Scribd
Upload
37 views3 pages

IS Solutions

The document discusses key topics in information security. It begins by outlining the evolution of information security from the 1960s to the present day, focusing on emerging threats and technologies. Next, it examines fundamental security concepts like confidentiality, integrity, and availability. It then identifies critical components of information systems such as hardware, software, data, and networks. The importance of balancing security and access is explored. Finally, the document emphasizes the need for secure software development and risk assessment in modern information security.

Uploaded by

rohithatimsi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
37 views3 pages

IS Solutions

The document discusses key topics in information security. It begins by outlining the evolution of information security from the 1960s to the present day, focusing on emerging threats and technologies. Next, it examines fundamental security concepts like confidentiality, integrity, and availability. It then identifies critical components of information systems such as hardware, software, data, and networks. The importance of balancing security and access is explored. Finally, the document emphasizes the need for secure software development and risk assessment in modern information security.

Uploaded by

rohithatimsi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

UNIT -1

Short Questions (2 Marks)

1. Briefly describe the evolution of information security.

 1960s - Early Computing: Focus on securing physical locations and hardware.


 1970s - Rise of Networked Computers: Emergence of network security protocols.
 1980s - Personal Computers: Increased awareness of malware and the need for
antivirus software.
 1990s - Internet Expansion: Development of firewalls and encryption protocols.
 2000s - Cybersecurity Era: Emphasis on data protection laws, identity theft, and
advanced persistent threats.
 2010s - Cloud and Mobile Computing: Focus on cloud security, mobile device
management, and IoT security.
 2020s - AI and Machine Learning: Integration of AI in threat detection and response.

2. What are the key aspects of the NSTISSC Security Model?

 Confidentiality: Protecting information from unauthorized disclosure.


 Integrity: Ensuring the accuracy and reliability of information.
 Availability: Guaranteeing timely and reliable access to information.
 Authentication: Verifying the identity of users accessing information.
 Non-repudiation: Ensuring that actions or commitments cannot be denied later.

3. Name critical components of an information system.

 Hardware: Includes servers, computers, routers, switches, and data storage devices.
 Software: Encompasses operating systems, applications, and security tools.
 Data: The core element, including databases, files, and multimedia.
 Networks: Communication systems like LAN, WAN, and the internet.
 People: Users, IT staff, and management who interact with the system.
 Processes: Procedures and policies governing the use and security of the system.

4. Why is it important to balance security and access in an information system?

 User Productivity: Excessive security measures can hinder user efficiency and
productivity.
 System Usability: Maintaining a user-friendly environment while ensuring security.
 Data Accessibility: Ensuring that data is available to authorized users when needed.
 Threat Mitigation: Balancing the need to protect against potential security threats.
 Regulatory Compliance: Meeting legal requirements without overburdening system
access.

5. Why is secure software development essential in modern information systems?


 Preventing Security Breaches: To avoid vulnerabilities that can lead to data theft or
system compromise.
 Protecting User Data: Ensuring the confidentiality and integrity of user data.
 Maintaining System Integrity: To prevent unauthorized changes or disruptions in
system functionality.
 Legal and Regulatory Compliance: Adhering to standards like GDPR, HIPAA, etc.
 Building Trust: Establishing and maintaining trust among users and stakeholders.
 Cost Efficiency: Preventing breaches can be less costly than addressing security
incidents post-development.

UNIT-2

Short Questions (2 Marks)

1. Name the major legal bodies involved in information security.

 International Bodies:
 Interpol: Facilitates international police cooperation.
 International Organization for Standardization (ISO): Develops standards like ISO/IEC
27001 for information security management.
 United States:
 Federal Trade Commission (FTC): Enforces laws against deceptive and unfair business
practices.
 National Institute of Standards and Technology (NIST): Develops cybersecurity standards
and guidelines.
 European Union:
 European Data Protection Board (EDPB): Oversees the application of the General Data
Protection Regulation (GDPR).

2. What is the role of ethics in information security?

 Trust Building: Establishes trust between users and organizations.


 Data Handling: Guides the ethical handling of sensitive and personal data.
 Decision Making: Influences ethical decision-making in security practices.
 Professional Conduct: Sets standards for professional conduct among security practitioners.
 Legal Compliance: Complements legal requirements by addressing areas not covered by law.

3. Identify the key element in the process of risk identification in information security.

 Asset Identification: Recognizing what needs protection, such as data, hardware, and software.
 Threat Recognition: Identifying potential threats that could exploit vulnerabilities.
 Vulnerability Assessment: Determining weaknesses in the system that could be exploited.
 Environmental Study: Understanding the external and internal environment that could impact
security.
4. Define the common risk control strategy used in information security.

 Preventive Controls: Aimed at preventing security incidents (e.g., firewalls, access controls).
 Detective Controls: Designed to detect and identify security incidents (e.g., intrusion detection
systems).
 Corrective Controls: Implemented to correct any issues after a security incident (e.g., patch
management).
 Deterrent Controls: Intended to discourage security violations (e.g., security policies, legal
consequences).

5. What is the main difference between quantitative and qualitative risk control practices?

 Quantitative: Involves numerical values and metrics to assess risk (e.g., statistical methods, cost-
benefit analysis).
 Qualitative: Based on subjective analysis and expert opinions (e.g., risk matrices, scenario
analysis)

6. Explain the professional issue commonly faced in the field of information security.

 Skill Gap: The industry often faces a shortage of skilled professionals.


 Rapid Technological Changes: Keeping up with fast-evolving technologies and threats.
 Ethical Dilemmas: Balancing privacy, surveillance, and security.
 Stress and Burnout: High-pressure environment leading to professional burnout.

7. What is the primary goal of risk assessment in information security?

 dentifying Potential Risks: Understanding the threats and vulnerabilities that could impact the
organization.
 Evaluating Impact and Likelihood: Assessing the potential impact and likelihood of identified
risks.
 Prioritizing Risks: Determining which risks need immediate attention and resources.
 Informing Risk Mitigation Strategies: Guiding the development of strategies to mitigate or
accept risks.

You might also like