MBA IT

107 – INFORMATION SECURITY

1. What is information security and privacy?

While the information security refers to the protection of information stored, processed and
transmitted to comply with the functions and purposes of the information systems in an organization,
the privacy of information is related to the protection of the information related to a subject's identity.
Similarly, the security of information is an important tool to protect information assets and business
objectives, while privacy is focused on the safeguarding of individual’s rights when it comes to the same
information.

2. Give short notes on encryption and decryption?

The method of disguising plaintext data in such a way as to hide its substance is called encryption. Data
that can be read and understood without any special measures is called a plaintext. Encryption is used
to hide information from anyone for whom it is not intended. Encrypting plaintext results into
unreadable format called ciphertext. The process of reverting ciphertext back to its original plaintext
format is called decryption.

3. Define secure?

A cryptosystem is secure if the best-known attack requires as much work as an exhaustive key search,
that is there is no short cut attack. By this definition, a secure cryptosystem with a small number of keys
could be easier to break than an insecure cryptosystem with a large number of keys. It is theoretically
possible to break such a system, but it is infeasible to do so by any known practical means. These
schemes are therefore termed computationally secure.

4. what is project VENONA?

VENONA project is a real-world example of using one-time pad. In 1930s and 1940s, soviet spies
entering united states bought one-time pad keys with them. The spies used these keys to encrypt
important messages, which were then send back to Moscow. The VENONA project was a united states
counter-intelligence program initiates during this time. It was intended to decrypt messages transmitted
by the intelligence agencies of the Soviet Union Among 3000 such messages only a small fraction of
which were ever decrypted.

5. What is DES?

The Data Encryption Standard is known as DES. The design of DES is based on Lucifer cipher, a Feistel
cipher developed by IBM. DES works by using the same key to encrypt and decrypt a message, so both
the sender and receiver must know and use the same key to decrypt electronic data. In future DES has
been suspended by the more secure AES (Advanced Encryption Standard) algorithm.

© RANJIX : MAY 23, 2019 PAGE 1 OF 9

MBA IT
107 – INFORMATION SECURITY

6. Name various cryptanalytic techniques?

There are various advanced cryptanalytic techniques; some of them are as given below:

a) Linear and differential cryptanalysis – Both linear and differential cryptanalysis was developed
to attack DES. Linear cryptanalysis is a known plaintext attack in which cryptanalyst access larger
plaintext and ciphertext messages along with an encrypted unknown key. Differential
cryptanalysis is a general form of cryptanalysis applicable primarily to block ciphers, but also to
stream ciphers and cryptographic hash functions.
b) A side-channel attack on RSA – In a side-channel attack, an attacker steals secret information
from unusual channels, by attacking a cipher without directly attacking the algorithm.
c) The lattice reduction attack on the knapsack – Knapsack-type cryptosystems were among the
first public-key cryptographic schemes to be invented and are high speed in
encryption/decryption which made them very attractive.
d) Hellman’s time-memory trade-off attack on DES – In a time-memory trade-off, or TMTO, the
objective is to balance one-time work the result of which is stored in "memory" with the "time"
required when the algorithm is executed. It is a general technique that can be applied to
improve the performance of many different algorithms.

7. What do you mean by multi-lateral security?

Multilateral security concepts define security policies according to rule sets for all parties concerned and
it is sometimes referred to as “policy-based security”. They can express security rules between
individuals or roles along the same "level". It is concerned with the implementation of security between
users, computer systems and processes on the same clearance level and models the relationships of
systems to each other with respect to security issues.

8. What is firewall?

A firewall is a network security device that monitors incoming and outgoing network traffic and decides
whether to allow or block specific traffic based on a defined set of security rules. A firewall can be
hardware, software, or both. Its purpose is to establish a barrier between your internal network and
incoming traffic from external sources (such as the internet) in order to block malicious traffic like
viruses and hackers. They are an integral part of a comprehensive security framework for your network.

9. Give short notes on Risk Assessment Management?

Risk Assessment deals with the understandings about the external and internal threats to an
organization’s information assets and the vulnerabilities of its current systems and processes. Risk
Management is the application of the principles of risk management and aims to manage the risks that
come with the ownership, involvement, operation, influence, adoption and use of IT as part of a larger
enterprise.

© RANJIX : MAY 23, 2019 PAGE 2 OF 9

MBA IT
107 – INFORMATION SECURITY

10. What is double transportation cipher?

A transposition cipher is a method of encryption by which the positions held by units of plaintext are
shifted according to a regular system. A double transposition is simply a columnar transposition applied
twice to make it stronger than single columnar transposition where the attacks are made by guessing
possible column lengths, writing the message out in its columns, and then looking for possible
anagrams. The same key can be used for both transpositions, or two different keys can be used.

11. What is classic crypto? Explain simple substitution cipher?

Classic Crypto

In cryptography, a classical cipher is a type of cipher that was used historically but now has fallen, for the
most part, into disuse. In contrast to modern cryptographic algorithms, most classical ciphers can be
practically computed and solved by hand. However, they are also usually very simple to break with
modern technology. The term includes the simple systems used since Greek and Roman times, the
elaborate Renaissance ciphers, World War II cryptography such as the Enigma machine and beyond.

Simple Substitution Cipher

The simple substitution cipher is a cipher that has been in use for many hundreds of years. It basically
consists of substituting every plaintext character for a different ciphertext character.

A substitution cipher takes each letter in a plaintext and replaces it with another letter. The simplest
substitution ciphers are monoalphabetic substitution ciphers. A monoalphabetic substitution cipher uses
the letters of a single alternative alphabet to replace the ordinary letters. A given letter is always
replaced by the same letter.

The simple substitution cipher offers very little communication security, and it will be shown that it can
be easily broken even by hand, especially as the messages become longer.

Example:

Example of the encryption and decryption steps involved with the simple substitution cipher.

• The text we will encrypt is 'DEFEND THE EAST WALL OF THE CASTLE'.

Keys for the simple substitution cipher usually consist of 26 letters (compared to the caeser cipher's
single number). An example key is:
Plain A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Alphabet
Cipher P H Q G I u M E A Y L N O F D X J K R C V S T Z W B
Alphabet

Such a table shows the replacements that will be made. This one shows that the letter 'A' will be
replaced by the letter 'P', the letter 'B' will be replaced by the letter 'H', and so on.

© RANJIX : MAY 23, 2019 PAGE 3 OF 9

MBA IT
107 – INFORMATION SECURITY

An example encryption using the above key:

Plain Text DEFEND THE EAST WALL OF THE CASTLE

Cipher Text GIUIFG CEI IPRC TPNN DU CEI QPRCNI

Each letter is always replaced by the same substitute, so in a simple substitution you should find the
same frequencies as in plain English (assuming that the original message was written in English). It is just
that they are attached to the wrong letters. In plain English the five most common letters are 'E T A O N'
and these represent about 45% of all text. In a simple substitution, therefore, the five most common
letters ought to be the substitutes for 'E T A O N' and represent about 45% of the text. Likewise the nine
most common letters, which ought to be the substitutes for 'E T A O N I S R H', should represent over
70% of the text; and the five least common letters, which ought to be substitutes for 'J K Q X Z', should
represent less than 2% of the text.

In plain English some combinations of letters are very common and are bound to be repeated in a
message of any length. In fact, there are many words which are so common that they are bound to be
repeated. In a simple substitution, therefore, there should be many repeated sequences of letters,
which represent the common combinations of letters and words in plain English.

Sometimes you will find a ciphertext with the frequency distribution of a simple substitution but without
the repeated sequences. In this case, you are probably dealing with a combination of simple substitution
and transposition.

12. Explain stream ciphers

A stream cipher is a method of encrypting text (to produce ciphertext) in which a cryptographic key and
algorithm are applied to each binary digit in a data stream, one bit at a time. This method is not much
used in modern cryptography. The main alternative method is the block cipher in which a key and
algorithm are applied to blocks of data rather than individual bits in a stream.

A stream cipher encrypts an arbitrary length of plain text, one bit at a time, with an algorithm that uses
a key. For this form of encryption to remain secure, its pseudorandom cipher digits should be
unpredictable and the key should never be used more than once. The pseudorandom cipher digits are
generated through a number of random seed values that use digital shift registers. The encryption of
each digit is dependent on the current state of the cipher, warranting the name state cipher for this. RC4
is a popular stream cipher that is widely used in software.

Stream ciphers can encrypt plaintext messages of variable length. The one-time pad can be thought of
as an example – each message uses a portion of the key with length equal to the length of the plaintext
message. (Then that portion of the key is never re-used.)

The ideas that resulted in modern stream ciphers originated with another AT&T Bell Labs engineer,
Gilbert Vernam (1890 – 1960). In 1917, Vernam developed a scheme to encrypt teletype transmissions.
Unlike Morse code, which uses symbols of different lengths to substitute for letters of the alphabet,

© RANJIX : MAY 23, 2019 PAGE 4 OF 9

MBA IT
107 – INFORMATION SECURITY

teletype transmission used what we would today call a 5-bit code for the letters of the alphabet and
certain keyboard commands.

The Vernam Cipher is based on the principle that each plaintext character from a message is 'mixed'
with one character from a key stream. Vernam developed his encryption scheme during the early
Twentieth Century, he was not thinking about 5-bit strings of 1’s and 0’s; he was thinking about cross 'x'
or dot '.', mark or no mark, low voltage or high voltage, etc., but today it is easiest to think of 1’s or 0’s.

Thinking this way, Vernam’s encryption scheme can be easily described. The key was a random string of
0’s and 1’s. The plaintext message was converted to a string of 0’s and 1’s using ITA2. The two strings
were XORed to generate the ciphertext. Pattern (plaintext) plus (⊕) random (key) yields random
(CIPHERTEXT).

Modern stream ciphers: Modern stream ciphers operate much the same as Vernam’s original cipher.
They are not one-time pads; their key strings are pseudorandom. Because the XOR operation and the
methods used to generate key strings are not complex operations, stream ciphers are typically faster
than block ciphers. Stream ciphers are often used in situations (for example, wireless communications)
in which the length of the plaintext message is not known beforehand.

13. Give notes on intrusion detection

Intrusion Detection System (IDS)

An Intrusion Detection System (IDS) is a system that monitors network traffic for suspicious activity and
issues alerts when such activity is discovered. It is a software application that scans a network or a
system for harmful activity or policy breaching. Any malicious venture or violation is normally reported
either to an administrator or collected centrally using a security information and event management
(SIEM) system. A SIEM system integrates outputs from multiple sources and uses alarm filtering
techniques to differentiate malicious activity from false alarms.

Although intrusion detection systems monitor networks for potentially malicious activity, they are also
disposed to false alarms. Hence, organizations need to fine-tune their IDS products when they first
install them. It means properly setting up the intrusion detection systems to recognize what normal
traffic on the network looks like as compared to malicious activity.

Intrusion prevention systems also monitor network packets inbound the system to check the malicious
activities involved in it and at once sends the warning notifications.

Classification of Intrusion Detection System:

IDS is basically classified into 2 types:

a. Network Intrusion Detection System (NIDS):

Network intrusion detection systems (NIDS) are set up at a planned point within the network to examine
traffic from all devices on the network. It performs an observation of passing traffic on the entire subnet
and matches the traffic that is passed on the subnets to the collection of known attacks. Once an attack

© RANJIX : MAY 23, 2019 PAGE 5 OF 9

MBA IT
107 – INFORMATION SECURITY

is identified or abnormal behavior is observed, the alert can be sent to the administrator. An example of
an NIDS is installing it on the subnet where firewalls are located in order to see if someone is trying
crack the firewall.

b. Host Intrusion Detection System (HIDS):

Host intrusion detection systems (HIDS) run on independent hosts or devices on the network. A HIDS
monitors the incoming and outgoing packets from the device only and will alert the administrator if
suspicious or malicious activity is detected. It takes a snapshot of existing system files and compares it
with the previous snapshot. If the analytical system files were edited or deleted, an alert is sent to the
administrator to investigate. An example of HIDS usage can be seen on mission critical machines, which
are not expected to change their layout.

Detection Method of IDS:

a. Signature-based Method:

Signature-based IDS detects the attacks on the basis of the specific patterns such as number of bytes or
number of 1’s or number of 0’s in the network traffic. It also detects on the basis of the already known
malicious instruction sequence that is used by the malware. The detected patterns in the IDS are known
as signatures.

Signature-based IDS can easily detect the attacks whose pattern (signature) already exists in system but
it is quite difficult to detect the new malware attacks as their pattern (signature) is not known.

b. Anomaly-based Method:

Anomaly-based IDS was introduced to detect the unknown malware attacks as new malware are
developed rapidly. In anomaly-based IDS there is use of machine learning to create a trustful activity
model and anything coming is compared with that model and it is declared suspicious if it is not found in
model. Machine learning based method has a better generalized property in comparison to signature-
based IDS as these models can be trained according to the applications and hardware configurations.

14. Briefly explain information security and privacy lifecycle?

Information Security

Information security is the practice of defending information – in all forms - from unauthorized access,
use, examination, disclosure, modification, copying, moving, or destruction. There are numerous global
and industry standards and regulations mandating information security practices for organizations.

Information Privacy

Information privacy, or data privacy is the relationship between the collection and dissemination of data
and the public expectation of privacy. The safeguarding of personal data is the objective i.e. data about
individuals such as contact information, health, financial, and family information; these individuals could

© RANJIX : MAY 23, 2019 PAGE 6 OF 9

MBA IT
107 – INFORMATION SECURITY

be your employees, your customers and other stakeholders. There are various legal, regulatory, political,
and technological issues surrounding the issue of data privacy.

The Information Security and Privacy Lifecycle methodology comprises the following five phases:

a) Synthesis of all legal obligations from applicable information security and privacy laws and
regulations.
b) Analysis of all information security and privacy legal liability exposures.
c) Creation of information security and privacy policies and assessment of information security and
privacy risks.
d) Selection, design and implementation of information security and privacy controls.
e) Compliance, audit and certification of the information security and privacy program.

After completing the final phase, the lifecycle starts again with the first phases in a repetitive loop. It is
not enough for the information technology workforce to understand the importance of cybersecurity;
leaders at all levels of government and industry need to be able to make decisions based on knowledge
of risks and potential impacts.

1. Statutes and
Regulatory

5. Compliance, 2. Sources of
Audit and potential
Certification liability

4. Security and 3. Policies and

Privacy Risk
Controls Assessment

a) Phase 1 - Synthesis of Statutory and Regulatory Requirements

Organizations must understand their information security and privacy obligations from statutes and
regulations in each country where they do business, including any industry sector-specific rules. To craft
a single set of information security and privacy rules usable worldwide, a synthesized global legal view
should be created from all applicable current and prospective laws.

© RANJIX : MAY 23, 2019 PAGE 7 OF 9

MBA IT
107 – INFORMATION SECURITY

Synthesized Legal view - Consolidating the provisions from these various statutes results in a synthesized
global legal view the encompasses the high-level information security and privacy requirements for
Information security / privacy policy, Inventory of Personal Information, Risk assessment Process,
Internal reviews and monitoring, Reactive and preventive controls, Data Management, User
Authentication and Access controls, System and Network Management, Administrative an HR security,
Third party transfer restrictions etc.

b) Phase 2 – Analysis of Potential Exposures to Legal Liability

This includes following phases such as

1. Contractual: Beyond what is mandated by law, what is unique to each organization is the
particular set of contractual and other commitments to implement certain information security
and privacy controls and the possible tortious claims based on failure or absence of those
controls.
2. Torts and other: Possible areas of liability for tort claims should be identified proactively, so that
exposures can be determined and the proper controls and legal defense can be built in advance.
A complete understanding of non-regulatory information security and privacy requirements,
such as industry association rules must be obtained.

c) Phase 3 – Information Security/ Privacy Policies and Risk Assessment Frameworks.

This includes following areas such as

1) Information Security Privacy Policies: Each organization must be guided by its own policies in
information security and privacy. These policies are in response to the statutory, regulatory and
contractual commitments and business needs and risks an organization faces.
2) Risk Assessment Management: To realize the aspirations of information security and privacy
policy and to know which controls are required, the proper controls must be put in place to
manage the various legal, business and technical risks and a risk assessment process must be
undertaken.

d) Phase 4 - Information Security and Privacy Controls:

Once the risks have been assessed and the potential impacts understood, the risks must be prioritized
and decisions made on how to respond. Risks can be retained, transferred/ shared or avoided, or
controls can be used to mitigate the risks. Suggested list of controls are: NIST’s security control familes,
ISO 27002, 18 and ISACA’s COBIT.

© RANJIX : MAY 23, 2019 PAGE 8 OF 9

MBA IT
107 – INFORMATION SECURITY

e) Phase 5 – Compliance, Audit and Certification

This includes following areas such as

1. Compliance and Audit: After the controls are implemented, their use in the daily operations of
organization must be monitored for compliance with the information security/ privacy policies
and control objectives. This monitoring should be the part of the ongoing information security/
privacy policy, risk assessment and control review processes.
2. Certification: To ensure they have implemented best practices; organizations may seek
independent certification of their information security/ privacy program. This is typically done
under the ISO 27001 standard.

© RANJIX : MAY 23, 2019 PAGE 9 OF 9