CW3551

DATA AND INFORMATION SECURITY

 COURSE OUTCOMES

At the end of this course, the students will be able to:

CO1 Understand the basics of data and information security

CO2 Understand the legal, ethical and professional issues in information security.
Understand the various authentication schemes to simulate different
CO3
applications
CO4 Understand various security practices and system security standards

CO5 Understand the Web security protocols for E-Commerce applications

TEXT BOOKS

1. Michael E Whitman and Herbert J Mattord, “Principles of Information Security, Course

Technology, 6th Edition, 2017.
2. Stallings William. Cryptography and Network Security: Principles and Practice, Seventh
Edition, Pearson Education, 2017.

REFERENCE BOOKS

1. Harold F. Tipton, Micki Krause Nozaki,, “Information Security Management Handbook,

Volume 6, 6th Edition, 2016.
2. Stuart McClure, Joel Scrambray, George Kurtz, “Hacking Exposed”, McGraw- Hill,
Seventh Edition, 2012.
3. Matt Bishop, “Computer Security Art and Science, Addison Wesley Reprint Edition,
2015.
4. Behrouz A Forouzan, Debdeep Mukhopadhyay, Cryptography And network security,
3rd Edition, . McGraw-Hill Education, 2015.
 UNIT I
INTRODUCTION

PART - A

Q. CO
Questions BT Level Complexity
No Mapping
1. What is information security? CO1 Understand Medium
What are the critical characteristics of
2. CO1 Understand Medium
information?
3. Define NSTISSC security model. CO1 Remember Low
What are the main components of an
4. CO1 Understand Medium
information system?
How do you secure the components of an CO1 Understand Medium
5.
information system?
Differentiate balance between security and
6. CO1 Understand Medium
access.
Define the Security SDLC and explain its
7. CO1 Remember Low
importance in information security.
What is the role of the SDLC in maintaining
8. CO1 Understand Medium
information security throughout development?
Differentiate the relationship between
9. CO1 Understand Medium
information security and system design.
What are the key goals when balancing security
10. CO1 Understand Medium
and access in an information system?
Why the need for a strong security model in an CO1 Understand Medium
11.
organization.
What are the steps involved in securing each
12. CO1 Understand Medium
component of an information system?
How can the SDLC framework contribute to
13. CO1 Understand Medium
information security practices?
What are some challenges in balancing security
14. CO1 Understand Medium
with user accessibility?
How does the SDLC security model differ from
15. CO1 Understand Medium
the traditional SDLC?
 PART - B
Q. CO
Questions BT Level Complexity
No Mapping
Discuss the evolution of information security
1. CO1 Understand Medium
and its importance in modern systems.
What is Information Security? Explain its
2. CO1 Understand Medium
significance in today’s digital world.
Explain the critical characteristics of
3. information in the context of information CO1 Understand Medium
security.
Describe the NSTISSC Security Model and
4. how it ensures the confidentiality, integrity, CO1 Understand Medium
and availability of data.
Illustrate briefly about SDLC waterfall
5. Methodology and its relation in respect to CO1 Analyze High
information security.
Explain about the CIA (or) Infer about
6. information security project team and CO1 Understand Medium
NSTISSC Security Moel.
Analyze the methodology which plays major
role in the implementation of information CO1 Analyze High
7.
security.How does a methodology improve the
process?
Explain about critical characteristics of an
8. CO1 Understand Medium
information Security.
 UNIT II

SECURITY INVESTIGATION

PART - A
Q. CO
Questions BT Level Complexity
No Mapping
Why is security a fundamental need for
1. CO2 Understand Medium
modern organizations?
What are the major legal issues related to
2. CO2 Understand Medium
information security?
How do ethical issues impact information CO2 Understand Medium
3.
security policies?
What are some key threats to computer
4. CO2 Understand Medium
systems and how can they be mitigated?
What is a Security Policy and why is it
5. CO2 Understand Medium
essential in organizations?
Differentiate between confidentiality,
6. CO2 Understand Medium
integrity, and hybrid security policies.
How do security policies differ for different
7. CO2 Understand Medium
types of sensitive data?
What is the role of professional ethics in
8. CO2 Understand Medium
ensuring information security?
How do confidentiality policies differ from
9. CO2 Understand Medium
integrity policies in information security?
What are the potential consequences of legal
10. CO2 Understand Medium
and ethical violations in information security?
11. Define Private and Public Law. CO2 Remember Low
12. Mention the types of Law. CO2 Remember Low
 PART - B
Q. CO
Questions BT Level Complexity
No Mapping
Illustrate which management groups are
responsible for implementing information
security to protect the organization’s ability to
1. function. Depict Access control architecture
CO2 Analyze High
for e-commerce Company by assuming roles
and responsibilities. List and explain about
the Computer security policies.
2. Describe the types of computer security. CO2 Understand Medium
Illustrate the types of attacks and threats of
3. CO2 Analyze High
an information system.
Explain about the Laws, ethical and
4. CO2 Understand Medium
professional issues.
How do hybrid policies combine elements of
5. CO2 Understand Medium
confidentiality and integrity?
Analyze how legal, ethical, and professional
6. issues impact the design of security policies CO2 Analyze High
in organizations.
Analyze the Access Control Matrix model
7. and its application in securing information CO2 Analyze High
systems.
Examine the role of business needs in shaping
8. CO2 Analyze High
an organization’s security policies.
Discuss the ethical implications of inadequate
9. CO2 Understand Medium
security measures in organizations.
 UNIT III
DIGITAL SIGNATURE AND AUTHENTICATION

PART - A
Q. CO
Questions BT Level Complexity
No Mapping
What is a digital signature and how does it
1. CO3 Understand Medium
work?
What are the requirements of a good
2. CO3 Understand Medium
authentication protocol?
What is the process of generating a digital
3. CO3 Understand Medium
signature?
How does X.509 directory service work in
4. CO3 Understand Medium
authentication?
What is Kerberos and how does it provide
5. CO3 Understand Medium
secure authentication?
What are the main differences between digital
6. CO3 Understand Medium
signature standards (DSS)?
What is the role of hashing algorithms in
7. CO3 Understand Medium
digital signatures?
List the application of digital signatures in e-
8. CO3 Remember Low
commerce.
How authentication is performed using X.509
9. CO3 Understand Medium
certificates?
What is the role of authentication in securing
10. CO3 Understand Medium
sensitive information?
 PART - B
Q. CO
Questions BT Level Complexity
No Mapping
Describe digital signature algorithm and
1. show how signing and verification is done CO3 Understand Medium
using DSS. Provide example for the same.
Explain the format of the X.509 certificate.
2. Provide any one real time case study for the CO3 Understand Medium
use of X.509.
Explain about the MAC and HMAC
3. CO3 Understand Medium
algorithm.
4. Describe the MD5 and SHA algorithm. CO3 Understand Medium
Explain in detail about the working principle
5. of Kerberos (or) Applications of digital CO3 Understand Medium
signature.
Examine the role of business needs in
6. CO3 Analyze High
shaping an organization’s security policies
Analyze the Access Control Matrix model
7. and its application in securing information CO3 Analyze High
systems
How do hybrid policies combine elements of
8. CO3 Understand Medium
confidentiality and integrity?
 UNIT IV

E-MAIL AND IP SECURITY

PART - A
Q. CO
Questions BT Level Complexity
No Mapping
What is PGP? and how does it secure email
1. CO4 Understand Medium
communications?
2. What is the role of key management in PGP?. CO4 Understand Medium
How does the S/MIME standard ensure secure CO4 Understand Medium
3.
email communication?
What are the ESP and AH protocols in IP
4. CO4 Understand Medium
security?
How does IPSec provide end-to-end security
5 CO4 Understand Medium
for IP communication?
6. Draw an architecture of IPSec. CO4 Create High
What are the main differences between the
7. CO4 Understand Medium
ESP and AH protocols?
What is the concept of a security association
8. CO4 Understand Medium
in IPSec?
9. How does key management function in IPSec? CO4 Understand Medium

10. Define trust model in PGP. CO4 Remember Low

What are the main challenges in securing
11. CO4 Understand Medium
email communications?
What is the role of email security in ensuring
12. CO4 Understand Medium
data confidentiality?
Mention the benefits and limitations of
13. CO4 Remember Low
S/MIME in email security.

PART - B
Q. CO
Questions BT Level Complexity
No Mapping
Discuss the architecture of email security and
1. the importance of encryption in email CO4 Understand Medium
communication.
Explain the PGP (Pretty Good Privacy)
2. protocol and its role in securing email CO4 Understand Medium
communications.
How does key management in PGP impact its
3. CO4 Understand Medium
overall security?
Explain the trust model in email security and
4. its importance in ensuring secure CO4 Understand Medium
communication.
Discuss the S/MIME protocol and its role in
5. CO4 Understand Medium
email security.
Describe the ESP and AH protocols in IPSec
6. CO4 Understand Medium
and their role in ensuring IP security.
Explain the modes of IPSec and their
7. CO4 Understand Medium
application in securing IP communication.
Discuss the concept of a security association
8. CO4 Understand Medium
in IPSec and its significance.
 UNIT V

WEB SECURITY

PART - A
Q. CO
Questions BT Level Complexity
No Mapping
What are the primary objectives of Secure
1. CO5 Understand Medium
Sockets Layer (SSL)?
How does SSL establish a secure
2. CO5 Understand Medium
communication channel?
What is the role of SSL in e-commerce
3. CO5 Understand Medium
transactions?
What is the role of secure electronic
4. CO5 Understand Medium
transactions (SET) in online payments?
How does SET ensure secure online
5. CO5 Understand Medium
transactions?
What entities are involved in SET
6. CO5 Understand Medium
processing?
7. What is SET? CO5 Understand Medium

8. Define Transport Layer Security (TLS). CO5 Remember Low

How is SSL used to protect web applications
9. CO5 Understand Medium
from security vulnerabilities?
What role does SSL play in securing online Understand Medium
10. CO5
communications for e-commerce sites?
List the advantages and limitations of SSL in
11. CO5 Remember Low
securing web communication.
How does the SET model contribute to
12. CO5 Understand Medium
consumer trust in e-commerce transactions?
 PART - B
Q. CO
Questions BT Level Complexity
No Mapping
1. Discuss about Concepts of Web Security. CO5 Understand Medium
Explain about SSL architecture and SSL CO5 Understand Medium
2.
secure Communications protocols.
How has the perception of the hacker
changed over recent years? Compose the
3. profile of a hacker today by depicting the CO5 Understand Medium
violated techniques, algorithms and security
protocols.
Describe the working of SET with neat
4. diagrams and elaborate its role in transaction CO5 Understand Medium
Processing.
How do Secure Sockets Layer (SSL) and
5. Transport Layer Security (TLS) ensure CO5 Understand Medium
secure communication?
Discuss the architecture and objectives of
6. CO5 Understand Medium
SSL in the context of web security.
Analyze how Transport Level Security (TLS)
7. improves over SSL in securing web CO5 Analyze Medium
transactions.
 THANK YOU
ALL THE BEST