UNIT 1 Question bank

1. Discuss the various challenges in drafting the Policy in an organization

2. A successful organization should have multiple layers of security. Identify any 6 of

them and describe.

3. List and explain various types of Security Policies

4. Draw a schematic diagram showing the major steps in contingency planning. Explain
in detail, business impact analysis.

5. Draw the terms: policy, standards and practices in the context of information security.
Draw a schematic diagram depicting interrelationship between the above.

6. Explain who is responsible for a policy management & how policy managed.

7. Discuss the system specific security policy. How managerial guidance and
a. technical specification can be used in SysSP.
8. Explain the major steps specified in BS7799:2 document. How these steps help in
security planning.
9. Write a short note on
EISP Security system development lifecycle
ISSP SysSP`

10. What are the critical characteristics of Information and Explain the NSTISSC security
model.
11. Give detailed explanation of Contingency planning with appropriate diagrams
12. Discuss IETF, NIST, ISO, IEC standards
13. Explain the Sphere of Security with neat diagram in the context of design of security
Architecture for the information network
14. Explain the Enterprise Information Security Policy and its components
15. Explain the relationship between policies, Standards and Practices with a diagram.