TWO MARKS

1. Define Information security.2. What are the critical characteristics of information?3. What are the components of an information system?4. What are the approaches used for implementing Information security?5. What are the three types of data ownership and their responsibilities?6. What are threats?7. What is a malicious code?8. What is the difference between a threat agent and a threat?9. What is the difference between vulnerability and exposure?10.What is Security SDLC?11.What is the process of Risk Identification?12.How information assets are classified?13.Define Residual Risk.14.Define Policy.15.What is the Sphere of protection?16.What is security Perimeter?17.What are the different types of Access Control?18.What are the Firewall tools?19.What are the objectives of ISO 177799?20.What are the different types of Intrusion Detection Systems?21.What are Honey pots, Honey nets and Padded cell Systems?22.Define Information Security and trace its history.23.Explain NSTISSC security model with a diagram.24.What are the threats to Information Security? 25.Who is a hacker? Differentiate unskilled hacker from Expert hackers.26.What are the components of Risk Management?

1. Explain in detail the critical characteristics of Information Security.2. Explain in detail Security System Development Life Cycle.3. Explain in detail about threats and attacks.

4. Discuss in detail the Legal, Ethical and Professionalism issues during

security investigation. 5. What is risk Management?.State the methods of identifying and assessing 6. risk management. 7. Discuss in detail the process of assessing and controlling risk management

issues.8. What is Contingency Planning? Explain the major steps in Contingency

Planning.9. Compare and contrast the ISO 17700 with BS7799 NIST security models.

Briefly explain the NIST Security Model Explain Cryptography and Access Control Devices in detail.

10. Explain IDS in detail.11. Explain Scanning and Analysis Tools.