INFORMATION SECURITY - UNIT 2

Part B (5 Marks Questions - Answer any 4)

1. Explain the key steps involved in an investigation for security purposes.

Security investigations help identify security incidents and prevent future threats. The key steps
include:
- Initiation: Define the reason for investigation, whether a breach, compliance check, or proactive
security assessment.
- Incident Identification: Recognize suspicious activities like unauthorized access, malware
infections, or unusual network behavior.
- Evidence Collection: Gather system logs, network traffic data, and forensic details while
maintaining the integrity of evidence.
- Root Cause Analysis: Identify vulnerabilities or human errors that led to the incident.
- Risk Assessment and Communication: Evaluate risks, inform stakeholders, and implement
necessary security measures.

2. What is an Access Control Matrix (ACM) and its importance in Information Security?
An Access Control Matrix (ACM) is a framework that defines who can access specific resources and
what actions they can perform. It consists of:
- Subjects: Users, processes, or entities requesting access.
- Objects: Files, databases, or system resources that need protection.
- Access Rights: Permissions granted to a subject over an object (e.g., Read, Write, Execute).

Importance:
- Enforces security policies by restricting unauthorized access.
- Helps organizations manage roles and permissions efficiently.
- Prevents data breaches by defining clear access rules.
- Supports implementation of security models like Role-Based Access Control (RBAC).

3. Explain Risk Management in Information Security.

Risk management involves identifying, assessing, and mitigating security risks to protect an
organization's digital assets. The process includes:
- Risk Identification: Recognizing vulnerabilities such as weak passwords, outdated software, and
insider threats.
- Risk Analysis: Evaluating the likelihood and impact of each risk.
- Risk Mitigation: Implementing security controls like firewalls, encryption, and multi-factor
authentication.
- Monitoring & Review: Regular security audits to ensure controls remain effective against evolving
threats.

Part C (10 Marks Questions - Answer any 2)

5. Discuss different types of cyber threats and their impact on security.

Cyber threats continuously evolve, targeting individuals and organizations. Major types include:
- Malware (Viruses, Worms, Ransomware, Spyware): Infects systems, steals data, and disrupts
operations.
- Phishing Attacks: Fake emails trick users into providing credentials.
- Insider Threats: Employees misusing access to leak or manipulate data.
- Zero-Day Exploits: Hackers exploit unknown vulnerabilities before developers release patches.
- DDoS Attacks: Attackers flood a website/server with traffic to take it offline.
- Man-in-the-Middle (MitM) Attacks: Intercepting and altering communication between two parties.

Impact:
- Data loss, financial damage, and reputational harm.
- Operational disruption and legal penalties for data breaches.
- Increased cybersecurity costs for organizations to mitigate risks.

6. Explain Security Policies and why they are essential for organizations.
Security policies are formal rules that organizations follow to protect digital assets and ensure
compliance. Key types include:
- Confidentiality Policies: Restrict access to sensitive information.
- Integrity Policies: Ensure data remains accurate and unaltered.
- Access Control Policies: Define user roles and permissions for accessing resources.
- Incident Response Policies: Outline steps to handle security breaches.

Importance:
- Prevents unauthorized access and data breaches.
- Ensures regulatory compliance (e.g., GDPR, HIPAA).
- Establishes a framework for cybersecurity best practices.
- Reduces financial losses from cyber incidents.

This document provides structured 5-mark and 10-mark questions with detailed answers.