Name of the College : Noorul Islam College of Engineering
University : Anna University
Degree : B.E
Department : Computer Science and Engineering
Subject Code/Name : CS 1014 – Information Security
Year : IV
Semester : VII
Document Type : Question Bank
Website : niceindia.com
Download : https://www.pdfquestion.in/uploads/ni…N_SECURITY.pdf
NICE Information Security Question Bank
2-MARKS
Two Marks :
1. Define Information Security :
It is a well-informed sense of assurance that the information risks and controls are in balance.
Related : Noorul Islam College of Engineering CS1203 System Software B.E Question Bank : www.pdfquestion.in/2948.html
2. What is Security? :
Security is “the quality or state of being secure-to be free from danger”.
3. What are the multiple layers of Security? :
** Physical Security
** Personal Security
** Operations Security
** Communication Security
** Network Security
** Information Security
4. What are the characteristics of CIA triangle? :
** Confidentiality
** Integrity
** Availability
5. What are the characteristics of Information Security? :
** Availability
** Accuracy
** Authenticity
** Confidentiality
** Integrity
** Utility
** Possession
6. What is E-mail Spoofing? :
It is the process of sending an e-mail with a modified field.
7. What is UDP Packet Spoofing? :
User Data Protocol (UDP) Packet Spoofing enables the attacker to get unauthorized access to data stored on computing systems.
8. What are the measures to protect the confidentiality of information? :
** Information Classification
** Secure document storage
** Application of general Security Policies.
** Education of information end-users
9. What is Utility of information? :
Utility of information is the quality or state of having value for some purpose or end.
10. What are the components of information system? :
** Software
** Hardware
** Data
** People
** Procedures
** Networks.
11. What are the functions of Locks & Keys? :
Locks & Keys are the traditional tools of physical security, which restricts access to, and interaction with the hardware components of an information system.
12. What is Network Security? :
It is the implementation of alarm and intrusion systems to make system owners aware of ongoing compromises.
13. Differentiate Direct and Indirect attacks.
Direct Attack :
It is when a hacker uses his personal computer to break into the system
Originate from the threat itself.
Indirect Attack :
It is when a system is compromised and used to attack other systems, such as in a distributed deniel of service attack.
Originate from a system or resource that itself has attacked & it is malfunctioning or working under the control of a threat.
14. What is SDLC? :
The Systems Development Life Cycle is a methodology for the design and implementation of an information system in an organization.
15. What is a methodology? :
Methodology is a formal approach to solve a problem based on a structured sequence of procedures.
16-MARKS
1.Explain the Critical Characteristics of Information
** Availability
** Accuracy
** Authenticity
** Confidentiality
** Integrity
** Utility
** Possession
2. Explain the Components of an Information System
** Software
** Hardware
** People
** Data
** Procedures
** Networks
3. Explain SDLC in detail.
** Methodology
** Phases
** Phases
** Investigation
** Analysis
** Logical Design
** Physical Design
** Implementation
** Maintenance and change
4. Explain SecSDLC in detail
** Investigation
** Analysis
** Logical Design
** Physical Design
** Implementation
** Maintenance and change
5. Explain the functions of an Information security organization
** Protects the organization’s ability to function
** Enabling safe operation of applications
** Protecting data that organizations collect and use
** Safeguarding technology assets in organizations
6. Explain the categories of Threat in detail.
** Acts of human error or failure
** Deviations in QOS by service providers
** Deliberate acts of espionage or trespass
** Deliberate acts of information extortion
** Deliberate acts of Sabotage or vandalism
** Deliberate acts of theft
** Deliberate software attacks
** Compromises to Intellectual Property
** Forces of Nature.
7. Explain the types of Attacks in detail?
** Malicious code
** Hoaxes
** Back Doors
** Password Crack
** Brute Force
** Dictionary
8. Explain General Computer Crime Laws.
** Computer Fraud & abuse Act 0f 1986
** USA Patriot Act of 2001
** Communications Decency Act
** Computer Security Act of 1987
9. Explain Ethical Concepts in Information Security.
** Cultural Differences in Ethical Concepts
** Software License Infringement
** Illicit use
** Misuse of corporate resources
10. Explain Risk Management in detail.
** Know Yourself
** Know Your Enemy
** All Communities of Interest