(SEM V) THEORY EXAMINATION 2018-19 CYBER SECURITY

CYBER SECURITY (RUC-501)

B.Tech (SEM-V) – AKTU                                                       Time: 3 Hours  Total Marks: 70

SECTION A

(Attempt all questions in brief – 2 × 7 = 14 marks)

Q1 (a) Write a short note on the Copyright Act.

The Copyright Act provides legal protection to creators of original works such as books, software, music, films, and artistic works. It gives exclusive rights to reproduce, distribute, and display the work. In cyber security, copyright law helps protect software and digital content from piracy and unauthorized use.

Q1 (b) What do you mean by physical security for information systems?

Physical security refers to the protection of hardware, facilities, and physical infrastructure of information systems from unauthorized access, damage, or theft. It includes access control, surveillance, locks, fire protection, and environmental controls.

Q1 (c) Describe Intellectual Property Rights (IPR).

Intellectual Property Rights are legal rights that protect creations of the human mind such as inventions, software, trademarks, and artistic works. IPR encourages innovation by giving creators exclusive rights to use and commercialize their creations.

Q1 (d) Write short notes on Patent Law.

Patent law grants exclusive rights to inventors for new, useful, and non-obvious inventions for a limited period. It prevents others from making, using, or selling the invention without permission, thus promoting technological development.

Q1 (e) What do you mean by WWW policy?

WWW policy defines rules and guidelines for the acceptable use of web resources within an organization. It covers internet usage, access restrictions, content guidelines, and security measures to prevent misuse and cyber threats.

Q1 (f) Give small notes on Corporate Policy.

Corporate policy is a set of rules and guidelines defined by an organization to regulate employee behavior, data usage, security practices, and compliance. It helps maintain discipline, security, and legal compliance.

Q1 (g) Differentiate between Cyber Security and Information Security.

Cyber security focuses on protecting systems, networks, and data from cyber attacks over digital platforms.
Information security focuses on protecting information in all forms—digital, physical, or verbal—from unauthorized access and misuse.

SECTION B

(Attempt any three – 7 × 3 = 21 marks)

Q2 (a) What are the key differences between Symmetric and Asymmetric encryption?

Symmetric encryption uses the same key for encryption and decryption. It is faster and suitable for large data transfer but faces key distribution issues.
Asymmetric encryption uses a public key for encryption and a private key for decryption. It is more secure for key exchange but slower than symmetric encryption.

Q2 (b) Explain Information Security Governance in detail and process involved in Risk Management.

Information Security Governance ensures that security strategies align with organizational goals. It involves defining security policies, roles, and responsibilities.
Risk management includes risk identification, risk assessment, risk mitigation, and continuous monitoring to reduce security threats.

Q2 (c) Explain briefly about Application Development Security with guidelines.

Application Development Security ensures secure coding practices during software development. Guidelines include input validation, secure authentication, encryption, regular testing, and vulnerability assessment to prevent attacks like SQL injection and cross-site scripting.

Q2 (d) Elaborate the term Access Control. What is included in authorization process for files, programs, and data rights? Explain types of controls.

Access control restricts access to systems and data based on user identity. Authorization defines what actions a user can perform on files, programs, and data.
Types of controls include discretionary access control (DAC), mandatory access control (MAC), and role-based access control (RBAC).

Q2 (e) What do you understand by security structure (Architecture) and design?

Security architecture defines the overall structure of security controls in an organization. It includes network design, authentication mechanisms, encryption methods, and monitoring systems to ensure layered protection.

SECTION C

(Attempt any one – 7 × 1 = 7 marks)

Q3 (a) Explain Access Control in detail with its models and importance.

Access control is a fundamental security mechanism that ensures only authorized users can access resources. It involves authentication, authorization, and accountability.

Common access control models include:

Discretionary Access Control (DAC): Owner decides access rights

Mandatory Access Control (MAC): System-enforced access rules

Role-Based Access Control (RBAC): Access based on user roles

Access control prevents unauthorized access, protects sensitive data, and ensures compliance with security policies.