Information security & audit Case studies

aquahellishSoftware and s/w Development

Dec 13, 2013 (3 years and 6 months ago)

87 views




Information security & audit



Case studies



1.
For a bank portal, as more users are added, response time gets longer.

The EDP Manager is perplexed that system can cope up with many

more users without noticeable response time. He cannot determine

whether the problem occurred is of hardware or server software based.

He asks you to assist him to identify problem and suggest solution.

Explain the measure you would undertake to trace and resolve the above

case.


2.A Software Company alleged the compla
int that some of the former

employees had accessed and tampered the vital data of company. As

an IT head suggest steps to investigate it. Also suggest controls to

avoid the same in the feature.


3.With continuing security concerns for the airport operatio
ns, the

protection of internal operational protocols of an international airport

has become more critical than ever before. Therefore, the Information

Security System (ISS) was developed which can protect the critical

information related to airport operati
ons. The ISS can securely protect

the computer system at airport by :



Performing real
-
time encoding of the users who accessed the

protected files and folders.



Limiting the user’s capability to edit the protected documents.



Blocking the user’s access
to portable storage devices.



Inserting security water marks on the printed outputs.

As a system analyst specify the additional threats and security for

Airport System.


4.
An International Library have decided to perform open transactions.

Library will
be fully computerised with web based application. No

human assistant will operate it for issue/return transactions. Biometric

System will be used for accessing Library and CCTV will be fitted

inside stack room.

As a system analyst suggest specific biometri
c system and also suggest

a security policy for the application software.


5.Super BPO Company is a company providing customer care and phone

banking facilities. Its main customers are some of the biggest banks

of USA. It employees 200 BPO executives who
have access to all

the financial and personal data and credit card information of nearly

1 million clients of these banks.

You have been appointed as the security administrator and have been

assigned the work to study the possible security lapses which mig
ht

occure.

(a) What are the different types of threats and vulnerabilities you

might find in this BPO Company ?

(b) Give your recommendation so as to control these threats.


6.Intellectual Property Theft :

The complainant (Software Company based in
Bangalore) alleged that

some of the company’s former employees had accessed the company’s

IT System and tampered with the Source Code of the Software under

Development.

(a) What precaution was not taken by the organisation to prevent

it ? What is your sugg
estion in this regard ?

(b) Write down the steps to investigate and suggest required internal

control on this.


Slove the following


1.

what are different types of information?add a note on information system

2.

what are the threats of infrastructure security?

3.

Discuss in brief block diagram of information security?

4.

Discuss basic of information security and its evolution

5.

Define Information Security. Explain the role of Security in the internet.

6.

Explain the need of Physical Security. What are the different types o
f Physical Threats
and what are the measures to counter them ?

7.

Explain the different types of Bio
-
metric Controls that can be used for Information
System Security.

8.

Discuss the role of Incident Response Team (IRT) in Information Security Mechanism.

9.

What are

various security considerations for mobile workforce?

10.

Wired or Wireless Network is secured comment

11.

Discuss in brief the need for VPN and Security Issues.

12.

What do you understand by the term ‘Encryption’, ‘Private Key Encryption’ and ‘Public
Key Encryption’

.Create a Sample Password Policy for an Organisation.

13.

What are Intrusion Detection System(IDS).

14.

Protecting your data through
Bluetooth

what security precautions you are applying
?
Explain
.

15.

Define and explain Enterprise Application Integration(EAI).

16.

Discuss

SSE
-

CMM Model in detail.

17.

Explain security models and frameworks

18.

Explain ISO network managemet model in detail.

19.

What is Risk ? Explain the steps involved in Risk Management.

20.

Explain the need of IS Audit. What are the goals achieved by IS

Audit ?

21.

Describ
e the Evidence Collection and Evaluation Methods in detail.

22.


Define Audit Controls. Explain the Application and Management

Control.

23.


Describe the role of Data Base Administrator in Auditing Process.

24.

What are the Physical and Logical Security of IS Assets
that an

Auditor should Audit in
an Organisation.

25.

What do you mean by Computer Crimes ? Elaborate the different

types of Crimes.

26.

Explain in detail the major pillars of Information Security.

27.


What is IPR ? Explain various approach regarding it.

28.

Explain in detail Disaster Recovery
planning?




Write short notes

1.

BCP

2.

Trojan Horse

3.

Steering Committee

4.

ISACA

5.

E
-
commerce

6.

Digital Signature

7.

Technical attacks

8.

Layers of information
security

9.

Biometric Controls

10.

Ethical Issues for Information Security

11.

Intrusion

Detection System

12.

Security of E
-
mail System

13.

Role of Internet in Global Information System

14.

Technological Impact on Data Privacy

15.

Firewall and its types

16.

Copyright Act

17.

Disaster Recovery Planning

18.

Security of E
-
mail System

19.

Sarbanes
-

Oxley Act

20.

COBIT

21.

Database Sec
urity

22.


Cryptographic Techniques

23.

Access controls

24.

Benefits o
f

security risk analysis

25.

Privacy issues in web services













Software Development


ADVANCED JAVA


s
olve the following :


1.

List EJB Session Bean Lifecycle Methods.

2.

What is UDP ?

3.

Write about
the Interfaces used in JDBC.

4.

What’s the difference between SendRedirect( ) and Forward( )Methods ?

5.

Write code to call a stored procedure using JDBC.

6.

Write Down Socket and Server Socket Class Constructor.

7.

What is RMI Registry ?

8.

Difference between GenericSer
vlet and HTTPServlet.

9.

Life Cycle Methods of Bean

10.

Write statement object hierarchy used in JDBC.

11.

Write difference between TCP and UDP.

12.

What is BMP ? Explain in brief.

13.

What is signature of service method in servlet ?

14.

What is Jsp:forward and Jsp:include ?

15.

How

cookies are created and values are set ?

16.

What are different Statements used in JDBC ?

17.

Which methods
are supported by these Statements ?

18.

What are different rules for writing simple bean ?

19.

What is URL ? List any four methods.

20.

List any four methods of Resul
tSetMetaData.

21.

List any four interfaces involved in Java Mail.

22.

What is Port Number ?

23.

What are Cookies ?

24.

What is Deployment Descriptor ?


Slove the following


1.

Write an application to accept Customer Details on html page and send

to servlet. Servlet will
insert record in Customer Table after validating

credit limit. If the credit limit is above 5,00,000, display error message,

otherwise insert the record in the table.

Customer : CustomerID, Name, Address1, Address2, City, State, PIN,

Credit Limit.


2.

Cre
ate a bean that will calculate square and cube of a given number.

Use bean in JSP Program. Accept number from user and display square

and cube of that number.


3.

Write program segment :

(a) To get row count from a table.

(b) To declare function in JSP u
sing JSP Expression.

(c) To register out parameter with data type string.

(d) To create DatagramPacket to send to specified address and port

number.

(e) To retrieve information from cookies in Servlet.



4.
Write a threaded echo Server
-

Client Socket Progr
am.



5.
Write RMI application to invoke remote method to reverse a given

string.


6.
Write Servlet Application to accept movie name from user through

HTML page. Display movie details and names of theaters, timeslot

where the movie is showing. If the movie

is not currently showing

anywhere display message "Movie Not Available now !"

Use Tables :

Movie :
MovieId, Mname, Casting, Launch Date, Director, Musician

MovieDisplay :
Serialno, MovieId, Theater, Timeslot, DisplayStatus

(could be showing or not showing
)



7.
Write an Employee bean containing eno, ename, dept, salary attributes

and calculated Commission(float percentage) Method.


8.
Write JSP Application to use this Employee bean. Accept details from

html page set the values for Employee bean and display
calculated

commission in client's browser.



9.
Write Multithreaded Server
-

Client Chat Application using Sockets.



10.
Write JDBC Application to insert records in movie table. Continue

insertions till user want.
Use Tables :

Movie :
MovieId, Mname, Casti
ng, Launch Date, Director, Musician

MovieDisplay :
Serialno, MovieId, Theater, Timeslot, DisplayStatus

(could be showing or not showing)


11.

Write JSP Application using JSTL to display cubes of first 30 natural

numbers in a tabular form. The table should

contain the number and

its cube.


12.
Write a Socket Program that run on Server and echoes back all the

strings sent by Client after receiving string. If Client sends string EXIT,

Server should get terminated.



13.
Write RMI to accept a number and
display its factorial value using

remote method fact( ).



14.
Write a Servlet with following specification
-

Servlet will accept user

name, password and foreground colour and display ‘hello’ message

in accepted colour.



15.
Write a program that will open

department table allow user to insert,

modify, delete record from table. (Take suitable table structure)

Write JDBC program to establish connection to “student” table with following

structure.

(


Roll_No, Stud_Name, Course, fees_paid


Accept Stud_Name f
rom command

line and display the details of that student (using prepared statement)


15.

Write RMI application :

a) Write remote interface named MyRmi which contains following methods ?

int findLargest (int a, int b, int c)

b) Write code to link this
interface to MyImp class.

c) Start RMIServer.

d) Write client side code to invoke remote method.


16.

Write JSP application to accept item number from user through HTML

page and display description, available quantity, rate and cost of

available quantity
from underlying table. ITEM table has : ITEMCD,

DESCRIPTION, QUANTITY, RATE Fields.


17.

Write working of RMI with the help of suitable example.



18.
Write socket program for client that will send a sentence to server.

Server will count the number of cha
racters, special characters, digits

from the sentence and send the counts as single string to client. Client

program with display output as the passed string from server.



19.
Write servlet program to display department wise employee list and

department w
ise total salary in the client's browser. Given tables

(DEPT : DeptNo, Dname,Dloc); (EMP : EmpNo, Ename, DeptNo,

Salary).



20.
Write EJB component to display user details. The Browser client sent

user name to the ejb. Through bean retrieve the record of
that user

from underlined database and display details in client browser.

(Assume suitable data)

Remote Interface

Home Interface

Implementation Class

ejb
-
jar.xml File

Client Program


21.

Write Java program to count number of vowels from the given file. Accept filename from
command line.


22.Write a program for chatting between client and server.


23.Write a client server networking program to accept string from user pass to server server
will

Send response whether the string is palindrome or not


24.Write a program for multithreaded chat application


25.Write a RMI to accept a number and display prime no upto given number by using method

Primeno().



Write short notes :



1.

JNDI

2.

Session
Tracking in Servlets

3.

RMI Architecture

4.

JSP Directives

5.

Java Beans

6.

MVC Architecture

7.

Servlet life cycle

8.

RMI Architecture

9.

Types of drivers in JDBC

10.

Types of EJB’S.

11.

Struts’ MVC Architecture

12.

JNDI Interfaces and Methods

13.

Working of RMI

14.

JSP Include and Forward

15.

JDBC
architecture

16.

Servletconfig and servletcontext

17.

Difference between Genericservlet and HTTPServlet

18.

JSP actions

19.

JSTL

20.

Struts

21.

Hibernate

22.

ORM

23.

HQLEclipse architecture

24.

DynaAction class

25.

LazyAction class







ASP.NET


1.
Explain ASP.NET Architecture in detail.


2.
What is State Management ? Explain Client Side State Management

Techniques in detail.


3.
Explain various Validator Controls in details.


4.
Create and explain web.sitemap file. And use it by making use

of treeview control.


5.
Explain Exception handling in
ASP.Net.


6.
Explain how Session Management is done in ASP.Net ?


7.
Explain Authentication and Authorization of User.


8.
Explain ADO.NET Object Model in detail.



9.
Explain Server Side State Management Techniques in detail.



10.
Explain methods, properties and events of the following controls :

(a) CheckBoxList Control

(b) ImageMap Control

(c) SiteMap Control


11.

What is Web Service ? Explain the steps and code to create and

consume Webservice.


12.
Differentiate between ASP
and ASP.NET


13.
Difference between Authentication and Authorization


14.
Differentiate between connected and disconnected architecture in ADO.NET


15.
What are the different mechanisms to trace the asp.net web application

How would you configure ASP.NET
trace output


16.

What are Web Services ? Explain with example.



Explain the following controls


(a)

Login Control

(b)

Dropdown List Control

(c)

Treeview Control

(d)

Listbox Control

(e)

AdRotator Control

(f)

Image Map Control

(g)

File Upload Control

(h)

Login Control

(i)

Check Box List
Control

(j)

Radio button list control

(k)

Calendar Control

(l)


Checkbox Control

(m)


Gridview




Write short notes :



(a)

Imagemap Control

(b)

Web Services

(c)

ADO.Net Object Model

(d)

Site Map

(e)

Exception Handling

(f)

Web Services

(g)

Authentication and Authorisation

(h)

Deploying Web Application

(i)

Namespace

(j)

HTML and Web server control

(k)

Data bound control in ADO.NET

(l)

Data source controls in ASP.NET

(m)

Transcation object in ADO.NET

(n)

Xcopy

(o)

Advantages of ASP.NET


Program


Hint: student must study brief the programs based on ADO.NET


1.
Design a form and write code to :

(a) Add New Record

(b) Delete Selected Record

(c) Edit Selected Record

(d) Use Gridview Control to Display Records

Make use of connected architecture.

Name of Table : Books (BookId, BookName, Author, Price, Publisher)


2.
Create theme for Textbox, Buttons and Gridview. Apply theme using

web.config file.


3.
Design GUI and write code for following :

(a) Add New Record

(b) Delete Record

(c) Edit Record

(d) Use Disconnected Architecture

Table Name
-

Student (sno, sname, sdob,
quailification, address)

SQL Server
-

College

Server Name
-

UOP


4.

Design a GUI for login page. Make use of database to validate

user login. Display welcome page for successful login and error

page if login failed.


5.

Write a Sectional Code for
following :

(a) Disable the past dates and Sundays in calendar control.

(b) Create an application using File Upload Control. Which will

upload your photo and display it in a image control ? The file

type must be image only and file size should not exceed
1 MB.


6.

Design a form and write code to :

(a) Populate and display books names in a drop down list.

(b) Select a book from drop down list and display its details in

underlying text boxes.

(c) Add a record

(d) Delete Selected Record

(e) Edit Selected
Record

Use connected architecture.

Name of Table : BookMaster (BookID, Title, Author, Publisher, Price)

Name of Server : MyAspDB (SQL Server)


7.
Design a form and write code to :

(a) Add New Record

(b) Delete Selected Record

(c) Edit Selected Record

(d)
Use Gridview Control to Display Records

Make use of dis connected architecture.

Name of Database :Employee

Name of Table : EMP (EmpId , EmpName, DOB, salary)

Server name:UOP


8.
Create a web.sitemap file. Explain it and use it by making use of the Tree View

and Sitemap
Path Control draw proper GUI


9.
Design a GUI for login page using label,textboxs and button control .display

Welcome page for successful login else error page.make use of valid database to validate user
login.


10.
Design Interface and write code for the following :



Add a new record



Delete a record



Edit a record



Use gridview to display records



Use connected architecture



Name of Database : Inventory

Name of Table : Product (Product ID, Desc, Rate, Stock)

Server : SQL Server

Server Name : ABCD


11.

Design Interface and write code for shopping cart application :



Take a drop down list to display product.



Display product rate in a label when the product is selected.



Accept Quantity in a textbox and add
it to the cart when add

button is clicked.

-
Display order on next page when display order button is

pressed.
use table

(
Name of Table : Product (Product ID, Desc, Rate, Stock)





























Software Testing





Software quality assurance

1.

Define Software Quality. Describe the need and importance of

Quality.


2.
Explain Contribution of Deming Juran.


3.
Explain Software Testing Life Cycle.


4.
Explain British Standard 7799 for Information Security.


5.
What are the various Testing Methods
used to Test Web Based

Applications ?


6.
Explain Software Configuration Management.


7.
What is Service Level Agreement ? Explain its importance.

8.
Define Software Quality. Explain Quality Attributes.


9.
Explain Concept of SCM from Quality Point of View.


10.
Discuss Quality and Productivity. Explain in detail the Concept of

COQ.


11.
Explain in detail important features of CMM.


12.
Why quality training is required for Software Quality Team ?


13.
What is

meant by Defect Management ? What are the processes used

in this ?


14.
“Quality Metrics is important in the Software Development

Organisation.”Justify.

15.
Why Software Quality is required in Software Development Process ?

Explain.

16.

What is use of S
EI
-
CMM Level for Software Organisation ? Explain

CMM Level
-
3 in detail.

17.

Define the following terms with example :

(a) Bug

(b) Defect

(c) Audit


18.
Explain ‘V’ Model in Software Testing. Give example.


19.
Explain the terms in short :

(a) Load Testin
g

(b) Stress Testing

(c) α and ß Testing (Alpha and Beta)

20.
Role of Customer in QualityDefine Quality. Describe need and importance of Quality.



21.
Explain Consumer’s View and Producer’s View about Quality.



22.
Explain various Testing and Defect Tracking Tools.


23.

Explain Unit Testing in details.


24.
Compare and contrast Black and White Box Testing Methods of Software

Testing.


25.
What is Software Quality Control and Software Quality Assurance ? Explain

in de
tail SQA.


26.
Explain various factors considered while setting a Computer Centre.



27.
What do you mean by Risk ? Explain Software Project Risk Management in

detail.



28.
Describe various Software Project Time Estimation Tools, with suitable illustration.


29.
Explain in detail various steps, methods and documentation process of User

Acceptance Testing.


30.
Explain procedure followed and care taken while terminating a person in

IT organisation.



Write short notes :

1.

Risk Management

2.

Code Review

3.

Cause and
Effect Diagram

4.

Kaizen Principles

5.

PDCA

6.

Test Automation Tools

7.

Process Inventory

8.

KPA

9.

Quality Control

10.

Black Box Testing

11.

Acceptance Testing

12.

Inspection

13.

Management Controls

14.

Service Level Agreement

15.

Function point analysis

16.

COCOMO

17.

Walkthrough.































SOFTWARE TESTING PROCESS & DOCUMENTATAION


1.
What is Test Data ? What are its norms ?


2.
Write Test Cases for Washing Machine.



3.
Define Software Quality. Describe reasons for Poor Quality. Explain

reasons for Product Quality and Process Quality.


4.
What is Software Testing ? What is its need ? Explain levels of

Testing.



5.
What is Functional Testing ? Explain various types of Functional

Testing.



6.
Prepare BVA and ECP for below scenario login w
indow :

(a) Use
-
id


allow alphanumerics 4 to 16 characters long

(b) Password


allow alphabets 4 to 8 characters long


7.
Write test case for Student Registration Validation Program with

following fields : student_username, student_password,

confirm_passw
ord, student_email and student_course.


8.
What is Review ? What is its purpose ? Explain different types of

Reviews.


9.
What is Test Plan ? Explain IEEE Standards of Test Plain.

Define Quality Assurance and Quality Control. Support your answer

with ‘V’
Model of Software Testing.


10
Define Risk. Explain Risk
-
based Testing.


11.
Explain various factors considered while setting a Computer Centre.

What do you mean by Risk ? Explain Software Project Risk Management in

detail.


12.
Describe various Software
Project Time Estimation Tools, with suitable illustration.


13.
Explain in detail various steps, methods and documentation process of User

Acceptance Testing.


14.
Explain procedure followed and care taken while terminating a person in

IT organisation.


15.
E
xplain Software Project Maintenance in detail.


16.
What is Testing ? Explain Functional and Non
-
functional Testing ?


17.
Write test case for ATM Money Withdrawal Operation with

necessary rules and regulations.



18.
What is Defect Management ? How it is
important ? Explain Process

of Defect Reporting and Tracking.


19.
Describe Unit Level Testing and Integration Testing in detail with

suitable examples.



20.
What is White Box Testing ? Explain various White Box Testing

Techniques with example.



21.
What

is Test Plan ? List down contents of Test Plan.



Write short notes :

1.

Types of Defect Management

2.

Test Automation

3.

TMM

4.

Black Box Versus White Box Testing
.

5.

COTS

6.

Agile Testing

7.

Software Implementation.

8.

Version Control

9.

Software Testing

10.

QA Vs QC

11.

Wireless /
Mobile Computering Applications

12.

Static V/s Dynamic Testing

13.

Manual V/s Automated Testing