THEORY EXAMINATION (SEM–VI) 2016-17 INFORMATION SECURITY AND CYBER LAWS

INFORMATION SECURITY AND CYBER LAWS (EIT505)

SECTION – A

(Attempt All | 10 × 2 = 20 Marks)

(a) Need of Digital Signature

A digital signature is used to ensure authentication, integrity, and non-repudiation of electronic documents. It confirms that the message is sent by a genuine sender and has not been altered.

(b) Difference Between Worm and Virus

A virus requires a host file and spreads by user action, whereas a worm is a self-replicating program that spreads automatically over networks without human intervention.

(c) Trojan Horse

A Trojan horse is a malicious program disguised as legitimate software. It does not replicate itself but creates backdoors or steals sensitive information.

(d) Need of Information Security

Information security protects data from unauthorized access, misuse, disclosure, modification, or destruction, ensuring confidentiality, integrity, and availability.

(e) Database Security

Database security refers to protecting databases from unauthorized access, data breaches, and cyber-attacks using access control, encryption, and auditing techniques.

(f) Importance of Cyber Security

Cyber security protects systems, networks, and data from cyber threats, financial loss, identity theft, and ensures trust in digital systems.

(g) Encryption

Encryption is the process of converting plaintext into ciphertext using an algorithm and key to protect data from unauthorized access.

(h) Why Information Security Is Needed

Information security is needed to protect sensitive data, maintain privacy, prevent data loss, and ensure business continuity.

(i) Security Issues in Hardware

Hardware security issues include physical theft, tampering, hardware Trojans, side-channel attacks, and lack of proper access control.

(j) Symmetric vs Asymmetric Key Algorithms

Symmetric key algorithms use the same key for encryption and decryption, while asymmetric key algorithms use public and private key pairs.

SECTION – B

(Attempt Any Five | 5 × 10 = 50 Marks)

(a) Firewall and Its Types

A firewall is a security system that monitors and controls incoming and outgoing network traffic based on predefined rules.

Types of Firewalls:                                   Packet Filtering Firewall

Stateful Inspection Firewall                        Application-Level Gateway

Circuit-Level Gateway                                Next-Generation Firewall

Firewalls protect networks from unauthorized access and attacks.

(b) CCTV and Its Applications

Closed-Circuit Television (CCTV) is used for surveillance and monitoring.

Applications:                                            Security monitoring

Crime prevention                                       Traffic control

Workplace safety                                        Public area surveillance

(c) Application Development Security

Application development security involves integrating security practices throughout the software development life cycle (SDLC).
It includes secure coding, input validation, authentication, authorization, testing, and vulnerability assessment to prevent attacks like SQL injection and XSS.

(d) Information Security Governance and Risk Management

Information security governance defines policies, roles, and responsibilities for protecting information assets.
Risk management involves identifying threats, assessing risks, implementing controls, and continuous monitoring to reduce security risks.

(e) Ethical and Legal Issues in Software Piracy

Software piracy involves unauthorized copying or distribution of software.
Ethical issues include violation of intellectual property rights, while legal issues include penalties, fines, and imprisonment under copyright laws.

(f) Steps in Developing an Information System

Steps include:                                                 Requirement analysis

System design                                                Development

Testing                                                            Implementation

Maintenance

Security considerations must be included at every stage.

(g) Security Architecture and Design

Security architecture defines the structure of security controls such as firewalls, IDS, authentication mechanisms, and encryption systems.
A layered approach ensures defense-in-depth and minimizes security risks.

(h) Physical Security and Its Basic Tenets

Physical security protects hardware, buildings, and people.

Basic Tenets:                                                Access control

Surveillance                                                   Environmental controls

Alarm systems                                               Physical barriers

SECTION – C

(Attempt Any Two | 2 × 15 = 30 Marks)

3) Security Threats to E-Commerce

E-commerce systems face threats such as:    Phishing

Identity theft                                                   Credit card fraud

Malware attacks                                              Denial of Service (DoS)

Man-in-the-middle attacks

Types of Threats:                                           Technical threats

Financial threats                                               Privacy threats

Legal threats

Security measures include encryption, digital signatures, SSL, firewalls, and secure payment gateways.

4) Provisions of IT Act, 2000

Key Provisions:

Legal recognition of electronic records and digital signatures          Regulation of Certifying Authorities

Cyber crimes and penalties                                                                Data protection and privacy

Adjudication and appellate tribunals

Advantages:                                                                          Promotes e-commerce

Provides legal framework for cyber activities                         Enhances trust in digital transactions

Limitations:

Limited coverage of emerging cyber crimes                          Jurisdictional issues

Need for regular updates

5) Short Notes

(i) WWW Policy

Defines acceptable use, access control, and security guidelines for web resources.

(ii) E-mail Security Policy

Specifies rules for email usage, spam control, encryption, and protection against phishing.

(iii) Information Security Process

Includes risk assessment, implementation of controls, monitoring, and continuous improvement.

(iv) Patent Law

Protects inventions and grants exclusive rights to inventors for a fixed period.

(v) Copyright Law

Protects original literary, artistic, and software works from unauthorized use or copying