Subject Name: CS9224 -
INFORMATION SECURITY
Unit - 1
1. What is C.I.A?
The C.I.A. triangle was the standard
based on confidentiality, integrity, and availability. The C.I.A. triangle has
expanded into a list of critical characteristics of information.
2. Write a note on the
history of information security
Computer security began immediately
after the first mainframes were developed Groups developing code-breaking
computations during World War II created the first modern computers Physical
controls were needed to limit access to authorized personnel to sensitive
military locations Only rudimentary controls were available to defend against
physical theft, espionage, and sabotage
3. What is Rand Report R-609?
Information Security began with Rand
Corporation Report R-609, The Rand Report was the first widely recognized
published document to identify the role of management and policy issues in
computer security.
4. What is the scope of computer security?
The scope of computer security grew
from physical security to include: Safety of the data Limiting unauthorized
access to that data Involvement of personnel from multiple levels of the
organization
5. Define Physical security
Physical Security - to protect physical
items, objects or areas of organization from unauthorized access and misuse
6. Define Personal Security
Personal Security involves protection
of individuals or group of individuals who are authorized to access the
organization and its operations
7. Define Operations security
Operations security focuses on the
protection of the details of particular operations or series of activities.
8. Define Communications
security
Communications security - encompasses
the protection of organization's communications media, technology and content
9. Define Network
security
Network
security - is the protection of networking components,connections,and contents
10. Define Information
security
Information security - is the
protection of information and its critical elements, including the systems and
hardware that use, store, and transmit the information
11. What are the
critical characteristics of information?
·
Availability
·
Accuracy
·
Authenticity
·
Confidentiality
·
Integrity
·
Utility
·
Possession
12. What is NSTISSC
Security model?
This refers to "The National
Security Telecommunications and Information Systems Security Committee"
document. This document presents a comprehensive model for information
security. The model consists of three dimensions
13. What are the
components of an information system?
An Information System (IS) is much
more than computer hardware; it is the entire set of software, hardware, data,
people, and procedures necessary to use information as a resource in the
organization
14. What is meant by
balancing Security and Access?
- Balancing Security and Access
- It is impossible to obtain perfect security - it is not an absolute; it is a process
- Security should be considered a balance between protection and availability
- To achieve balance, the level of security must allow reasonable acces, yet protect against threats
15. What are the
approaches used for implementing information security?
- Bottom Up Approach
- Top-down Approach
16. What is SDLC?
·
The
Systems Development Life Cycle
· Information
security must be managed in a manner similar to any other major system
implemented in the organization
·
Using
a methodology
·
ensures
a rigorous process
·
avoids
missing steps
17. Explain different
phases of SDLC
Investigation,
Analysis, Logical Design, Physical Design, Implementation,Maintenance and
Change
18. What is Security
SDLC?
- Security Systems Development Life Cycle
- The same phases used in the traditional SDLC adapted to support the specialized implementation of a security project
- Basic process is identification of threats and controls to counter them
- The SecSDLC is a coherent program rather than a series of random, seemingly unconnected actions
19. How information
security is viewed as a social science?
·
Social
science examines the behavior of individuals interacting with systems
·
Security
begins and ends with the people that interact with the system
·
End
users may be the weakest link in the security chain
· Security
administrators can greatly reduce the levels of risk caused by end users, and
create more acceptable and supportable security profiles
20. What are the
information security roles to be played by various professionals in a typical
organization?
·
Senior
Management - Chief Information Officer, Chief Information Security Officer
·
Security
Project Team
·
The
champion
·
The
team leader
·
Security
policy developers
·
Risk
assessment specialists
·
Security
professionals
·
Systems
administrators
·
End
users
21. What are the three
types of data ownwership and their responsibilities?
Data Owner - responsible for the
security and use of a particular set of information Data Custodian -
responsible for the storage, maintenance, and protection of the information Data
Users - the end systems users who work with the information to perform their
daily jobs supporting the mission of the organization
22. What is the
difference between a threat agent and a threat?
A threat is a category of
objects,persons,or other entities that pose a potential danger to an asset.
Threats are always present. A threat agent is a specific instance or component
of a threat. (For example All hackers in the world are a collective threat
Kevin Mitnick,who was convicted for hacking into phone systems was a threat
agent.)
23. What is the
difference between vulnerability and exposure?
The exposure of an information system
is a single instance when the system is open to damage. Weakness or faults in a
system expose information or protection mechanism that expose information to
attack or damage or known as vulnerabilities.
24. What is attack?
An attack is an intentional or
unintentional attempt to cause damage or otherwise compromise the information.
If some one casually reads sensitive information not intended for his or her
use ,this considered as a passive attack. If a hacker attempts to break into an
information system,the attack is considered active.
25. What is hacking?
Hacking can be defined positively and negatively.
To writes computer programs for enjoyment to gain access to a computer
illegally
26. What is security
blue print?
The security blue print is the plan
for the implementation of new security measures in the organization. Some times
called a framework,the blue print presents an organized approach to the
security planning process.
27. What is MULTICS?
MULTICS was an operating system ,now
obsolete. MULTICS is noewothy because it was the first and only OS created with
security as its primary goal. It was a mainframe ,time-sharing OS developed in
mid - 1960s by a consortium from GE,Bell Labs,and MIT.
28. What is ARPANET?
Department of Defense in US,started a
research program on feasibility of a redundant,networked communication system
to support the military's exchange of information.Larry Robers,known as the
founder if internet ,developed the project from its inception.
29. Define E-mail
spoofing
Information is authentic when the
contents are original as it was created,palced or stored or transmitted.The
information you receive as e-mail may not be authentic when its contents are
modified what is known as E-mail spoofing
No comments:
Post a Comment