
Purchase Request
https://play.google.com/store/apps/details?id=info.therithal.brainkart.annauniversitynotes
lOMoARcPSD|45374298
www.BrainKart.com
https://play.google.com/store/apps/details?id=info.therithal.brainkart.annauniversitynotes
Click on Subject/Paper under Semester to enter.
Professional English Discrete Mathematics Environmental Sciences
Professional English - - II - HS3252 - MA3354 and Sustainability -
I - HS3152 GE3451
Digital Principles and
Statistics and Probability and
Computer Organization
Matrices and Calculus Numerical Methods - Statistics - MA3391
- CS3351
- MA3151 MA3251
3rd Semester
1st Semester
4th Semester
2nd Semester
Deep Learning -
AD3501
Embedded Systems
Data and Information Human Values and
and IoT - CS3691
5th Semester
7th Semester
8th Semester
Open Elective-1
Distributed Computing Open Elective 2
- CS3551 Project Work /
Elective-3
Open Elective 3 Intership
Big Data Analytics - Elective-4
CCS334 Open Elective 4
Elective-5
Elective 1 Management Elective
Elective-6
Elective 2
All Computer Engg Subjects - [ B.E., M.E., ] (Click on Subjects to enter)
Programming in C Computer Networks Operating Systems
Programming and Data Programming and Data Problem Solving and Python
Structures I Structure II Programming
Database Management Systems Computer Architecture Analog and Digital
Communication
Design and Analysis of Microprocessors and Object Oriented Analysis
Algorithms Microcontrollers and Design
Software Engineering Discrete Mathematics Internet Programming
Theory of Computation Computer Graphics Distributed Systems
Mobile Computing Compiler Design Digital Signal Processing
Artificial Intelligence Software Testing Grid and Cloud Computing
Data Ware Housing and Data Cryptography and Resource Management
Mining Network Security Techniques
Service Oriented Architecture Embedded and Real Time Multi - Core Architectures
Systems and Programming
Probability and Queueing Theory Physics for Information Transforms and Partial
Science Differential Equations
Technical English Engineering Physics Engineering Chemistry
Engineering Graphics Total Quality Professional Ethics in
Management Engineering
Basic Electrical and Electronics Problem Solving and Environmental Science and
and Measurement Engineering Python Programming Engineering