Scribd
Upload
52 views4 pages

Unit 5 Test QP ESSS

This document is a test question paper for the course CB3591 – Engineering Secure Software Systems for the academic year 2025-2026. It consists of two parts: Part A with five short answer questions and Part B with two detailed questions, covering topics such as secure project management, security frameworks, and governance in software projects. The total marks for the test are 25, with a time limit of 75 minutes.

Uploaded by

mohanapriya
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
52 views4 pages

Unit 5 Test QP ESSS

This document is a test question paper for the course CB3591 – Engineering Secure Software Systems for the academic year 2025-2026. It consists of two parts: Part A with five short answer questions and Part B with two detailed questions, covering topics such as secure project management, security frameworks, and governance in software projects. The total marks for the test are 25, with a time limit of 75 minutes.

Uploaded by

mohanapriya
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd

DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING (CS)

UNIT 5 TEST QUESTION


Academic Year 2025-2026 (Odd Semester)

Course Code/Name: CB3591 – Engineering Secure Software Systems Date: 01.11.2025


Year/Semester: III /V Total: 25 Marks
Time: 75 Minutes

ANSWER ALL QUESTIONS PART A (5X2=4)

S.No Questions Level CO


1. What are the key objectives of secure project management? UN 5
2. List the benefits of adopting a security framework. RE 5
3. Define maturity of practices. RE 5
4. What is the role of security policy in project management? UN 5
5. Mention the significance of stakeholders involvement in UN 5
secure project management or development.
ANSWER ALL QUESTIONS PART B (1X15=15)

1. Explain the key components of an enterprise software security AN 5


framework. How can an organization adopt such a framework?
(8)

2. Explain the role of governance in secure software projects. AN 5


How does effective governance contribute to overall software
security? (7)
Signature with Date HoD/CSE(CS)

DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING (CS)


UNIT 5 TEST QUESTION
Academic Year 2025-2026 (Odd Semester)

Course Code/Name: CB3591 – Engineering Secure Software Systems Date: 01.11.2025


Year/Semester: III /V Total: 25 Marks
Time: 75 Minutes

ANSWER KEY

PART A – (5 × 2 = 10 Marks)

1. What are the key objectives of secure project management?

Objectives include: (Any 2 points × 1 mark each)


• Ensuring security requirements are integrated into project planning and execution.
• Minimizing risks and vulnerabilities throughout the software development lifecycle.
• Establishing compliance with standards, policies, and regulations.
• Protecting confidentiality, integrity, and availability of project deliverables.

2. List the benefits of adopting a security framework.

Benefits include: (Any 2 points × 1 mark each)


• Provides a structured approach to managing security.
• Enhances consistency and repeatability of security practices.
• Helps in meeting regulatory and compliance requirements.
• Reduces risks and improves overall system security posture.

3. Define maturity of practices. (2 marks)

Definition: Maturity of practices refers to the level of development, efficiency, and


standardization of processes within an organization. It indicates how well processes are
documented, repeatable, optimized, and continuously improved.
4. What is the role of security policy in project management? (2 marks)

• Security policy provides guidelines and rules for protecting project assets. It defines
roles, responsibilities, acceptable practices, and standards to be followed by the project team.
5. Mention the significance of stakeholders’ involvement in secure project management.
(Any 2 points × 1 mark each)
• Ensures proper understanding of security requirements.
• Helps in resource commitment, decision-making, and resolving conflicts.
• Supports effective risk management and promotes accountability.

PART B – (1 × 15 = 15 Marks)

1. Explain the key components of an enterprise software security framework. How can an
organization adopt such a framework? (8 Marks)

Key components (Any 4 components × 1.5 marks each = 6 marks)

• Security Policies and Standards


• Risk Assessment & Threat Modeling
• Secure Development Lifecycle (SDLC) 6 marks
• Access Control & Identity Management
• Security Testing and Code Review
• Incident Response & Recovery
• Compliance and Auditing
Adoption steps (Any 2 points × 1 mark each = 2 marks)
• Conduct security gap analysis.
• Establish governance and assign roles.
2 marks
• Train development and security teams.
• Integrate security controls into SDLC.
• Continuously monitor, review, and improve.

Total = 8 Marks
2. Explain the role of governance in secure software projects. How does effective governance
contribute to overall software security? (7 Marks)
Role of governance (Any 4 points × 1 marks = 4 marks)
• Ensures alignment of security goals with business objectives.
• Establishes roles, responsibilities, and accountability. 4 marks
• Provides oversight and monitoring throughout the project lifecycle.
• Ensures compliance with standards and regulations.

Contribution to software security (Any 3 points × 1 marks = 3 marks)


• Reduces risks by enforcing security practices uniformly.
3 marks
• Ensures timely identification and mitigation of vulnerabilities.
• Promotes transparency, documentation, and decision-making.
• Improves trust and reliability of the software.

Total = 7 Marks

You might also like