1.

Why do employees constitute one of the greatest threats to information

security?(Make it short)
Employees are the greatest threats since they are the closest to the
organizational data and will have access by nature of their assignments.
They are the ones who use it in everyday activities, and employee mistakes
represent a very serious threat to the confidentiality, integrity, and
availability of data. Employee mistakes can easily lead to the revelation of
classified data, entry of erroneous data, accidental deletion or modification
of data, storage of data in unprotected areas, and failure to protect
information.

2. What is residual risk?

Residual risk is the risk that remains in place after security measures and
controls have been put into place.

3. What are the five elements of a business impact analysis?

● Executive Sponsorship
● Understanding the Organization
● BIA Tools
● BIA Processes and
● BIA Findings.

4. How is static filtering different from dynamic filtering of packets? Which is

perceived to offer improved security?
Static vs dynamic filtration

• Dynamic filters are always opening and closing whereas Static filters
remain open or close until the setting is changed manually.
• Dynamic filters are created through the policy of the network so as to
close or open the IP ports according to the need of the network. Static
filters are created through wizard.

• Dynamic filtration is very common for every network whereas Static

filtration is used for very special networks.

5. How does a padded cell system differ from a honeypot?

A padded cell is a honey pot that has been protected so that it cannot be
easily compromised. In other words, a padded cell is a hardened honey
pot. In addition to attracting attackers with tempting data, a padded cell
operates in tandem with a traditional IDS. When the IDS detects attackers,
it seamlessly transfers them to a special simulated environment where they
can cause no harm—the nature of this host environment is what gives the
approach its name, padded cell.

6. What is a vulnerability scanner? How is it used to improve security?

Vulnerability scanners are automated tools that allow organizations to
check if their networks, systems and applications have security
weaknesses that could expose them to attacks.
It is used to improve security by reporting security fixes or missing service
packs, identifies malware as well as any coding flaws, and monitors remote
access.

7. What is network footprinting and fingerprinting?

Fingerprinting (also known as Footprinting) is the art of using that
information to correlate data sets to identify network services, operating
system number and version, software applications, databases,
configurations and more.

The purpose is to accumulate as much information as possible, including

the target’s platform, application software technology, backend database
version, configurations, and possibly even the network’s architecture/
topology.
8. What are the three basic operations in cryptography?
Encrypting, decrypting, and hashing are the three basic operations in
cryptography.

9. What are the six components of PKI?

● public key.
● private key.
● Certificate Authority.
● Certificate Store.
● Certificate Revocation List.
● Hardware Security Module.

10. What are six major characteristics of Information?

● Availability/accessibility.
● Accuracy.
● Reliability or objectivity. ...
● Relevance/appropriateness. ...
● Completeness. ...
● Level of detail/conciseness. ...

11. What is risk management? Why is the identification of risks, by listing

assets and their vulnerabilities, so important to the risk management
process? Explain different Risk control strategies?
Risk control strategies
Apply safeguards (avoidance)
Transfer the risk (transference)
Reduce impact (mitigation)
Understand consequences and accept risk (acceptance)
12. What are different continuity/contingency plans? How do you determine
when to use which plan?
Unfortunately for managers, however, the probability that some form of
attack will occur, whether from inside or outside, intentional or accidental,
human or nonhuman, annoying or catastrophic factors, is very high.
Thus, managers from each community of interest within the organization
must be ready to act when a successful attack occurs.
13 a. How do screened host architectures for firewalls differ from screened
subnet firewall architectures? Which of these offers more security for the
information assets that remain on the trusted network?
b. How does a signature-based IDPS differ from an anomaly-based DPS?

14. Compare Private Key cryptography with Public Key cryptography.

Explain Aes?
Cryptography​ is the science of secret writing with the intention of keeping
the data secret. Cryptography is classified into symmetric cryptography,
asymmetric cryptography and hashing.

Private Key​:
In Private key, the same key (secret key) is used for encryption and
decryption. This key is symmetric because the only key is copied or shared
by another party to decrypt the ciphertext. It is faster than the public key
cryptography.

Public Key​:

In Public key, two keys are used one key is used for encryption and
another key is used for decryption. One key (public key) is used for
encrypting the plain text to convert it into cipher text and another key
(private key) is used by receiver to decrypt the cipher text to read the
message.
The more popular and widely adopted symmetric encryption algorithm likely
to be encountered nowadays is the Advanced Encryption Standard (AES).
It is found at least six times faster than triple DES.

A replacement for DES was needed as its key size was too small. With
increasing computing power, it was considered vulnerable against
exhaustive key search attacks. Triple DES was designed to overcome this
drawback but it was found slow.

The features of AES are as follows −

● Symmetric key symmetric block cipher

● 128-bit data, 128/192/256-bit keys
● Stronger and faster than Triple-DES
● Provide full specification and design details
In present day cryptography, AES is widely adopted and supported in both
hardware and software. Till date, no practical cryptanalytic attacks against
AES have been discovered. Additionally, AES has built-in flexibility of key
length, which allows a degree of ‘future-proofing’ against progress in the
ability to perform exhaustive key searches.

15. What is the difference between digital signatures and digital

certificates? Explain signing and verification process of digital signature?

Digital Signature

A digital signature is a technique that verifies the authenticity of the digital

document in which particular code is attached to the message that acts as
a signature. Hash of the message is utilized for the creation of the message
and after that message is encrypted with the sender’s private key. The
signature ensures the source and integrity of the message.
Digital Certificate

A Digital Certificate is simply a computer file which helps in establishing

your identity. It officially approves the relation between the holder of the
certificate (the user) and a particular public key. Thus, a digital certificate
should include the user name and the user’s public key. This will prove that
the certain public key is owned by a particular user.
16. a.What are the types of password attacks? What can a systems
administrator do to protect against them?

Dictionary attack

An attack that takes advantage of the fact people tend to use common
words and short passwords. The hacker uses a list of common words, the
dictionary, and tries them, often with numbers before and/or after the
words, against accounts in a company for each username.

Brute force

Using a program to generate likely passwords or even random character

sets. These attacks start with commonly used, weak passwords like
Password123 and move on from there. The programs running these
attacks usually try variations on upper and lowercase characters, as well.

Traffic interception

In this attack, the cyber criminal uses software such as packet sniffers to
monitor network traffic and capture passwords as they’re passed. Similar to
eavesdropping or tapping a phone line, the software monitors and captures
critical information.

Man In the Middle

In this attack, the hacker’s program doesn’t just monitor information being
passed but actively inserts itself in the middle of the interaction, usually by
impersonating a website or app. This allows the program to capture the
user’s credentials and other sensitive information, such as account
numbers, social security numbers, etc.

Keylogger attack

A cyber criminal manages to install software that tracks the user’s

keystrokes, enabling the criminal to gather not only the username and
password for an account but exactly which website or app the user was
logging into with the credentials.
Social engineering attacks

Social engineering attacks refers to a broad range of methods to obtain

information from users. Among the tactics used are:

● Phishing—Emails, texts, etc. sent to fool users into providing their

credentials, clicking a link that installs malicious software, or going to
a fake website.
● Spear phishing—Similar to phishing but with better crafted, tailored
emails/texts which rely on information already gathered about the
users. For example, the hacker may know that the user has a
particular type of insurance account and reference it in the email or
use the company’s logo and layout to make the email seem more
legitimate.
● Baiting—Attackers leave infected USBs or other devices in public or
employer locations in the hopes they will be picked up and used by
employees.
● Quid quo pro—The cyber criminal impersonates someone, like a
helpdesk employee, and interacts with a user in a way that requires
getting information from them.

b. What is the difference between a denial-of-service attack and a

distributed denial-of-service attack? Which is more dangerous? Why?
DDos is more dangerous because DDos attack is faster than Dos Attack.
Can be blocked easily as only one system is used. It is difficult to block this
attack as multiple devices are sending packets and attacking from multiple
locations. In DOS Attack only a single device is used with DOS Attack
tools.

17. Write short notes on

a. PDCA Cycle for ISO27001 based Information Security management
System (ISMS) implementation.

ISO/IEC 27001:2013 (also known as ISO27001) is the international

standard that sets out the specification for an information security
management system (ISMS). Its best-practice approach helps
organisations manage their information security by addressing people and
processes as well as technology.
PDCA is the framework of many IT management standards. The ISO
2700x family of standards for information security management is an
implementation of PDCA that is very relevant for privacy management.

In the Plan phase, the business objectives are identified. Management

support is obtained, the scope of the ISMS is defined. Risk analysis
methods are chosen, and an appropriate inventory of assets at risk with
ranked risk assessments is produced.

1. The Do phase manages the risks by generating a treatment plan for

the risks, by allocating budgets, training staff and by the creation of
policies.
2. The Check phase monitors the implementation of the security
management activities, and possibly prepares for the certification of
its results.
3. The Act phase carries our re-assessment audits that evaluate the
overall outcome of the corrective actions and the initiates a new
round of the cycle with corrective input, if necessary.

b. Factors of Authentication
One of the first steps of access control is the identification and
authentication of users. There are three common factors used for
authentication:

● Something you know (such as a password)

The ​something you know​ factor is the most common factor used and
can be a password or a simple personal identification number (PIN).
However, it is also the easiest to beat.

● Something you have (such as a smart card)

The ​something you have​ factor refers to items such as smart cards or
hand-held tokens. A smart card is a credit-card sized card that has an
embedded certificate used to identify the holder. The user can insert
the card into a smart card reader to authenticate the individual.
● Something you are (such as a fingerprint or other biometric method)

Biometric methods provide the ​something you are a factor​ of

authentication. Some of the biometric methods that can be used are
fingerprints, hand geometry, retinal or iris scans, handwriting, and
voice analysis.