Name of the College : Mahatma Gandhi University (MGU)
Department : Computer Science and Engineering
Subject Code/Name : MCSCB 106 – 2/Information Risk Management
Sem : I Semester
Applicable For : 1st year Students
Home Page : mgu.ac.in
Document Type : Model Question Paper
Download Model/Sample Question Paper :
I : https://www.pdfquestion.in/uploads/mgu.ac.in/5035-1-MCSCB%20106-2%20IRM%20-%20I.doc
II : https://www.pdfquestion.in/uploads/mgu.ac.in/5035-2-MCSCB%20106-2%20IRM%20-%20II.doc
Information Risk Management Question Paper :
M.Tech Degree Examination :
Branch: Computer Science and Engineering
Specialization: Cyber Security
Related : MGU MCSCB105–3 Biometric Security M.Tech Model Question Paper : www.pdfquestion.in/5034.html
Model Question Paper – I
First Semester
MCSCB 106 – 2
Information Risk Management :
(Regular – 2013 Admissions)
Time : Three Hours
Maximum : 100 marks
Answer all questions. :
1. a) Explain the relationship among different security components. (12)
b) Write note on COSO risk management. (13)
OR
2. a) Explain the ISO 27000 series of security standards (15)
b) Write note on COBIT risk management. (10)
3. a) Explain the guidelines and procedures for Security Management program. (13)
b) Write note on objectives of information strategy. (12)
OR
4. a) Explain the Risk analysis and management. (13)
b) Write note on risk management standards (12)
5. a) Give a note on security architectural framework. (12)
b) Explain the different concepts of security model (13)
OR
6. a) Explain the security in distributed systems. (10)
b) Discuss different vulnerabilities and threats to information systems. (15)
7. a) Explain about Business Continuity Management. (13)
b) Write note on Business Impact Analysis. (12)
OR
8. a) Explain BC/DR Strategy development. (12)
b) Write note on disaster recovery. (13)
M.Tech DEGREE EXAMINATION :
MCSCB 106 – 2
INFORMATION RISK MANAGEMENT :
(Regular – 2013 Admissions)
Time : Three Hours
Maximum : 100 marks
Answer all questions. :
1. a) Explain the relationship among different security components. (12)
b) Write note on COSO risk management. (13)
OR
2. a) Describe the ISO 27000 series of security standards (15)
b) Write note on COBIT risk management. (10)
3. a) Describe the Risk analysis and management. (13)
b) Write note on risk management standards (12)
OR
4. a) Explain the guidelines and procedures for Security Management program. (13)
b) Write note on objectives of information strategy. (12)
5. a) Briefly explain the security in distributed systems. (10)
b) Discuss different vulnerabilities and threats to information systems. (15)
OR
6. a) Give a note on security architectural framework. (12)
b) Describe the different concepts of security model (13)
7. a) Explain about Business Continuity Management. (13)
b) Write note on Business Impact Analysis. (12)
OR
8. a) Describe BC/DR Strategy development. (12)
b) How is recovery mechanism for when a disaster occurs in an organization? (13)
Information Risk Management Syllabus :
Module 1 :
Information Risk Management : Definitions and relationships among different security components – threat agent, threat, vulnerability, risk, asset, exposure and safeguards; Governance models such as COSO and COBIT, ISO 27000 series of standards for setting up security programs.
Module 2 :
Risk analysis and management, policies, standards, baselines, guidelines and procedures as applied to Security Management program, Information strategy objectives.
Module 3 :
Security awareness and training. Security Architecture and Design: review of architectural frameworks (such as Zachman and SABSA), concepts of Security Models (such as Bell-LaPadula, Biba and Brewer-Nash), vulnerabilities and threats to information systems (such as traditional on-premise systems, web based multi-tiered applications, distributed systems and cloud based services), application of countermeasures to mitigate against those threats and security products evaluation.
Module 4 :
Business Continuity and Disaster Recovery : Business Continuity Management (BCM) concepts, Business Impact Analysis, BC/DR Strategy development, backup and offsite facilities and types of drills and tests. An introduction to Operational Security and Physical security aspects.
References :
1. Alan Calder and Steve G. Watkins, “Information Security Risk Management for IS027001 /IS027002”, IT Governance Ltd, 2010.
2. Susan Snedaker, “Business Continuity and Disaster Recovery Planning for IT Professionals”, Elsevier Science & Technology Books, 2007.
3. Harold F Tipton and Micki Krause, “Information Security Management Handbook”, Volume 1, Sixth Edition, Auerbach Publications, 2003.
4. Andreas Von Grebmer, “Information and IT Risk Management in a Nutshell: A Pragmatic Approach to Information Security” Books on Demand, 2008.
5. Evan Wheeler, ” Security Risk Management” ,Elsevier, 2011.
6. Ian Tibble,”Security De-Engineering: Solving the Problems in Information Risk Management”, CRC Press, 2012.