Information Security Audit and Monitoring Course File

SCHOOL OF COMPUTING SCIENCES
DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING
COURSE FILE
IBS701 - INFORMATION SECURITY AUDIT & MONITORING
Academic Year: 2020-2021 Department: CSE

Programme: B.Tech Semester: VII
Course Category: DE Total Duration: 45 Hrs
Prerequisite: NIL Credits: 3
INSTRUCTOR
Dr. Renjith P N,
Associate Professor
Department of Computer Science and Engineering
Hindustan Institute of Technology & Science
INDEX
S.No. Contents
1 Vision, Mission of the Institutety and Department
2 Programme Educational Objectives (PEOs), Programme

Outcomes (POs) and Programme Specific Outcomes (PSOs)
3 Syllabus
4 Course Outcomes (Cos) with POs and mapping
5 Course Delivery Plan (CDP)

6 Course Assessment Plan (CAP)
7 Question Bank
8 Class Nominal Roll
9 Course Materials
10 Assignments Questions with Samples
11 Continuous Internal Assessment (CIA) Question Papers with

Sample answer books
12 Result Analysis
13 Course Outcome Attainment
14 Innovative teaching practices in TLP
15 MCQ / Surprise Test
16 Points of appreciation and novelty & Points for improvement and

Future planning
17 Course Exit survey
18 Continuous Quality Improvement report (CQI)

VISION, MISSION OF THE ISTITUTE
VISION
To Make Every Man a Success and No Man a Failure.
MISSION
• To create an ecosystem that promotes learning and world class research.

• To nurture creativity and innovation.
• To instill highest ethical standards and values.
• To pursue activities for the development of the Society.
• To develop national and international collaborations with institutes and
industries of eminence.
• To enable graduates to become future leaders and innovators.
Value Statement
• Integrity, Innovation, Internationalization
DEPARTMENT VISION AND MISSION
VISION
To excel in Computer Science and Engineering education, research and project
management by empowering the students with strong conceptual knowledge.
MISSION
M1. To educate the students with basic foundation blocks of core and allied
disciplines of
Computer Science and Engineering.
M2. To provide practical skills in the advancements of the Computer Science and
Engineering field required for the growing dynamic IT and ITES industries.
M3. To sculpt strong personal, technical, research, entrepreneurial, and leadership
skills.
M4. To inculcate knowledge in lifelong learning, professional ethics and
contribution to the
society.
PROGRAM EDUCATIONAL OBJECTIVES (PEOs)
PEO1. Excel in his/her professional career and/or pursue higher education including research by applying
the knowledge of Computer Science and Engineering.
PEO2. Demonstrate the technical skills to analyze and design appropriate solutions for problems with
social consciousness and ethical values.
PEO3. Adapt themselves to organizational needs by understanding the dynamically changing technologies.
PROGRAMME OUTCOMES (POs)
1. Engineering knowledge: Apply the knowledge of mathematics, science, engineering

fundamentals, and an engineering specialization to the solution of complex engineering problems.
2. Problem analysis: Identify, formulate, research literature, and analyze complex engineering
problems reaching substantiated conclusions using first principles of mathematics, natural
sciences, and engineering sciences.
3. Design/development of solutions: Design solutions for complex engineering problems and
design system components or processes that meet the specified needs with appropriate
consideration for the public health and safety, and the cultural, societal, and environmental
considerations.
4. Conduct investigations of complex problems: Use research-based knowledge and research
methods including design of experiments, analysis and interpretation of data, and synthesis of the
information to provide valid conclusions.
5. Modern tool usage: Create, select, and apply appropriate techniques, resources, and modern
engineering and IT tools including prediction and modeling to complex engineering activities with
an understanding of the limitations.
6. The engineer and society: Apply reasoning informed by the contextual knowledge to assess
societal, health, safety, legal and cultural issues and the consequent responsibilities relevant to the
professional engineering practice.
7. Environment and sustainability: Understand the impact of the professional engineering solutions
in societal and environmental contexts, and demonstrate the knowledge of, and need for sustainable
development.
8. Ethics: Apply ethical principles and commit to professional ethics and responsibilities and norms
of the engineering practice.
9. Individual and team work: Function effectively as an individual, and as a member or leader in
diverse teams, and in multidisciplinary settings.
10. Communication: Communicate effectively on complex engineering activities with the
engineering community and with society at large, such as, being able to comprehend and write
effective reports and design documentation, make effective presentations, and give and receive
clear instructions.
11. Project management and finance: Demonstrate knowledge and understanding of the engineering
and management principles and apply these to one’s own work, as a member and leader in a team,
to manage projects and in multidisciplinary environments.
12. Life-long learning: Recognize the need for, and have the preparation and ability to engage in
independent and life-long learning in the broadest context of technological change.
PROGRAMME SPECIFIC OUTCOMES (PSOs)
PSO1. To impart the basic knowledge and conceptual understanding of Computing through
mathematical and analytical skills.
PSO2. To develop the skill set of the students in the domains of cyber physical Systems, Algorithm
design Techniques and Enterprise systems security
PSO3. To inculcate the analytical knowledge of the students for innovative system design using
modern tools and techniques.
SYLLABUS
IBS701 INFORMATION SECURITY AUDIT & L T P C
MONITORING 2 0 2 3
Goal To have an understanding about Information security Audit & Monitoring
OBJECTIVES OUTCOMES
The course should enable the student to: The students should be able to:
1. Learn about the Auditing and Auditing
trails 1. Have the desired knowledge on penetration
2. Learn about penetration testing and testing and vulnerability assessment.
vulnerability assessment . 2. Come up with counter measure techniques.
UNIT 1 AUDITING AND AUDIT TRAILS 9
Accountability, Compliance, Audit Trails, Reporting timeline, Record Retention, External

Auditors, Laws
UNIT 2 MONITORING 9
Monitoring tools, Warning banner, Traffic analysis, Trend analysis
UNIT 3 PENETRATION TESTING & VULNERABILITY ASSESSMENT -1 9
Customers and Legal Agreements, Rules of Engagement, Penetration Testing Planning and
Scheduling, Pre-Penetration Testing Checklist, Information Gathering, Vulnerability Analysis,
External Penetration Testing.
UNIT 4 PENETRATION TESTING & VULNERABILITY ASSESSMENT -2 9
Internal Network Penetration Testing, Penetration testing for Denial of Service, Password
Cracking, Social-Engineering, Stolen Laptop, PDAs and Cell phones, Application, Physical
Security, Database, VoIP, VPN, War Dialing, Virus and Trojan Detection, Log Management, File
Integrity Checking, BlueTooth and Handheld Device, Telecommunication and Broadband
Communication.
UNIT 5 COUNTER MEASURES 9
Email Security, Security Patches, Data Leakage, Penetration Testing Deliverables and Conclusion,
Penetration Testing Report and Documentation Writing, Penetration Testing Report Analysis, Post
Testing Actions, Ethics of a Penetration Tester, Standards and Compliance.27001
TEXT BOOKS
Information Security Audit & Monitoring (IBM ICE Publication)

Document Sl. No: IQACB01 Review Period: Every Semester Validation authority: IQAC
COURSE DELIVERY PLAN
(This document is to be presented to the students during the first week of commencement of
classes and send a soft copy to every student of the class by the course instructor)

Course Title: INFORMATION SECURITY AUDIT & MONITORING Course Code: IBS701
Course Category: EE Total Duration (Hrs): 45
Instructor (s): Dr. Renjith P N
Courseware Home Page:
https://sites.google.com/hindustanuniv.ac.in/drrenjithpn
TEXT BOOKS
1. Information Security Audit & Monitoring (IBM ICE Publication).
COURSE OUTCOMES (COs) WITH PO AND PSO MAPPING
PROGRAMME OUTCOMES (PO COMMON TO ALL PROGRAMMES)
(To be achieved by the student after every semester/year/and at the time of graduation)
All graduates of any higher education programs are expected to have identified technical/
functional, generic and managerial competencies. The competencies that a graduate of a
program should have are called Graduate Attributes. The Attributes a graduating engineer should
have are generally identified by the Accreditation agency for Engineering and Technical
Education, namely, National Board of Accreditation (NBA) in India. The Graduate Attributes of
Engineering Programs as identified by NBA are
1. Engineering knowledge: Apply the knowledge of mathematics, science, engineering
fundamentals, and an engineering specialization to the solution of complex engineering
problems.
2. Problem analysis: Identify, formulate, research literature, and analyze complex engineering
problems reaching substantiated conclusions using first principles of mathematics, natural
sciences, and engineering sciences.
3. Design/development of solutions: Design solutions for complex engineering problems and
design system components or processes that meet the specified needs with appropriate
consideration for the public health and safety, and the cultural, societal, and environmental
considerations.
4. Conduct investigations of complex problems: Use research-based knowledge and research
methods including design of experiments, analysis and interpretation of data, and synthesis of
the information to provide valid conclusions.
5. Modern tool usage: Create, select, and apply appropriate techniques, resources, and modern
engineering and IT tools including prediction and modeling to complex engineering activities with
an understanding of the limitations.
6. The engineer and society: Apply reasoning informed by the contextual knowledge to assess
societal, health, safety, legal and cultural issues and the consequent responsibilities relevant to
the professional engineering practice.
7. Environment and sustainability: Understand the impact of the professional engineering
solutions in societal and environmental contexts, and demonstrate the knowledge of, and need
for sustainable development.
8. Ethics: Apply ethical principles and commit to professional ethics and responsibilities and
norms of the engineering practice.
9. Individual and team work: Function effectively as an individual, and as a member or leader in
diverse teams, and in multidisciplinary settings.
10. Communication: Communicate effectively on complex engineering activities with the
engineering community and with society at large, such as, being able to comprehend and write
effective reports and design documentation, make effective presentations, and give and receive
clear instructions.
11. Project management and finance: Demonstrate knowledge and understanding of the
engineering and management principles and apply these to one’s own work, as a member and
leader in a team, to manage projects and in multidisciplinary environments.
12. Life-long learning: Recognize the need for, and have the preparation and ability to engage
in independent and life-long learning in the broadest context of technological change.
PROGRAMME SPECIFIC OUTCOMES
On completion of the B.Tech Computer Science & Engineering degree the graduates will be able
to
PSO 1. Apply mathematical, conceptual knowledge of computing and analytical skills to solve
complex problems.
PSO 2. Design and develop computer systems based on the domains of cyber physical Systems,
Algorithm design Techniques and Enterprise systems security
PSO 3. Do innovative system design with analytical knowledge by developing modern tools and
techniques.
The Bloom’s Taxonomy is to be followed in curriculum development, courseware
development, planning and delivery of contents, Assessment, Mapping, Data Analysis and CQI
(Continuous Quality Improvement)
COURSE OUTCOMES (CO) Attainment

BTL
The student should be able to Threshold (%)
CO - 1 1.1. Apply the Audit and Audit trails techniques 3 60
CO - 2 1.2. Make use of monitoring and traffic analysis. 3 70

1. Have the desired knowledge on penetration testing and
CO - 3 3 60
vulnerability assessment
2.1 Apply the desired knowledge on penetration testing and
CO – 4 3 65
CO – 5 2. Come up with counter measure techniques 4 55
MAPPING OF COs with POs and PSOs
PROGRAMME OUTCOMES (PO) PSO

COURSE
S. No OUTCOMES
PO 11
PSO1
PSO2
PSO3
PO10
PO12
PO 7
PO 8
PO1
PO2
PO3
PO4
PO5
PO6
PO9
(CO)
1 CO-1 3 3 3 2 3 2 2 3 2 2 2 2 3 2 3
2 CO-2 3 3 3 2 2 1 1 2 1 2 2 2 3 1 1
3 CO-3 3 3 2 2 2 1 1 1 1 1 1 2 3 2 1
4 CO-4 3 3 3 2 3 2 2 3 2 2 2 2 3 1 3
5 CO-5 3 3 2 3 3 3 2 2 3 3 2 2 3 3 3
1 - Slight (Low) 2 - Moderate (Medium) 3 - Substantial

(High)
Justification of the mapping:
CO1 Appreciating the need of audit and audit trials to reinforce Engineering knowledge
(PO1), and this in turn helps in analyzing and solving problems (PO2) and designing
and developing solutions to complex engineering problems (PO3). It uses the research
based knowledge to investigate complex problems (PO4), insists in modern tool usage
(PO5), contextual knowledge to assess through Engg. Society (PO6), societal and
environmental contexts, and demonstrate the knowledge of, and need for sustainable
development (PO7), Apply ethical principles (PO8), Individual and team work (PO9),
Communicate effectively on complex engineering activities (PO10), Demonstrate
knowledge and understanding of the engineering and management principles (PO11)
and ability to engage in independent and life-long learning in the context of
technological change (PO12). It improves the ability to analyze basic concepts (PSO1)
and helps in developing software solution to varying complex problems (PSO2) and
applies computing and innovative idea using modern tools and techniques (PSO3).
CO2 Learn monitoring and traffic analysis to strengthen Engineering knowledge (PO1), and
this in turn helps in analyzing and solving problems (PO2) and designing and
developing solutions to complex engineering problems (PO3). It uses the research
CO3
To apply penetration testing and vulnerability assessment 1 to fortify Engineering
knowledge (PO1), and this in turn helps in analyzing and solving problems (PO2) and
designing and developing solutions to complex engineering problems (PO3). It uses
the research based knowledge to investigate complex problems (PO4), insists in
modern tool usage (PO5), contextual knowledge to assess through Engg. Society
(PO6), societal and environmental contexts, and demonstrate the knowledge of, and
need for sustainable development (PO7), Apply ethical principles (PO8), Individual
and team work (PO9), Communicate effectively on complex engineering activities
(PO10), Demonstrate knowledge and understanding of the engineering and
management principles (PO11) and ability to engage in independent and life-long
learning in the context of technological change (PO12). It improves the ability to
analyze basic concepts (PSO1) and helps in developing software solution to varying
complex problems (PSO2) and applies computing and innovative idea using modern
tools and techniques (PSO3).
CO4 To apply penetration testing and vulnerability assessment 2 techniques to reinforce
Engineering knowledge (PO1), and this in turn helps in analyzing and solving problems
(PO2) and designing and developing solutions to complex engineering problems
(PO3). It uses the research based knowledge to investigate complex problems (PO4),
insists in modern tool usage (PO5), contextual knowledge to assess through Engg.
Society (PO6), societal and environmental contexts, and demonstrate the knowledge
of, and need for sustainable development (PO7), Apply ethical principles (PO8),
Individual and team work (PO9), Communicate effectively on complex engineering
activities (PO10), Demonstrate knowledge and understanding of the engineering and
management principles (PO11) and ability to engage in independent and life-long
learning in the context of technological change (PO12). It improves the ability to
analyze basic concepts (PSO1) and helps in developing software solution to varying
complex problems (PSO2) and applies computing and innovative idea using modern
tools and techniques (PSO3).
CO5 Learn the Counter measure techniques to support Engineering knowledge (PO1), and
this in turn helps in analyzing and solving problems (PO2) and designing and
developing solutions to complex engineering problems (PO3). It uses the research
COURSE DELIVERY PLAN
Period Topic / Session topic Pertaining Instructional
Topic Learning Outcome
# CO/CLOs & Methods /
(TLO)
BTL Activities
Apply the principles of
Online Presentation
1 CO – 1 collection, recording,
Accountability – Demonstration
BTL -2 analysis and interpretation
using browser
of financial transactions
Apply the technique of Online Presentation
CO -1
2 Compliance compliance with laws & – Demonstration
BTL-2
external regulations using browser
Apply the methods used in
CO -1 events or procedures to
3 Audit Trails Group activity
BTL-2 provide support
documentation
Online Presentation
CO -1 Able to create reporting
4 Reporting timeline – Demonstration
BTL-2 timeline
using browser
Apply the principles of Online Presentation
5 CO -1
Record Retention storage, tracking and – Demonstration
BTL-2
maintenance of the records using browser
CO -1 Able to audit and what is
6 External Auditors Group activity
BTL-3 required external auditing
CO -1 Able to apply the law Online Presentation
7
Laws BTL-2 regulations for auditing – Seminar
Reporting of Identified
or Suspected Able to compliance with
CO -1
8 Noncompliance internal rules, regulations Group discussion
BTL-2
and procedures
Overview of Auditing
and Audit Trails CO -1 Review of Auditing and
9 Assessment
BTL-3 audit trails
Online Presentation
10 - Monitoring tools and CO -2 Able to use various tools
– Demonstration
14 Warning banner BTL-3 for monitoring
using browser
Able to analyze traffic

15 -
CO -2 such as speed, volume,
16 Traffic analysis Group activity
BTL-4 packets & utilization of the
total bandwidth
Able to analysis can be Online presentation
CO-2
17,18 Trend analysis used in developing robust
BTL-3
scenario content
Online Presentation
Customers and Legal Able to understand and
CO-3 – Demonstration
19, 20 Agreements, review legal agreements,
BTL-3 using browser
Rules of Engagement rules of engagement
Penetration Testing Able to create strategic Presentation –
CO-3
21, 22 Planning plan for performing Demonstration
BTL-3
penetration testing using browser
Pre-Penetration Able to review the Presentation –
CO-3
23 Testing Checklist checklist for the pre- Demonstration
BTL-3
penetration testing using browser
Information Gathering Able to analyze the SRS Presentation and
CO-3
24 document and evaluate demonstration
BTL-3
requirement using browser
Vulnerability Analysis Able to process of Presentation and
CO-3 defining, identifying, demonstration
19
BTL-3 classifying & prioritizing using browser
vulnerabilities
External Penetration Able to practice the Presentation and
Testing CO-3 assesses the externally demonstration
20
BTL-3 facing assets external using browser
penetration testing
Internal Network Presentation and
CO-4 Able to perform internal
21 Penetration Testing demonstration
BTL-3 network penetration testing
using browser
Penetration testing for CO-4 Able to perform Demonstration of
22
Denial of Service BTL-3 penetration testing for DoS DoS Attack
Presentation and
CO-4 Able to demonstrate
23 Password Cracking Demonstration in
BTL-3 password cracking
the browser
Presentation and
CO-4 Able to perform social
24 Social Engineering Demonstration in
BTL-3 engineering
the browser
Able to encrypt the data in Presentation and
Stolen Laptop, PDAs CO-4
25 laptop, PDA and Cell Demonstration in
and Cell phones BTL-3
Phones the browser
Presentation and
Application, Physical CO-4 Apply the application,
26 Demonstration in
Security BTL-3 physical security
the browser
Penetration testing on Able to perform Presentation and
CO-4
27 Database penetration test on the demonstration in
BTL-3
Database the browser
Presentation and
VoIP, VPN CO-4 Able to evaluate the
28 demonstration in
BTL-3 security on VoIP and VPN
the browser
Able to automatically scan Presentation and
War Dialing CO-4 a list of telephone numbers, demonstration in
29
BTL-3 usually dialing every the browser
number in a local area code
Virus and Trojan Able to identify the virus Presentation and
CO-4
30 Detection and Trojan codes injected demonstration in
BTL-3
in to the machine the browser
Presentation and
Log Management CO-4 Able to review the Log
31 demonstration in
BTL-3 report generated by system
the browser
CO-4 Able to evaluate the Presentation and
32 File Integrity Checking
BTL-3 Integrity of the file group activity
Able to determine the Presentation and
Bluetooth and CO-4 security mechanism in Demonstration
33
Handheld Device BTL-3 Bluetooth and handheld
devices
Testing on Group presentation
Able to simulate the testing
Telecommunication CO-4
34 of telecommunication and
and Broadband BTL-3
broadband communication
Communication
Able to perform security Demonstration and
CO-5
35 Email Security attacks and create rules for video tutorial
BTL-3
email security
Able to create security Presentation and
CO-5
36 Security Patches patches and control Demonstration
BTL-3
malicious attacks
CO-5 Able to learn Data Leakage Presentation
37 Data Leakage
BTL-3 and create solution
Penetration Testing Able to identify the Assignment
CO-5
38 Deliverables and deliverables in penetration
BTL-3
Conclusion testing
Penetration Testing Group activity
Able to create reports and
Report and CO-5
39 create documents of the
Documentation BTL-3
penetration testing
Writing
Presentation and
Penetration Testing CO-5 Able to review the
40 Quiz
Report Analysis BTL-3 penetration testing reports
CO-5 Able to perform post Presentation
41 Post Testing Actions
BTL-3 testing
Ethics of a Penetration CO-5 Able to learn the ethics of a Group discussion
42
Tester BTL-3 penetration testing on various Ethics
Able to learn Standards Presentation
Standards and CO-5
43 and compliance in Security
Compliance BTL-3
audits
FACULTY SIGNATURE HOD IQAC Co-coordinator

ASSESSMENT PLAN

Course Category: EE Total Duration (Hrs): 45
Assessment
Learning Outcome for Pertaining Corrective
Assessment # Cos
Method / Measurable Duration
Assessment Action
Activity
1.1 Able to apply the
<75
1 Audit and Audit trails CO1 Assignment Marks 2 Hrs
Resubmission
techniques
1.2 Able to use of
Internal <60 Repeat
2 monitoring and traffic CO2 Marks 1.5 Hrs
Assessment – I Exam
analysis.
1. Apply penetration Project <70 Repeat
3 testing and vulnerability CO3 Project demonstration demonstratio 2 Hrs
assessment. n
2.1 Apply the desired
knowledge on Internal <60 Submit as
4 CO4 Marks 1.5 Hrs
penetration testing and Assessment – II Assignment
2. Come up with counter Website <70 Re

5 CO5 MCQ 3 Hrs
measure techniques Presentation submission
Signature of the Instructor Signature of the HOD

School of Computing Sciences
Department of Computer Science & Engineering
IBS701 – INFORMATION SECURITY AUDIT & MONITORING

Question Bank
Category: Department Elective

Semester - III
Prepared by:
Dr. Renjith,
Associate Professor,
Module - 1 AUDITING AND AUDIT TRAILS
PART – A
(2 Marks)
Ques. No PART A CO BTL
1 Define Accountability. 1 1
2 List pillars of Accountability 1 2
3 Discuss about Compliance Audit. 1 2
4 Illustrate about performance appraisal. 1 2
5 Recall Risk mitigation. 1 1
6 List the effect of Non-compliance? 1 2
7 Audit Trail. 1 2
8 List the objectives of Internal Audit. 1 2
9 List various challenges in record retention. 1 2
10 Discussion the responsibilities of Auditor. 1 1
PART – B
Ques. No PART B CO BTL
1 Illustrate in detail on types of Audit. 1 3
2 Explain in detail on various techniques of Audit. 1 3
3 Write in detail on implications of Non-Compliance. 1 3
4 Explain in detail on objectives of Internal Audit. 1 2
5 Explain in detail on basis of promotion. 1 1

With example describe in detail on common challenges associated
6 1 2
with the performance measurement.
List various types of incentives offered in organization. Explain with
7 1 2
examples.
8 With a neat diagram explain the life cycle of Auditing. 1 2
Describe the auditor’s roles and responsibilities in identifying
9 1 2
Information security in accordance with Record management.
(i) Clarify the any four important qualities of records.
10 (ii) Describe the concept of levels of arrangement, giving an 1 1
example of each level.
Module-2 - MONITORING
PART A
Ques. No PART A CO BTL
1 Recall monitoring. 2 1
2 List various snipping tools. 2 2
3 Justify why Network Traffic Analysis is important? 2 2
4 Describe the method of Entity Tracking. 2 2
5 What is the need of warning banners? 2 1
6 With a neat diagram generate a 2 2
7 List various types of trend analysis techniques. 2 2
8 Rephrase about Weighted Moving Average method. 2 2
9 Explain the difference between 3DES, 3DESE. 2 2
10 Outline the need of Trend analysis. 2 1
PART B
Ques. No PART B CO BTL
1 Illustrate with a flow diagram on various phases of monitoring. 2 2
a) CTTS suspects that one of their employees, Ramya whose sudo
name is Ann Dercover, is really a secret agent working for their
competitor. Ramya has access to the company’s prize asset, the secret
2 recipe. Security staff are worried that Ramya may try to leak the 2 3
company’s secret recipe. As a Cyber security expert suggest the method
to investigate and control the intrusion.[5]
b) Enumerate the roles of External Auditor [5]
3 With a neat diagram explain the life cycle of Auditing. 2 2
Describe the auditor’s roles and responsibilities in identifying
4 2 2
Information security in accordance with Record management.
Elaborate on Trend Analysis. An organization monitors its attack from
2012 to 2019. Predict the trend of attack for the data given below
using Least Square Method.
Year Attacks
2012 56
2013 55
5 2 2
2014 51
2015 47
2016 42
2017 38
2018 35
2019 32
6 Describe in detail on various Traffic analysis method. 2 2
An organization year wise profit is listed below. Perform the trend
analysis using Weighted Moving Average Method.
Year 1 1
year 2 2
Year 3 3
2010 3
2011 3
7 2012 18 2 2
2013 16
2014 13
2015 11
2016 17
2017 19
2018 17
2019 16
2020 20
A year wise bug report of the organization is given below. Identify the
trend analysis using moving average method.
Year Bug
2002 13
2003 10
2004 11
2005 20
2006 14
2007 11
2008 1
8 2009 18 2 2
2010 3
2011 3
2012 18
2013 16
2014 13
2015 11
2016 17
2017 20
2018 14
2019 4
2020 8
9 Explain in detail about working of Warning banners. 2 2
Discuss the following in detail:
10 SNMP Scanning 2 2
Banner grabbing
UNIT 3 PENETRATION TESTING & VULNERABILITY ASSESSMENT -1
Ques.
PART A CO BTL
No
1 List down some factors that can cause security vulnerabilities. 3 1
2 Differentiate Vulnerability Scan, Risk Analysis, and Penetration Test? 3 2
3 Enumerate the phases of Network Penetration? 3 2
4 List the benefits that can be provided by an intrusion detection system. 3 2
5 Recall the term “Vulnerability”? 3 1
6 Compare the strengths and weakness of Windows and Linux? 3 2
7 Point out how SQL injection is done? 3 2
8 Justify the data protection with strong password. 3 2
9 List down parameters that define an SSL session connection. 3 2
10 List out common network security vulnerabilities. 3 1
Ques.
PART B CO BTL
No
1 With a neat diagram enumerate and explain the life cycle of penetration testing. 3 3
Write a short note on: 3
2 a) A global perspective on cyber crimes 2
b) Cyber-attacks with Keyloggers.
Explain various challenges posed by mobiles devices and their counter 3
3 2
measures.
4 Explain in detail mitigation techniques for DOS and DDOS attack. 3 2
Explain various types of cyber criminals. 3
5 1
Discuss types of stalker and their mitigation technique
Write a detailed note on: 3
6 i)Social Engineering 2
ii) LAN Security
How does an Anti-Virus Software works? How to eliminate Macro Threats. 3
7 3
Write the steps to be followed for protection of information.
Explain the use of computer image in data recovery. 3
8 2
Explain the mechanism for SQL Injection.
9 Create a Case Study on: Trojan horse and Ransom ware. 3 2
10 Analyze the verification methods used in Aadhaar 3 2
UNIT 4 - PENETRATION TESTING & VULNERABILITY ASSESSMENT -II
Ques.
PART A CO BTL
No
1 Point out the elements of cybersecurity? 4 1
2 Recall Cryptography. 4 2
3 Paraphrase about CIA? 4 2
4 Differentiate between IDS and IPS. 4 2
5 Infer on Traceroute. 4 1
6 Reframe briefly about data leakage? 4 2
7 Restate on brute force attacks. How to prevent it? 4 2
8 Recall on port scanning? 4 2
9 List down types of VPN? 4 2
10 What is MITM attack? 4 1
Q.No PART B CO BTL
i) During a security audit in an organization, FTP server is receiving the number of
incoming requests for connection is near or above 1,000 per second (1 kHz). Sooner,
1 the server stops working. Identify the type of attack and suggest a right tool and method 4 3
to stop this attack. [5]
ii) Are smartphones more vulnerable to cybercriminal attacks than laptops? Justify. [5]
How various wireless devices targeted by hackers in hacking the wireless network?
2 Explain operation of various hacking devices. 4 2
What is input validation attack?
How VoIP hacking is done by attackers? what are the counter measures for it?
3 4 2
Identifying wireless network defenses and counter measures.
Explain types of Intrusion Detection Systems (IDS).
4 4 2
List and explain any two password management practices.
Explain various active attacks in detail.
5 4 1
Illustrate with a neat diagram about VPN. Explain types of VPN?
Recall term social Engineering? What are the security threats that can emanate for
6 social networking sites? 4 2
Explain various types of phishing attacks and its countermeasures.
Define Piggybacking and Phishing.
7 4 2
Give the steps of operating system hardening.
a) With relevant diagram explain the various phases of handshake protocol.
8 b) Discuss sequence of steps involved during message exchange in user authentication 4 2
protocol of SSH.
explain the various specialized skill that should be available on demand in IT Security
9 market. 4 2
What is the significance of signature-based malware detection and list the limitations?
i) Demonstrate with a neat diagram on various stages of Pen Testing.[5]
ii) In an organization, Network Administrator identifies their official website has been
10 4 3
redirected to malicious website and customer’s information are stolen. As a Cyber
Security Engineer, identify the type of attack and suggest a countermeasure.[5]
UNIT 5 COUNTER MEASURES
Ques.
PART A CO BTL
No
1 Infer Email Security? 5 1
2 Recall packet Sniffing? 5 2
3 Paraphrase about CVS? 5 2
4 Differentiate between Firewall and IDS? 5 2
5 Compare Vulnerabilities and Pen testing. 5 1
6 Reframe briefly on Social Engineering. 5 2
7 Differentiate Patches and Updates. 5 2
8 Recall on Cookies Replay Attack. 5 2
9 List down few International Standards for Security? 5 2
10 List the importance of Documentation in Pen Testing? 5 1
Ques.
PART B CO BTL
No
1 Explain in detail on Ethics of a Penetration Tester. 5 3
a. Illustrate with neat diagram explain email security.
b. A company facing a few close misses with phishing emails. the company
2 5 3
realized they had no proper email security across the business. As a Cyber
security expert suggest a proper security mechanism.
3 Write in detail on Penetration testing report and Document writing. 5 2
4 Write in detail on Penetration Testing Deliverables and Conclusion. 5 2
A Cross Site Scripting vulnerability has been reported in Thembay Plugin of
Wordpress, a worldwide released software, which could allow a remote
attacker to execute arbitrary code (JavaScript) on the targeted system. A
5 5 1
remote attacker could exploit this vulnerability by sending a specially crafted
URL on the targeted system. As a security engineer, write your
recommendation to stop this vulnerability in detail.
a) How does PGP provide confidentiality and authentication service for e-mail
and storage applications? Draw the block diagram and explain its
6 5 3
components?
b) What are the functions provided by S/MIME? Explain in detail.
a) Explain the steps involved in Pen Testing analysis.
7 5 2
b) Illustrate the vulnerability analysis data collection process.
Explain in detail on copy right, trade secret, patent, contract and trade mark?
8 5 2
Give examples.
9 Explain in detail on Post Testing Actions. 5 2
i) Demonstrate any 5 password cracking techniques.[5]
ii) As per recent research, Attackers have a high interest in targeting e-
10 commerce websites with valuable customer data (i.e., credit card and user 5 3
information). Suggest security measures to prevent website getting
hacked.[5]
MCQ
Q 1.With the help of what tools, IT auditor can plan for 100 percentage substantive testing
A. CAAT
B. ERP
C. COBIT
D. Manual
Q 2. CAAT tools are used by the Auditor to perform Substantive Testing. CAAT stands for.
A. Computer Aided Audit Technique
B. Computer Aided Audit Tools
C. Computer Assisted Audit Technique
D. Computer Accounting and Auditing Technique
Q 3. By auditing around the computer we mean

a. the inputs and the corresponding outputs are compared and checked for correctness
b. the programs and procedures are checked for correctness
c. special synthetic data is input and outputs checked for correctness
d. programs are written to check the functioning of the computer hardware
Q 4. By auditing with a computer we mean

Q 5. By auditing through the computer we mean

QIO. Which CAT tool facilitate real time notification display of messages on the auditor
terminal
A. Snapshot
B. SCRAF
c. CIS
D. Audit Hook
Q 7. In an organisation Auditor wants to collect evidences based on system user profiles CAIT
can be used by the auditor to achive the objective which
a) CIS
b) Audit Hooks
c) Audit Trails
d) SCARF
Q 8. To perform IS audit IS Auditor must possess a good skills set ;in reference to this identify
the wrong statment
A. Should have Knowledge of IT policies
B. Should have Knowledge of IT ACT
c. Should be Able to understand BCP controls to organisation
D. Must possess CA degree
Q 9. Risk-control-Matrix is developed in which step of IS audit

A. Analysis
B. Planning
c. Fieldwork
D. Reporting
Q15. The objectives of IT audit include

A. Ensures asset safeguarding
B. Ensures that the attributes of data or information are maintained
c. Both (a) and (b)
QII. Which one is not the objective of Audit Trail.

A. Audit trail promote Personal Accountability
B. Audit detect Unauthorized Access
c. to promote good internal control
D. Audit trail facilitate reconstruction of events
Q 12. Auditor uses SCARF to collect various information; what does SCARF stands for
a) System Control Audit review file
b) System Control Audit review facility
c) Software control Auditor's review file
d) Software contol Auditors's review facility
Q13. Which one is not Audit preformed during system development process
A. Concurrent audit
B. Pre-implementation Audit
c. Post-Implementation Audit
D. General Audit
Q14. IT audit is the process of collecting and evaluating evidence to determine

A. Whether a computer system safeguards assets
B. Whether maintains data integrity
c. Whether allows organisational goals to be achieved effectively and uses resources efficiently
D. All of the above
Q16.Failing to detect a material error would represent which type of risk?
A. Overall Audit Risk
B. Detection Risk
c. Inherent Risk
D. Control Risk
Q17. Which is one of the bigger concerns regarding asset disposal?

A. Residual Asset Value
B. Employees taking disposed property home
c. Standing data
D. Environmental Regulations
Q18. Audit Trail is an example of control

A. Detective
B. Application
C. Preventive
D. Correction
Q 19. Which one is not a Boundary control audit trail .

a) Resources requested
b) No of sign on attempts
c) Authentication of information supplied
d) Time and date of printing output
Q20. Which among the following is not a compliance test as related to IT environment
a. Determining whether passwords are changed periodically.
b. Determining whether systems logs are reviewed
c. Determining whether program changes are authorised.
d. Reconciling account balances
Q25. Auditing of information systems is primarily required to ensure the

(i)all input records are correct and are included in processing
(ii)the system has ample protection against frauds
(iii)the processing performance is reliable
(iv)the system is developed at low cost
Q. 21. Which among the following is not a limitation in IT Audit

A. Data used not from production environment
B. If these is only production environment and audit could not test dummy data
C. "Read only Access" given to audit
D. None of the above
Q22. The type of audit evidence which the auditor should consider using in IT audit includes
A. Observed process and existence of physical items
B. Documentary audit evidence excluding electronic records
C. Analysis excluding IT enabled analysis
D.None of the above
Q 23. What is the commonly used example of generalised audit software?
A. CAAT
B. IDEA
c. COBIT
Q 24.A higher risk of system violation happens where

A. The audit module is not operational
B. The audit module has been disabled
c. The audit module is not periodically reviewed
D. All of the above
Q 26. In which type of IT Audit Auditor ensure that it management has developed a controlled
environment for information processing
A. System and Application
B. System development
c. Information processing facility
D. Management of IT and Enterprise Architecture
27. Which among the following is true as to Audit Reporting

A. Normal reporting format is not adhered to in the case of IT Audit
B. In IT audit, the base of the focus is the system
c. In IT audit the audience for the report should normally be ignored
Q 28. In case of outsourcing IT activities the IT auditor should

A. Review the policies and procedures which ensure the security of the financial data
B. Obtain a copy of the contract to determine if adequate controls have been specified
C. Ensure that audit needs are taken into account and included in the contracts
D. All of the above
Q 29. What is the characteristic of control'

A. Minimise the impact of a threat
B. Use controls that detect and report the occurrence of an error, omission or malicious act.
c. Detect problems before they occur
Q30. Which one is not a continuous audit technique

A. Continuous ans intermittent simulation
B. SCRAF
c. Cobit
D. snapshot
Q31. The security goals of the organization do not cover

A. Confidentiality
B. Probability and impact of occurrence of Risk
c. Availability
D. Integrity
Sl.No Question CO BTL
1 Explain the types of attacks. 1 2
2 Describe various security approaches. 1 2
3 Explain the need and principles of security. 1 4
4 Describe DES symmetric key cryptography algorithm. 1 4
5 Explain various substitution techniques. 1 3
6 Explain various transposition techniques. 1 4
7 What is digital certification? How it can be achieved? 1 4
8 Explain secure socket layer. 1 1
9 What are the security aspects attached to Electronic money? 2 2
10 Explain the need and types of firewall. 2 2
11 What is virtual private network? 2 1
12 Write about biometric authentication. 2 4
13 Describe the Kerberos system. 2 2
14 Write the issues in Email security 2 1
15 Write the issues in web security. 2 3
16 Write the issues in GSM security. 2 4
17 How user authentication can be done with authentication token? 3 3
18 What is secure electronic transaction and how it can be achieved? 3 4
How key management is done in case of symmetric and asymmetric
19
cryptography? 3 2
20 Describe IDEA(International data encryption algorithm). 3 4
21 Describe RC5 algorithm. 3 3
22 Describe blowfish algorithm. 3 2
23 Describe AES(Advance encryption standard) algorithm. 3 3
24 Write a note on secure hypertext transfer protocol. 3 2
25 What is a virus? 4 4
Explain the following 4 1
26 1. Replay attack 4 4
2. Denial of service attack 4 1
27 What is cryptanalysis? 4 3
What is encryption and decryption? Draw block diagram that shows
28
encryption and decryption. 4 3
29 Explain one time pad and why it is secure? 4 3
30 Describe two types of cryptographic algorithms. 4 4
31 Explain electronic code book mode. 4 4
32 Explain cipher block chaining mode. 4 4
33 Explain cipher feedback mode. 5 4
34 Explain output feedback mode. 5 1
35 Describe the variations of DES (Data Encryption standard). 5 2
What is the difference between authentication, integrity,
36
confidentiality and nonrepudiation? 5 1
What are the issues in information security and network security?
37
How they can be solved? 5 3
Generate public key and private key in case of RSA algorithm if two
38
prime numbers giver are 5 and 7. p=5 and q=7. 5 1
39 Explain the different methods to generate random numbers. 5 4
40 Write a note on XML and security. 5 2
Consider the following: Plaintext: “KEY” Secret key:
41
“CRYPTOGRAPHY” Compute the cipher text from given plain text
and key using hill cipher method 5 2
Explain the model for network security.
a) Explain the transposition techniques.
42
b) What are the advantages of steganography comparing with
cryptography? 5 1
43 Explain the AES algorithm. 5 3
Write short notes on key distribution.
44 In an RSA system, the public key of a given user is e=31, n=3599.
What is the private key of this user? 5 1
45 Explain whirlpool algorithm. 5 4
46 Explain X.509 authentication service. 5 2
i) During a security audit in an organisation, FTP server is receiving
the number of incoming requests for connection is near or above 1,000
per second (1 kHz). Sooner, the server stops working. Identify the type
47. of attack and suggest a right tool and method to stop this attack. [5] 2 4
ii) Are smartphones more vulnerable to cybercriminal attacks than

laptops? Justify. [5]
i) Demonstrate with a neat diagram on various stages of Pen
Testing.[5]
ii) In an organization, Network Administrator identifies their official
48. 2 3
website has been redirected to malicious website and customer’s
information are stolen. As a Cyber Security Engineer, identify the type
of attack and suggest a countermeasure.[5]
i) A vulnerability has been reported in Thembay Plugin of Wordpress,
a worldwide released software, which could allow a remote attacker to
execute arbitrary code (JavaScript) on the targeted system. A remote
49. attacker could exploit this vulnerability by sending a specially crafted 2 4
URL on the targeted system. As a security engineer, write your
recommendation to stop this vulnerability in detail.[5]
ii) With a neat diagram explain in detail on DDOS attack.[5]
VII SEM - Nominal Roll
Sl.No Reg.No Name of the Student

1 17113034 ELIJAH JOHN STEPHEN
2 17113143 VELPUCHARLA LAHARI
3 17113255 DINESH UDAYAN
4 17113258 THANUJA SUTRADHAR
5 17113080 POSHINI GANESH KUMAR
6 17113084 KEERTHI REDDY C
7 17113086 SIRISHMA PUDOTA
8 17113088 GAURAV A AGARWAL
9 17113122 SHIVANANDHAM J S
10 17113123 GOKUL B
11 17113126 MADDUR KASI YATHENDRA SHARMA
12 17113259 V MOHANISH
13 17115002 PAVITHRA H
14 17115003 PAMARTHI NIRANJAN BABU
15 17115005 R KARTHIKEYAN
16 17134001 JOE MARTIN J
17 17134002 SULMAN FAROOQ S.
18 17134007 NIKHIL GEORGE RINKU
19 17134011 MOHAMED RISWAN M
20 17134012 AJAY D KUMBLE
21 17134013 AKKASH BABU N S
22 17134014 MOHAMED ASLAM H
23 17134017 MOHAMED YAHIYA S
24 17134020 BHARAT KUMAR S
Assignment – I
1. Demonstration of Penetration Testing using Automated Open-Source Software
Assignment - II
2. Presentation of recent security breaches and how to overcome such attacks.

INTERNAL EXAMINATION QUESTION PAPERS
HINDUSTAN INSTITUTE OF TECHNOLOGY AND SCIENCE

Sub. Code : IBS701 - INFORMATION SECURITY AUDIT & MONITORING
I PERIODICAL EXAMINATION
DEPT COMPUTER SCIENCE AND ENGINEERING SEM VII
SECTION DATE 10/09/2020
MAX
DURATION 50 Mins 30
MARKS
QUESTIONS
QUESTION PART-A (10 X 1 MARKS = 10 MARKS)-MCQ

CO BTL Marks
NO.
Centralization of power at one level is called

a) Personable
1 b) Delegation 1 2 1
c) responsibility
d) ambassador
are malicious script or device that catch the vital data from
the system or network
a) network-tapping
2 2 2 1
b) NNTP
c) Sniffers
d) NIC cracker
are those gadgets which can be connected to your system
at the physical level and it can screen traffic.
a) Decentralisation tools
3 2 2 1
b) Hardware protocol analyzers
c) universal connection tools
d) configuration mgmt tools
Identify the non MIMT tool
a) Look@LAN
4 b) Dude Sniffer 2 2 1
c) Wireshark
d) Maltego
When you are accountable, _____________
5 1 2 1
a) People feel like they can depend on you.
b) People feel like they can take advantage of you.
c) You are often treated unfairly
d) You make excuses for your behavior.
Using Wireshark we can
a) track Username
6. b) find IP Address 2 2 1
c) Follow TCP/UDP streams
d) All of the above
___________ are the basics of scam.
a) the announcement is false
7. b) There is a plan to mislead the person in question 1 1 1
c) The casualty is harmed monetarily
d) All the above
Lead Auditor responsible all the task below EXCEPT
a) Submit Audit Findings to DOE
8. b) Preparing the Audit report 1 1 1
c) Provides PPE
d) Allocate tasks and responsibilities to audit team
When the Director of an organization ought to an Audit?
a) During Emergency General Meeting
9. b) Before First Annual General Meeting 1 1 1
c) Every Annual General Meeting
d) After Board of Directors Meeting
A gathering of PCs that is organized together and utilized by
hacker to take data is known as a
a) Rootkit
10. 2 2 1
b) DDoS
c) Rootkit
d) Botnet
QUESTION PART B ( 2 X 10 MARKS = 20 MARKS)

CO BTL Marks
NO. Assignment Type -No choice
a) CTTS suspects that one of their employees, Ramya whose

sudo name is Ann Dercover, is really a secret agent working for
their competitor. Ramya has access to the company’s prize
asset, the secret recipe. Security staff are worried that Ramya
11. 1 4 10
may try to leak the company’s secret recipe. As a Cyber security
expert suggest the method to investigate and control the
intrusion.[5]
b) Enumerate the roles of External Auditor [5]
Elaborate on Trend Analysis. An organization monitors its
attack from 2012 to 2019. Predict the trend of attack for the
data given below using Least Square Method.
12. 2 3 10
Year Attacks
2012 56
2013 55
2014 51
2015 47
2016 42
2017 38
2018 35
2019 32
Sub. Code: IBS701 - INFORMATION SECURITY AUDIT & MONITORING
II PERIODICAL EXAMINATION
SECTION IBM Cyber Security DATE /10/2020
MAX
DURATION 50 Mins 30
MARKS
QUESTIONS
QUESTION
PART-A (10 X 1 MARKS = 10 MARKS)-MCQ CO BTL Marks
NO.
___________ has now evolved to be one of the most popular

automated tools for unethical hacking.
1 a) Automated apps 3 2 1
b) Database software
c) Malware
d) Worms
Leaking your company data to the outside network without
prior permission of senior authority is a crime.
2 2 2 1
a) True
b) False
Before performing any penetration test, through legal
procedure, which key points listed below is not mandatory?
a) Know the nature of the organization
3 2 2 1
b) Characteristics of work done in the firm
c) System and network
d) Type of broadband company used by the firm
After performing ____________ the ethical hacker should
never disclose client information to other parties.
a) hacking
4 3 2 1
b) cracking
c) penetration testing
d) exploiting
A penetration tester must identify and keep in mind the
___________ & ___________ requirements of a firm while
evaluating the security postures.
5 3 2 1
a) privacy and security
b) rules and regulations
c) hacking techniques
d) ethics to talk to seniors
An attack that exploits a vulnerability that developers have
not had time to address and patch; it is called this because
the developer/programmer has had 0 days to fix the
vulnerability.
6. 3 2 1
RAID (Redundant Array of Independent Disks)
NDA (Non-Disclosure Agreement)
0 Day Attack (Zero Hour, Zero Day, or Day Zero Attack)
Pen Test (Penetration Test)
An IT product or system that is being evaluated or security
tested.
7. Target of Evaluation (ToE) 2 1 1

Tailgating
Pen Test (Penetration Test)
Denial-of-Service (DoS)
When an attacker follows closely behind someone with
appropriate clearance and access (key card, etc.), who opens
a gate or door, in order to gain physical access to a secure
area.
8. 2 1 1
Baiting
Phishing
Threat
Tailgating
When a company's employees are targeted in an attempt to
gain access to the company's system; this can include
pyschological manipulation, simple diversion, phishing,
baiting, tailgaiting and the use of "confidence men" or con-
artists.
9. 3 1 1
Tailgating
CORRECT: Social Engineering
CIA Triad
White Box Testing
A method of security testing in which a tester is not affiliated
with the designer, and has no knowledge of the system being
tested. (This is close to what it would be like to be hacked by
a non-ethical hacker.)
10. 3 2 1
CORRECT: Black Box Testing
Baiting
Gray Box Testing
White Box Testing
CO BTL Marks
i) During a security audit in an organisation, FTP server is

receiving the number of incoming requests for connection is
near or above 1,000 per second (1 kHz). Sooner, the server stops
working. Identify the type of attack and suggest a right tool and
11. method to stop this attack. [5] 2 4 10
ii) Are smartphones more vulnerable to cybercriminal attacks

than laptops? Justify. [5]
i) Demonstrate with a neat diagram on various stages of Pen
Testing.[5]
ii) In an organization, Network Administrator identifies their
12. official website has been redirected to malicious website and 3 3 10
customer’s information are stolen. As a Cyber Security
Engineer, identify the type of attack and suggest a
countermeasure.[5]
Sub. Code: IBS701 - INFORMATION SECURITY AUDIT & MONITORING
III PERIODICAL EXAMINATION
SECTION IBM Cyber Security DATE /11/2020
MAX
DURATION 50 Mins 30
MARKS
QUESTIONS
QUESTION
PART-A (10 X 1 MARKS = 10 MARKS)-MCQ CO BTL Marks
NO.
1. Which of the following is often one of the most overlooked

areas of security?
A. Operational
1 B. Technical 4 2 1
C. Internet
D. Physical
Option D.
2. Which area of security usually receives the least amount of
attention during a penetration test?
A. Technical
2 4 2 1
B. Physical
C. Operational
D. Wireless
Option B.
Which type of access allows passwords stored on a local
system to be cracked?
A. Physical
3 4 2 1
B. Technical
C. Remote
D. Dial-in
Option A.
Which of the following key lengths would be considered
uncrackable? (Choose all that apply.)
4 A. 512 4 2 1
B. 256
C. 128
D. 64
Options A, B.
What type of attack can be performed once a hacker has
physical access?
A. Finding passwords by dumpster diving

5 B. Stealing equipment 5 2 1
C. Performing a DoS attack
D. Session hijacking
Option B.
Of the following, which are common commercial Linux
distributions?
A. SUSE, Knark, and Red Hat

6. B. SUSE, Adore, Debian, and Mandrake 5 2 1
C. SUSE, Debian, and Red Hat
D. SUSE, Adore, and Red Hat
Option C.
Which of the following tools bypasses a firewall by sending
one byte at a time in the IP header?
A. Honeyd
7. B. Nessus 5 1 1
C. Covert_TCP
D. 007 shell
Option C.
What is a reverse WWW shell?
A. A web server making a reverse connection to a firewall

B. A web client making a connection to a hacker through the
firewall
8. 5 1 1
C. A web server connecting to a web client through the
firewall
D. A hacker connecting to a web server through a firewall
Option B.
What type of program is Snort?
A. NIDS
B. Sniffer, HIDS, and traffic-logging tool
9. 4 1 1
C. Sniffer and HIDS
D. NIDS and sniffer
Option B.
How many keys are needed for symmetric key encryption?
10. 5 2 1
A. 1
B. 2
C. 3
D. 4
Option A.

CO BTL Marks
A Cross Site Scripting vulnerability has been reported in

Thembay Plugin of Wordpress, a worldwide released software,
which could allow a remote attacker to execute arbitrary code
11 (JavaScript) on the targeted system. A remote attacker could 2 3 10
exploit this vulnerability by sending a specially crafted URL on
the targeted system. As a security engineer, write your
ii) As per recent research, Attackers have a high interest in

12 3 3 10
targeting e-commerce websites with valuable customer data
(i.e., credit card and user information). Suggest security
measures to prevent website getting hacked.[5]
CO BTL Marks
A Cross Site Scripting vulnerability has been reported in

Thembay Plugin of Wordpress, a worldwide released software,
which could allow a remote attacker to execute arbitrary code
11. (JavaScript) on the targeted system. A remote attacker could 5 4 10
exploit this vulnerability by sending a specially crafted URL on
the targeted system. As a security engineer, write your
ii) As per recent research, Attackers have a high interest in
12. targeting e-commerce websites with valuable customer data 4 3 10
(i.e., credit card and user information). Suggest security
measures to prevent website getting hacked.[5]
CIA – I
PART - CO2- Total

Reg.No First Name Last Name A CO1 -11 12 Marks
17113034 Elijah Stephen 9 9 10 28
17113080 Poshini Ganeshkumar 7 8 9 24
17113084 Keerthi Reddy 6 7 7 20
17113086 Sirishma Pudota 6 9 10 25
17113088 Gaurav Agarwal 3 7 7 17
17113122 shiva nandham 8 8 8 24
17113123 Gokul B 7 8 8 23
KASI
17113126 YATHENDRA SHARMA 8 9 10 27
17113143 Velpucharla Lahari 8 10 9 27
17113255 Dinesh Udayan 7 9 9 25
17113258 Tanuja Sutradhar 7 9 10 26
17113259 Mohanish Venkatesh 7 9 10 26
17115002 Pavitra Haridoss 8 10 9 27
17115003 Niranjan Pamarthi 5 8 8 21
17115005 Karthikeyan Ravishankar 8 7 7 22
17134001 Joe Martin 6 8 8 22
17134002 Sulman Farooq 5 9 8 22
17134007 Nikhil George 7 7 7 21
17134011 Mohamed Riswan 7 8 8 23
17134012 Ajay Kumble 7 7 7 21
17134013 Akkash Babu 5 8 8 21
Mohamed
17134014 Aslam H 7 9 8 24
17134017 Mohamed Yahiya 5 9 10 24
17134020 Bharath Kumar 6 9 9 24
No. of
student % of
Cos Threshold attained Attainment
CO1 75 19 79.16667
CO2 65 19 79.16667
CA1
90
80
70
60
50
40
30
20
10
0
Threshold % of Attainment
CO1 CO2
CIA-2
Out
SL. Out Out of of
No Reg. No Name PART A CO2 -11 CO3 - 12 of 30 100 50
1 17113034 Elijah Stephen 9 9 10 28 94 47
Poshini
2 17113080 Ganeshkumar 8 9 10 27 90 45
3 17113084 Keerthi Reddy 9 9 9 27 90 45
4 17113086 Sirishma Pudota 9 9 10 28 94 47
5 17113088 Gaurav Agarwal 9 10 9 28 94 47
6 17113122 shiva nandham 10 8 8 26 87 43
7 17113123 Gokul B 7 8 9 24 80 40
KASI
YATHENDRA
8 17113126 SHARMA 8 10 9 27 90 45
Velpucharla
9 17113143 Lahari 8 9 9 26 87 43
10 17113255 Dinesh Udayan 8 8 7 23 77 38
Tanuja
11 17113258 Sutradhar 10 10 9 29 97 48
Mohanish
12 17113259 Venkatesh 9 9 9 27 90 45
13 17115002 Pavitra Haridoss 9 9 10 28 94 47
Niranjan
14 17115003 Pamarthi 7 9 9 25 84 42
Karthikeyan
15 17115005 Ravishankar 9 8 9 26 87 43
16 17134001 Joe Martin 8 8 8 24 80 40
17 17134002 Sulman Farooq 9 9 9 27 90 45
18 17134007 Nikhil George 8 8 8 24 80 40
Mohamed
19 17134011 Riswan 9 8 9 26 87 43
20 17134012 Ajay Kumble 9 9 8 26 87 43
21 17134013 Akkash Babu 10 9 9 28 94 47
Mohamed Aslam
22 17134014 H 10 8 9 27 90 45
Mohamed
23 17134017 Yahiya 9 9 9 27 90 45
24 17134020 Bharath Kumar 6 8 9 23 77 38
% of
CO Threshold Attainment No. of students attained attainment
CO2 70 24 100%
CO3 60 24 100%
CIA - 2
80
70
60
50
40
30
20
10
0
Threshold Attainment No. of students attained % of attainment
CO2 CO3
CIA – 3
Sl. No Reg. No Name PART A 11- CO5 12-CO4 PART B OUT OF 30

1 17113034 Elijah Stephen 9 9 10 19 28
2 17113080 Poshini Ganeshkumar 10 9 9 18 28
3 17113084 Keerthi Reddy 10 9 9 18 28
4 17113086 Sirishma Pudota 9 9 10 19 28
5 17113088 Gaurav Agarwal 10 9 5 14 24
6 17113122 shiva nandham 10 7 7 14 24
7 17113123 Gokul B 7 10 9 19 26
8 17113126 KASI YATHENDRA SHARMA 10 8 8 16 26
9 17113143 Velpucharla Lahari 10 9 9 18 28
10 17113255 Dinesh Udayan 10 9 9 18 28
11 17113258 Tanuja Sutradhar 9 10 9 19 28
12 17113259 Mohanish Venkatesh 10 8 8 16 26
13 17115002 Pavitra Haridoss 10 9 10 19 29
14 17115003 Niranjan Pamarthi 7 9 8 17 24
15 17115005 Karthikeyan Ravishankar 10 8 8 16 26
16 17134001 Joe Martin 10 8 8 16 26
17 17134002 Sulman Farooq 5 8 7 15 20
18 17134007 Nikhil George 8 8 8 16 24
19 17134011 Mohamed Riswan 10 9 9 18 28
20 17134012 Ajay Kumble 10 9 9 18 28
21 17134013 Akkash Babu 9 9 10 19 28
22 17134014 Mohamed Aslam H 9 9 8 17 26
23 17134017 Mohamed Yahiya 10 9 9 18 28
24 17134020 Bharath Kumar 10 6 5 11 21
Students % of
COS Threshold Attained Attainment
CO5 65 22 91.66666667
CO4 55 23 95.83333333
CIA - 3
120
100
80
60
40
20
0
Threshold % of Attainment
CO5 CO4
CUMMULATIVE INTERNAL MARKS
I II III
Sl.N Name of the INTERN INTERN INTERN ASSIGNME ATTENDAN INTERN
o Reg.No Student AL AL AL NT CE AL
171130 ELIJAH JOHN
1 19 19 28 19 10 95
34 STEPHEN
171131 VELPUCHARL
2 19 19 28 19 10 95
43 A LAHARI
171132 DINESH
3 18 19 28 19 10 94
55 UDAYAN
171132 THANUJA
4 19 19 28 19 10 95
58 SUTRADHAR
POSHINI
171130
5 GANESH 19 19 28 19 10 95
80
KUMAR
171130 KEERTHI
6 19 19 28 10 10 86
84 REDDY C
171130 SIRISHMA
7 19 19 28 19 10 95
86 PUDOTA
171130 GAURAV A
8 18 18 24 19 9 88
88 AGARWAL
171131 SHIVANANDH
9 17 18 24 19 9 87
22 AM J S
171131
10 GOKUL B 18 19 26 18 10 91
23
MADDUR
171131 KASI
11 18 18 26 19 10 91
26 YATHENDRA
SHARMA
171132
12 V MOHANISH 18 19 26 19 10 92
59
171150
13 PAVITHRA H 19 19 28 19 10 95
02
PAMARTHI
171150
14 NIRANJAN 17 18 24 10 10 79
03
BABU
171150 R
15 18 19 26 19 10 92
05 KARTHIKEYAN
171340
16 JOE MARTIN J 19 17 26 16 8 86
01
171340 SULMAN
17 19 18 25 19 9 90
02 FAROOQ S.
NIKHIL
171340
18 GEORGE 19 19 26 19 10 93
07
RINKU
171340 MOHAMED
19 18 18 28 19 10 93
11 RISWAN M
171340 AJAY D
20 18 19 28 17 10 92
12 KUMBLE
171340 AKKASH BABU
21 19 19 28 19 10 95
13 NS
171340 MOHAMED
22 19 18 26 18 10 91
14 ASLAM H
171340 MOHAMED
23 19 19 28 19 10 95
17 YAHIYA S
171340 BHARAT
24 17 17 21 16 8 79
20 KUMAR S
SAMPLE ANSWER SHEETS
CIA – I
https://drive.google.com/drive/folders/1pXdEIEUNW3-
Qxw_qA7s_L3NEE8isNEvZ?usp=sharing
CIA – 2
https://drive.google.com/drive/folders/1DfjuqTVa30rjQQSLUeheMGR8ZlpZrl1g?usp=sha
ring
CIA – 3
https://drive.google.com/drive/folders/1l9yZb9mkGRNVv1TGR-
pIrQw7zWSZdcwD?usp=sharing
COURSE MATERIAL
https://drive.google.com/drive/folders/1enzo4AvFl3guD7FNxaOmXwBf7g1LsWLm?usp=s
haring
Innovative teaching practices in TLP

1. Handled live pen testing session with various tools
2. Students did several Pen Testing using open-source tools
3. Conducted debate on security issues on mobile
Assignments/MCQs/SurpriseTest/Quiz etc.
Points of appreciation and novelty
1. Trained the students to install virtual box and work with Kali Linux for penetration testing
2. Deployed several executables for identifying the vulnerabilities
3. Worked with Nessus Community version for vulnerability detection and immediate report
generation.
4. Conducted Technical Webinar for the students to enrich their knowledge on Penetration
testing.
Points for improvement and Future planning

1. We will plan to create a framework or platform that will enrich the systems to respond to
phishing attacks and prevents the users from clicking phishing mails or links.
2. Creating a Vulnerability detection and protection application that will help the users from
major attacks.
COURSE EXIT SURVEY
1. Quality of the course content
50
40
30
20
10
0
Excellent Very Good Good Satisfactory Poor
2. For the number of credits and course workload was
60
40
20
0
3. Relevance of the text book of the course
50
40
30
20
10
0
4.Were the lectures clear/well organized and presented at reasonable pace?
80
60
40
20
0
4. Did the lectures stimulate intellectually?
100
80
60
40
20
0
5. What approaches/aids would facilitate your learning?
60
50
40
30
20
10
0
6. Did the tutorials in class room helps you to understand how to take the problems
80
60
40
20
0
7. Is the grading scheme clearly outlined and reasonable/fair
100
80
60
40
20
0
.
CONTINUOUS QUALITY IMPROVEMENT – CQI REPORT
(COURSE DELIVERY)

Course Category: DE Total Duration (Hrs): 45
Challenges/Issues in
Topics Suggestion for CQI CQI Remarks
achieving CLO
Penetration Course Delivery
Additional lecture
Testing & 9 Hrs of duration not Plan can
hours may be allotted
Vulnerability sufficient incorporate the
and Follow-up Classes
Assessment -1 same
Additional Tutorial Course Delivery
Security Understanding is low since
classes can be Plan can
Patches, Data algorithms are very
conducted incorporate the
Leakage abstract.
same
INSTRUCTOR COORDINATOR (CQI) HOD IQAC COORDINATOR

Information Security Audit and Monitoring Course File

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Information Security Audit and Monitoring Course File

Uploaded by

Copyright:

Available Formats

SCHOOL OF COMPUTING SCIENCES

DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING

IBS701 - INFORMATION SECURITY AUDIT & MONITORING

Academic Year: 2020-2021 Department: CSE

2 Programme Educational Objectives (PEOs), Programme

4 Course Outcomes (Cos) with POs and mapping

5 Course Delivery Plan (CDP)

11 Continuous Internal Assessment (CIA) Question Papers with

13 Course Outcome Attainment

14 Innovative teaching practices in TLP

15 MCQ / Surprise Test

16 Points of appreciation and novelty & Points for improvement and

18 Continuous Quality Improvement report (CQI)

To Make Every Man a Success and No Man a Failure.

• To create an ecosystem that promotes learning and world class research.

PROGRAMME OUTCOMES (POs)

1. Engineering knowledge: Apply the knowledge of mathematics, science, engineering

UNIT 1 AUDITING AND AUDIT TRAILS 9

Accountability, Compliance, Audit Trails, Reporting timeline, Record Retention, External

UNIT 3 PENETRATION TESTING & VULNERABILITY ASSESSMENT -1 9

UNIT 4 PENETRATION TESTING & VULNERABILITY ASSESSMENT -2 9

UNIT 5 COUNTER MEASURES 9

Information Security Audit & Monitoring (IBM ICE Publication)

Academic Year: 2020-2021 Department: CSE

PROGRAMME SPECIFIC OUTCOMES

COURSE OUTCOMES (CO) Attainment

CO - 1 1.1. Apply the Audit and Audit trails techniques 3 60

CO - 2 1.2. Make use of monitoring and traffic analysis. 3 70

MAPPING OF COs with POs and PSOs

PROGRAMME OUTCOMES (PO) PSO

1 - Slight (Low) 2 - Moderate (Medium) 3 - Substantial

Able to analyze traffic

FACULTY SIGNATURE HOD IQAC Co-coordinator

Academic Year: 2020-2021 Department: CSE

2. Come up with counter Website <70 Re

Signature of the Instructor Signature of the HOD

Department of Computer Science & Engineering

IBS701 – INFORMATION SECURITY AUDIT & MONITORING

Category: Department Elective

2 List pillars of Accountability 1 2

3 Discuss about Compliance Audit. 1 2

4 Illustrate about performance appraisal. 1 2

5 Recall Risk mitigation. 1 1

6 List the effect of Non-compliance? 1 2

8 List the objectives of Internal Audit. 1 2

9 List various challenges in record retention. 1 2

10 Discussion the responsibilities of Auditor. 1 1

1 Illustrate in detail on types of Audit. 1 3

2 Explain in detail on various techniques of Audit. 1 3

3 Write in detail on implications of Non-Compliance. 1 3

4 Explain in detail on objectives of Internal Audit. 1 2

5 Explain in detail on basis of promotion. 1 1

Q 3. By auditing around the computer we mean

Q 4. By auditing with a computer we mean

Q 5. By auditing through the computer we mean

Q 9. Risk-control-Matrix is developed in which step of IS audit

Q15. The objectives of IT audit include

QII. Which one is not the objective of Audit Trail.

Q14. IT audit is the process of collecting and evaluating evidence to determine

Q17. Which is one of the bigger concerns regarding asset disposal?

Q18. Audit Trail is an example of control

Q 19. Which one is not a Boundary control audit trail .