Group B

Attempt any two questions (10*2)

11. What do you mean by computer forensic. Write about the importance and types of
computers forensic.
Ans
Computer forensics: Computer forensics is the application of investigation and analysis
techniques to gather and preserve evidence from a particular computing device in a way
that is suitable for presentation in a court of law. The goal of computer forensics is to
perform a structured investigation and maintain a documented chain of evidence to find
out exactly what happened on a computing device and who was responsible for it.

Digital forensics starts with the collection of information in a way that maintains its
integrity. Investigators then analyze the data or system to determine if it was changed,
how it was changed and who made the changes. The use of computer forensics isn't
always tied to a crime. The forensic process is also used as part of data recovery
processes to gather data from a crashed server, failed drive, reformatted operating
system (OS) or other situation where a system has unexpectedly stopped working.

Types of computer forensics

There are various types of computer forensic examinations. Each deals with a specific
aspect of information technology. Some of the main types include the following:

Database forensics. The examination of information contained in databases, both data

and related metadata.

Email forensics. The recovery and analysis of emails and other information contained in
email platforms, such as schedules and contacts.

Malware forensics. Sifting through code to identify possible malicious programs and
analyzing their payload. Such programs may include Trojan horses, ransomware or
various viruses.

Memory forensics. Collecting information stored in a computer's random access memory

(RAM) and cache.
Mobile forensics. The examination of mobile devices to retrieve and analyze the
information they contain, including contacts, incoming and outgoing text messages,
pictures and video files.

Network forensics. Looking for evidence by monitoring network traffic, using tools such
as a firewall or intrusion detection system.

Important of Computer forensics

In the civil and criminal justice system, computer forensics helps ensure the integrity of
digital evidence presented in court cases. As computers and other data-collecting
devices are used more frequently in every aspect of life, digital evidence -- and the
forensic process used to collect, preserve and investigate it -- has become more
important in solving crimes and other legal issues.

The average person never sees much of the information modern devices collect. For
instance, the computers in cars continually collect information on when a driver brakes,
shifts and changes speed without the driver being aware. However, this information can
prove critical in solving a legal matter or a crime, and computer forensics often plays a
role in identifying and preserving that information.

Digital evidence isn't just useful in solving digital-world crimes, such as data theft,
network breaches and illicit online transactions. It's also used to solve physical-world
crimes, such as burglary, assault, hit-and-run accidents and murder.

Businesses often use a multilayered data management, data governance and network
security strategy to keep proprietary information secure. Having data that's well managed
and safe can help streamline the forensic process should that data ever come under
investigation.

Businesses also use computer forensics to track information related to a system or

network compromise, which can be used to identify and prosecute cyber attackers.
Businesses can also use digital forensic experts and processes to help them with data
recovery in the event of a system or network failure caused by a natural or other disaster.

As the world becomes more reliant on digital technology for the core functions of life,
cybercrime is rising. As such, computer forensic specialists no longer have a monopoly
on the field. See how the police in the U.K. are adopting computer forensic techniques to
keep up with increasing rates of cybercrime.

12. Write briefly about CIA Security Triad. How can you maintain CIA at Organizational level?
Ans
 CIA Security Triad
The CIA security triad, also known as the CIA triad,is a foundational concept in information
security that outlines three core principles for protecting information assets: confidentiality,
integrity and availability.These three principles form the basis for designing and
implementing security measures to safeguard sensitive information and ensure that it
remains accessible,trustworthy and protected from unauthorized access, alternation or
destruction.
Confidentiality: Confidentiality ensures that sensitive information is only accessible to
authorized individuals, systems or processes.It involves measures such as encryption, access
controls and secure communication channels to prevent unauthorized disclosure of
information.
Availability:Availability ensures that information and resources are accessible and usable
when needed by authorized users.It involves measures to prevent or mitigate disruptions to
systems or services,such as redundancy,disaster recovery planning and access controls to
prevent denial-of-service attacks.
Integrity:Integrity ensures that information remains accurate,complete,and unaltered during
storage,transmission and processing .It involves measure to detect and prevent
unauthorized modifications such as checksum, digital signatures and access controls to
prevent unauthorized changes.
Maintaining the CIA (Confidentiality, Integrity, Availability) triad at an organizational level involves
implementing a comprehensive set of policies, procedures, technologies, and practices across the
entire organization. Here are some key steps to achieve and maintain CIA at the organizational
level:

.
Risk Assessment: Conduct regular risk assessments to identify potential threats, vulnerabilities,
and risks to the organization's information assets. This includes assessing the potential impact on
confidentiality, integrity, and availability.
.
.
Policies and Procedures: Develop and enforce security policies and procedures that address
confidentiality, integrity, and availability concerns. These policies should cover areas such as data
classification, access control, encryption, incident response, and business continuity planning.
.
.
Access Control: Implement robust access controls to ensure that only authorized individuals have
access to sensitive information. This includes role-based access control (RBAC), strong
authentication mechanisms (e.g., multi-factor authentication), and regular access reviews.
.
.
Encryption: Use encryption to protect sensitive data both at rest and in transit. This helps maintain
confidentiality by ensuring that even if data is intercepted or stolen, it remains unreadable without
the appropriate decryption keys.
.
.
Data Backup and Recovery: Establish regular data backup procedures to ensure data availability
in the event of a system failure, disaster, or cyberattack. Test backups regularly to verify their
integrity and reliability, and implement a robust recovery plan.
.
.
 Security Awareness Training: Provide regular security awareness training to all employees to
educate them about the importance of maintaining confidentiality, integrity, and availability. This
includes training on best practices for password management, phishing awareness, and handling
sensitive information.
.
.
Monitoring and Detection: Deploy security monitoring tools and techniques to detect and
respond to security incidents in real-time. This includes intrusion detection systems (IDS), security
information and event management (SIEM) systems, and regular security audits.
.
.
Incident Response Plan: Develop and regularly update an incident response plan that outlines the
steps to be taken in the event of a security breach or incident. This should include procedures for
containing the incident, mitigating the impact, and restoring normal operations while preserving
the confidentiality, integrity, and availability of data.
.
.
Compliance and Auditing: Ensure compliance with relevant regulations, standards, and
frameworks (e.g., GDPR, HIPAA, ISO 27001) through regular audits and assessments. This helps
ensure that the organization's security controls are effective and aligned with industry best
practices.
.
.
Continuous Improvement: Establish a culture of continuous improvement by regularly reviewing
and updating security measures based on evolving threats, technologies, and business
requirements. This includes conducting post-incident reviews, lessons learned sessions, and
proactive security testing and assessments.
.

13.
Explain cyber law. Please explain about the importance and areas of cyber law.
14.
Define Corporate social responsibility. Why is it essential for organizations to peruse CSR.
Group C
Attempt any 6 questions (6*5)
30 Marks
15.
Write short notes on:
a.
Ethics
b.
Computer Exploits
16.
Define ethics and explain few ethical issues in business world.
17.
What are the different laws relating to cyber law.
18.
Imagine you are working in an organization. While working your organization become a
victim
of cyber-attack and now how will you respond to a cyber-attack?
19.
Write short note on Freedom of Expression.
20.
What is Privacy Protection? Which law protects the privacy of Nepalese people?
21.
Write short note on meaning and types of Professional Organiz