Assignment

Section 1: Basic Security Concepts

1. How would you define Computer Security?
2. What is meant by Application Security?
3. Define the concept of Confidentiality in security.
4. What does Availability mean in the context of computer systems?
5. What is the definition of Information Security?
6. What is meant by Integrity in data and system protection?

Section 2: Malware and Threats

7. How would you explain a computer worm?
8. What is Phishing and how does it work?
9. How would you describe a Botnet?
10. What is a Rootkit and how is it used?
11. What are Keystroke Loggers and what risks do they pose?
12. Explain the concept of Spoofing.
13. What is a Denial-of-Service (DoS) attack?
14. What is Eavesdropping in cybersecurity?
15. Identify different types of malware used in security breaches.

Section 3: Threat Modelling and Trusted Systems

16. Why is Threat Modeling important in security planning?
17. What are the artifacts generated during threat modeling?
18. Define the STRIDE threat modeling framework.
19. Explain the PASTA threat modeling methodology.
20. What does VAST represent in threat modeling?
21. What is Trike in threat modeling?
22. What does LINDDUN mean in the context of threat modeling?

Section 4: Vulnerabilities and Testing

23. What is a Vulnerability in security systems?

24. Define Static Application Security Testing (SAST).
25. What is the Zero Trust security model?
26. How would you define a Hostile Intelligence Service (HOIS)?

Section 5: Risk Assessment

27. Who should be responsible for conducting an IT security risk assessment?
28. What is an IT security risk assessment?
29. On average, how long does it take to perform a risk assessment?

Section 6: Security Tools and Techniques

30. What is a Honeypot in cybersecurity?
31. What factors can cause security vulnerabilities?
32. Define CVSS (Common Vulnerability Scoring System).
33. How frequently should vulnerability assessments be conducted?
34. Name the tools used for evaluating vulnerabilities.
35. What should be considered when aligning security planning with organizational objectives?

Section 7: Contingency Planning

36. What are the essential components of a contingency plan?
37. Why is it crucial for agencies to have disaster response procedures?
38. How does continuity of operations enhance security planning?
39. What factors should be considered for backup requirements in an organization?
40. Differentiate between a disruptive event and a disaster in contingency planning.
41. What essential elements should be included in agency security incident response procedures?
42. How can organizations coordinate effectively during a disruptive event?
43. What are the common challenges in implementing contingency plans?
44. Why must contingency plans be reviewed and updated regularly?
45. How do security planning directives support organizational resilience?
46. What is the difference between proactive and reactive approaches in contingency planning?
47. How can organizations ensure continuity of operations during disruptions?
48. What contingency plans should be implemented to address unforeseen data recovery issues?
49. How does risk assessment influence contingency plan components?

Section 8: Security Frameworks and Regulatory Compliance

50. How do organizations ensure compliance with regulatory requirements when developing
security plans?
51. How can contingency plans remain flexible to adapt to emerging threats?
52. Create a checklist for assessing backup system readiness prior to a new software update.
53. Outline vulnerability assessment procedures for identifying weak points in physical security.
54. What are key considerations for determining position sensitivity in personnel security?
55. How do auditing and monitoring enhance the effectiveness of security programs?
56. What is the purpose of conducting a privacy review on accountability controls?
57. What measures can enhance employee awareness of security policies and procedures?
58. What is the role of encryption in safeguarding data and communication?
59. What is the role of access authorization in maintaining confidentiality?
60. How do security practices for systems maintenance personnel differ from those for other
employees?
61. How do employee clearances help protect sensitive information within an organization?
62. What are the key steps involved in investigating security breaches, and why is rapid action
critical?
63. How does cryptography ensure data confidentiality and integrity?
64. Describe the process of reviewing audit logs to detect and respond to security incidents.
65. Explain the process of investigating security breaches and implementing preventive measures.
66. How does INFOSEC relate to computer security audit practices?
67. Why is ongoing security training crucial for maintaining a vigilant workforce?
68. How does encryption protect data during network transmissions?
69. How can organizations build a culture of continuous improvement in security through training
and awareness?
70. What strategies ensure that access authorization aligns with organizational security policies?
71. Write the procedure for conducting a security review of access authorization protocols.

Section 9: Advanced Topics in Security

72. What are the different types of computer security threats?
73. List different types of computer security methods.
74. Describe the steps necessary to ensure computer security.
75. Identify and explain the major components of the Trusted Computing Base.
76. What are the key characteristics or principles of a Trusted Computing Base?
77. Illustrate the working principle of threat modeling.
78. What are the best practices for implementing a threat model?
79. What are the benefits of using a threat model?
80. Discuss various threat modeling methods and tools.
81. What actions must be taken to achieve security goals?
82. What tasks are involved in developing security requirements?
83. Why is it necessary to identify resources and trust boundaries in security requirement
development?
84. Why is it important to document security-relevant requirements?
85. What are the stages of secure software development?
86. How can application vulnerabilities be detected early to reduce costs and risks?
87. Identify key principles of the Zero Trust model.

Section 10: Security Planning and Risk Management

88. What are the main objectives of security planning directives?
89. How do security planning directives contribute to risk mitigation?
90. What role does continuity of operations play in organizational resilience?
91. How are agency response procedures connected to continuity of operations during crises?
92. Design a contingency plan for a financial institution responding to a major cyberattack.
93. Analyze the privacy implications of accountability controls in auditing and monitoring processes.
94. Assess the impact of OPSEC surveys on an organization's security posture.
95. Design a backup strategy for critical infrastructure in a smart city project.
96. How does position sensitivity affect personnel security and access control?
97. What strategies can organizations use to promote a security awareness culture among
employees?
98. Explain the process and role of encryption in protecting sensitive data.
99. Establish a process for analyzing network traffic using intrusion detection and SIEM tools.
100. Analyze the role of INFOSEC standards in shaping organizational security practices.
101. Discuss challenges in interpreting and implementing OPSEC survey results.
102. Evaluate the effectiveness of cryptographic measures in protecting sensitive
information.
103. Analyze the impacts of security breaches on organizational operations and reputation.

Section 11: Applied Case Studies and Critical Thinking

104. Why is Computer Security important?
105. How do you communicate risk assessment findings to stakeholders and involve them in
risk management?
106. Evaluate the statement: "Don’t download attachments unless you trust the source,"
with a case study.
107. Explain the importance of keeping personal information private on social media, with a
case study illustrating the risks.
108. Judge the statement: "Don’t purchase from unknown websites," with a relevant case
study.
109. Assess the importance of learning about computer security and ethics, supporting your
argument with a case study.

110. Evaluate the statement: "Inform the cyber cell immediately if attacked," using a case
study.
111. What tasks are necessary for effective Security Requirements Development?
112. How do you use data and analytics in your risk assessment and management processes?
113. How do you prioritize risks, and how do you determine which risks to address first?
114. Which industries require security risk assessments for compliance?
115. What problems does a security risk assessment solve? Provide a case study where it
prevented data breaches.
116. Discuss the significance of policy mechanisms in security planning.
117. Assess the importance of stakeholder engagement in security planning and contingency
measures.
118. How does technology, including AI and automation, enhance security planning efforts?
119. Apply privacy review protocols to accountability controls in an organization’s security
planning.
120. Evaluate the effectiveness of security planning directives in mitigating security threats
and vulnerabilities.
121. Assess the feasibility and effectiveness of recovery plans post-disruption.
122. Describe how personnel security practices help prevent insider threats.
123. Establish secure configuration management processes for e-commerce platforms.
124. Compare manual assessments, automated scans, and penetration testing in security
reviews.
125. Analyze the role of systems maintenance personnel in incident response and recovery.
126. Evaluate the effectiveness of access authorization procedures.
127. Assess how well position sensitivity criteria align with security objectives.