1. Define Information Security.
It is a well-informed sense of assurance that the information risks and controls are in balance.
2. What is Security?
Security is “the quality or state of being secure-to be free from danger”.
3. What are the multiple layers of Security?
4.What are the characteristics of CIA triangle?
5.What are the characteristics of Information Security?
6.What is E-mail Spoofing?
It is the process of sending an e-mail with a modified field.
7. What is UDP Packet Spoofing?
User Data Protocol (UDP) Packet Spoofing enables the attacker to get unauthorized access to data stored on computing systems.
8.What are the measures to protect the confidentiality of information?
Secure document storage
Application of general Security Policies.
Education of information end-users
9. What is Utility of information?
Utility of information is the quality or state of having value for some purpose or end.
10. What are the components of information system?
11. What are the functions of Locks & Keys?
Locks & Keys are the traditional tools of physical security, which restricts access to, and interaction with the hardware components of an information system.
12. What is Network Security?
It is the implementation of alarm and intrusion systems to make system owners aware of ongoing compromises.
13. Differentiate Direct and Indirect attacks. Direct Attack
It is when a hacker uses his personal computer to break into the system
Originate from the threat itself
It is when a system is compromised and used to attack other systems, such as in a distributed denial of service attack.
Originate from a system or resource that itself has attacked & it is malfunctioning or working under the control of a threat.
14.What is SDLC?
The Systems Development Life Cycle is a methodology for the design and implementation of an information system in an organization.
15. What is a methodology?
Methodology is a formal approach to solve a problem based on a structured sequence of procedures.
16.What are the phases of SDLC Waterfall method?
Maintenance & change.
17.What is enterprise Information Security Policy?
This policy outlines the implementation of a security program within the organization.
18. What is Risk Management?
It is the process of identifying, assessing and evaluating the levels of risk facing the organization.
19.What are the functions of Information Security?
Protects the organization’s ability to function
Enables the safe operation of applications implemented on the organizations IT systems.
Protects the data the organization collects and uses.
Safeguards the technology assets in use at the organization.
20.What is PKI?
Public Key Infrastructure is an integrated system of software, encryption methodologies and legal agreements that can be used to support the entire information infrastructure of an organization.
21. What is the use of Digital Certificates?
Digital Certificates are used to ensure the confidentiality of Internet Communications and transactions.
22. What is Firewall?
Firewall is a device that keeps certain kinds of network traffic out of a private network.
23. What are caching network appliances?
Caching network appliances are devices that store legal copies of Internet contents such as WebPages that are frequently referred to by employees.
24. What are appliances?
Appliances display the cached pages to users rather than accessing pages from the server each time.
25 .What is Security? What are the security layers ,a successful organization should have?
Security-“The quality or state of being secure--to be free from danger”
To be protected from adversaries
Physical Security – to protect physical items,objects or areas of organization from unauthorized access and misuse
Personal Security – involves protection of individuals or group of individuals who are authorized to access the organization and its operations
Operations security – focuses on the protection of the details of particular operations or series of activities.
Communications security– encompasses the protection of organization’s
communications media ,technology and content
Network security – is the protection of networking components,connections,and contents
Information security – is the protection of information and its critical elements, including the systems and hardware that use ,store, and transmit the information
ü security is defined as “the quality or state of being secure—to be free from danger.”
ü Integrity means that data cannot be modified without authorization.
Components of an Information System
Subject of an attack
ü Computer is used as an active tool to conduct the attack.
Object of an attack
ü Computer itself is the entity being attacked
When a Hacker uses his personal computer to break into a system.[Originate from the threat itself]
ü When a system is compromised and used to attack other system.
[Originate from a system or resource that itself has been attacked, and is malfunctioning or working under the control of a threat].
SDLC is a methodology for the design and implementation of an information system in an organization.
Work with the information to perform their daily jobs supporting the mission of the organization.
An attack is an intentional or unintentional attempt to cause damage to or otherwise compromise the information and /or the systems that support it.
Risk is the probability that something can happen. In information security, it could be the probability of a threat to a system.
It is the plan for the implementation of new security measures in the organization. Sometimes called a frame work, the blueprint presents an organized approach to the security planning process.
A security model is a collection of specific security rules that represents the implementation of a security policy.
A threat is a category of objects, persons, or other entities that pose a potential danger to an asset. Threats are always present.
ü A threat agent is the specific instance or component of a threat.