Professional Documents
Culture Documents
KINGS
DEPARTMENT
DEPARTME T OF COMPUTER SCIENCE AND ENGINEERING
ENGINE ING
JNTU
Kings World Team
College of Enginee ng Page 1
Follow Your Syllabus
SYLLABUS
UNIT I FUNDAMENTALS 9
History, What is Information Security?, Critical Characteristics of Information, NSTISSC Security
Model, Components of an Information System, Securing the Components, Balancing Security and
Access, The SDLC, The Security SDLC
TOTAL: 45 PERIODS
TEXT BOOK:
1. Michael E Whitman and Herbert J Mattord, Principles of Information Security, Vikas
Publishing House, New Delhi, 2003
REFERENCES:
1. Micki Krause, Harold F. Tipton, Handbook of Information Security Management, Vol 1-3 CRC
Press LLC, 2004.
2. Stuart Mc Clure, Joel Scrambray, George Kurtz, Hacking Exposed, Tata McGraw- Hill, 2003
3. Matt Bishop, Computer Security Art and Science, Pearson/PHI, 2002.
Unit 1
2 Marks
2. What is C.I.A?
6. What is Security?
17. What are the approaches used for implementing information security?
22. What are the information security roles to be played by various professionals in a
typical organization?
JNTU World Team Page 3
Follow Your Syllabus
23. What are the three types of data ownwership and their responsibilities?
30.What is ARPANET?
16 Marks
1) Explain the four important functions, the information security performs in an organization
7) What are different US laws and International laws on computer based crimes?
8) Explain in detail the Legal, Ethical and Professional issues during the security investigation
10) What is the code of ethics to be adhered to by the information security personnel stipulated by
different professional organizations?
Unit 2
2 Marks
1) What are the four important functions, the information security performs in an
organization?
16 Marks
1) Explain the four important functions, the information security performs in an organization
7) What are different US laws and International laws on computer based crimes?
8) Explain in detail the Legal, Ethical and Professional issues during the security investigation
10) What is the code of ethics to be adhered to by the information security personnel stipulated
by different professional organizations?
Unit 3
2 Marks
2. What the roles to be played by the communities of interest to manage the risks an
organization encounters?
Information Technology
11. What are the Questions to assist in developing the criteria to be used for asset
valuation?
16. What are the different threats faced by an information system in an Organization?
16 Marks
1. What is risk management? State the methods of identifying and assessing risk management
2. Discuss in detail the process of assessing and controlling risk management issues
3. What is risk management? Why is the identification of risks by listing assets and vulnerabilities
is so important in the risk management process?
6. Explain in detail the three types of Security policies (EISP,ISSP and sysSP).
8. Explain the roles to be played by the communities of interest to manage the risks an
organization encounters
11. Explain how the risk controls are effectively maintained in an organization
13) Write short notes on a) Incidence Response Plan b)Disaster Recovery Plan c)Business
continuity plan
12. Explain in detail the process of asset identification for different categories
16. Explain the process of vulnerability identification and assessment for different threats faced by
an information security system
Unit 4
2 Marks
1. What is a policy?
10. What is the alternate Security Models available other than ISO 17799/BS 7799?
17. What are the key technological components used for security implementation?
16 Marks
1. What are ISO 7799 and BS7799? Explain their different sections and salient features.
6. Compare and contrast the ISO 17700 wit BS 7799 NIST security model
11. Explain the key technological components used for security implementation
14. What is Business Impact Analysis? Explain different stages of BIA in detail.
Unit 5
2 Marks
16. What are the factors to be considered while selecting a right firewall?
31. What are the advantages and disadvantages of using honey pot or padded cell
approach?
16 Marks
1. Explain in detail
6. What are fire wall rules? Explain different fire wall rule sets.
7. What is intrusion Detection System(IDS)? Explain different reasons for using IDS and different
terminologies associated with IDS.
8. What are different types of Intrusion Detection Systems available? Explain with diagrams
10. What are Honey pots,Honey Nets and Padded cell systems? Explain each.
11. What is Attacking Protocol? Explain a) Foot printing and b) Finger printing.
12. What are the purposes of Scanning and Analysis tools? Who will be using these tools?
Explain the functioning of few of these tools.
18. What are the functions of a)CISO,b) Information Security Manager, and c)Security Technician
20. What are the certifications the Information Security Personnels should aquire for fitting into
their roles?
UNIT I
1. Explain in detail about software development life cycle process
2. What is SDLC? Illustrate the security of SDLC
3. Explain in detail about components of information system.
4. Discuss in detail NSTISSC security model
UNIT II
1. Discuss in detail the Legal , Ethical and Professionalism issues during security
investigation
2. Explain in detail the different types of cryptanalytic attacks.
3. Explain in detail about different type of threats
4. Explain in detail about legal issues during security investigation?
UNIT III
1. Explain in detail about Risk Control strategy
2. What is risk Management?.State the methods of identifying and assessing risk
management
3. Explain in detail about Risk Control Cycle
4. Explain in detail about Risk handling decision points
5. Explain in detail Cost Benefit Analysis and Exposure Factor
UNIT IV
1. List the styles of architecture security models .Discuss them in detail
2. Briefly explain the NIST SECURITY MODEL
3. Explain in detail about designing of security architecture