Attempt all the questions.

Section-A

Question1) Write brief notes on:

a)  VISA Security Model

b)  RADIUS and TACACS.

c)  CISO

Question2) Describe in detail the cryptography and encryption based solutions.

Question3)a) What do you understand by top-down approach to security implementation? Give its advantages.

b) What is Cost Benefit Analysis?

Question4) What is Intrusion Detection Systems (IDS). Describe different reasons for using IDS and various terminologies associated with IDS.

Section-B

Case Study: INFORMATION SECURITY MANAGEMENT

The following case material contains excerpts of some burning issues relating to information security concerns by several stakeholders.
Using banking industry as a point of reference, detail how you will, as a consultant whose services have been engaged for five (5) weeks, create a comprehensive security plan, which addresses several concerns and at the same time transform your client’s organisation into a more customer driven organisation under girded by the robust security system.

Issues to address should not only include information management concepts and tools, but also look at governance and standards, business continuity, leadership and compliance among others. References must be made to current best/good practices in other organisations, particularly banks and other finance-related establishments like insurance, mortgage and fund management firms.

A full professional report must be produced at the end of this consultancy exercise.

Call centre workers in Bristol who face-having jobs transferred to India have voted to go on strike.

The workers, who deal with Direct Debits for the TV Licence Authority, are taking action over plans by Capita to transfer 35 jobs.
Capita won franchise to operate call centres in Temple Street and the Pithay in the city in 2002.

The Communications Workers Union said it wanted talks with Capita. The strike would be held in the week of 22 January.
Banking information

Communication Workers Union spokesman Kevin Beazer told BBC News: "It's about 35 jobs but they won't give any commitment that there will not be further work going abroad.

“We've tried to move this forward but now members have balloted 96% to take industrial action.
"We do not feel people's personal banking information would be secure in India."

Nationwide building society says it is tightening security after theft of an employee's laptop containing customer information.
Security experts have raised fears that company's 11m customers can have been put at risk of …..

WASHINGTON - State Department employees snooped through passport files of three presidential candidates — Sens. Barack Obama, Hillary Rodham Clinton and John McCain — and department's inspector general is investigating.

State Department spokesman Sean McCormack said violations of McCain and Clinton's passport files were not discovered until Friday, after officials were made aware of the unauthorized access of Obama's records and separate search was conducted.
The incidents raise questions ……

Two new payment systems remove risk of giving credit card details online, but if the banks will not play ball the hackers would pounce
Two new systems claim to make it easier and safer to shop online, by letting you pay for goods directly from your bank account without having to hand over card details. But experts are warning consumers not to be "lulled into a false sense of security".

The POLi and eWise systems, launched this month, offer option to pay directly from bank account at supporting online retailers' checkout pages. Shoppers selecting the option are automatically taken to their bank's log-in page where, after they have manually logged in, a page appears on which the necessary payment fields are "pre-populated" with the correct amount and the retailer's bank account details.
Once the consumer has accepted the purchase, the funds are transferred and the retailer is given a confirmation code so they can ship the goods.

Without access to the banks, the crux of the potential security risk each system poses is that users need to download software to allow POLi and eWise to fill out payment forms on their behalf. While POLi requires users to download a Microsoft .Net application for the payment, eWise requires users to download an ActiveX program (which will only run in Internet Explorer, on Windows).
Systematic Failings

Few dispute the fact that the loss of two CDs holding 25m child benefit records, followed by 3m learner drivers' details has far-reaching implications for the transformational government programme. The erosion of trust in the security of public sector IT has dampened, if not eroded, fervor among officials and acceptance by the public of the need for large-scale  data sharing.

A full professional report should be produced at the end of this consultancy exercise. In addition to the above case material and scenarios, you are expected to do the following:

Provide an evaluative account of information management practices in the financial services sector, in particular you must:

• Identify and investigate problems relating to information security in the financial services sector.

• Identify critical success factors for effective information management, with particular reference to information security.

• Critically discuss future of information management in financial services sector, with the growing consciousness of and on information security.