Attempt all the questions.
Section-A
Question1) How could Service Level Agreement (SLA) provide a safeguard for Internet or web hosting services?
Question2) Briefly describe components of an information system and their security. How would you balance security and access.
Question3) What kind of controls might be implemented by a firewall to restrict access to an Intranet from outside the network? Describe with examples.
Question4) Write brief notes on:
(a) Risk management methodology
(b)Vulnerabilities in an IT system
Section-B
Case Study:Threat Tree
Background:
Suppose there is a Social Department of Municipality of New Delhi divided into three subgroups: the Financial Section, the Children’s and Family Section and the Custody and Non-Institutional Care Section. There are about 40 employees in the organization. The major activity of social department is to investigate reports and applications directed to (IFO) Individual and Family Care to determine what contributions are needed to be made for the client. like institutional care or a contact person. There is no information security policy documented. The employees are allowed to bring laptops and their unfinished work home. As the department is handling sensitive information about e.g. addicts, incest case and recipients of social assistance, the question of the confidentiality is significant. The personnel have no education in information security. Decisions are made when a situation arises, but they are only verbal agreements. This can endanger both the integrity and confidentiality of the client. The information is a huge security concern.
What you have to do:
State any assumptions you might make. Work out an Information Threat Tree for the organization.