IIBF & NISM Adda: IIBF IT Security

Showing posts with label IIBF IT Security. Show all posts

Sunday, 8 November 2020

IT security recollected questions on 08.11.2020

Recalled Questions IT Security (8/11/2020)

Slot 1

Owner , custodian, User

RFID

Internet Access Policy

Beat Frequency Oscillator

IPS & IDS Differance

Network server

HPs open View software

Blade server

Authorization and authentication

Salami Technique can be detected by

Beta Testing

VoIP

QMS

ISMS

Plan do check act (PCDA)

COBIT ISACA SOX GAIT HIPAA SAS70

Defense in Depth

Critical servers in most bank are on UNIX

schema

Hubs

MPLS SMTP

cryptography steganography

application layer firewall are also called as PROXY firewall

Drawbacks of using in house software development

Cyber espionage

DRP

Audit charter

SEBI act 1992

CDR call details record

regsvr32 command

RBI Vision 2018(2 questions)

Shimming skimming

Big data

SHA 512

Server Cluster

Difference between virus and worm

Hot site and warm site

HA in BC DRP means

defence against eavesdropping

Sniffer

third party access to critical info resources area

edit the Registry using Command in windows

RuPay Visa Master card

Bancs

Cvv 3D

Stages in software development

Black box testing

Paper was moderat

.5 marks question on cobit kyc it act rti act software development level

1 marks question on software development process and it security

2 marks question on study based

Questions were from all segments

ISO related questions

Difference between skimming and shimming

Difference between cryptography and steganography

One question on metal detector

One question on software testing related

Defence in depth

Sunday, 20 September 2020

20.09.2020 IT security recollected

Read audit module

In digital signatures around 10 question

Management information system

Data warehousing

Switching techniques

IT act 2000

Hard ware input output devices

Sunday, 6 September 2020

IT security recollected questions on 06.09.2020

ISMS

cobit

Cyber espionage

Malware

Botnets

Downtime

Incident response

Backups

HOT SITE WARM SITE

PDC

CDR

SEISMIC ZONE

AUDIT CHARTER

FIREWALLS

SMTP

CRYPTOGRAPHY AND STEGANOGRAPHY

VLAN

HUB

SNIFFER

EAVES DROPPING

GOPAL KRISHNA WORKING GROUP

RBI 2018 RECOMMENDATIONS

BLADE SERVER

RFID

GRAMM LEACH BILEY ACT

SAS70

GAISP AND GAIT

ISO27001

VOIP

SALAMI TECHNIQUE

LOAD BALANCING

RDBMS

PREVENTION N DETECTION

ZOMBIE

SECURITY GOVERNANCE

KRA

RTI2005

ACCESS PRIVILEGE

2 QUESTIONS WERE OF HYPOTHETICAL SITUATION

BC-DRM

FAULT TOLERANT SYSTEM INCLUDES

COBIT

ISACA

ISO BASED QUE

INCIDENT MANAGEMENT

BCPDR

BLADE SERVER

RTI

ISMS

HARDWARE SECURITY

RDBMS

WINDOW CONFIGURATION

PHYSICAL SECURITY

DIFF BT VIRUS AND WORM

FASTFLUX

CRYPTOGRAPHY

Sunday, 22 March 2020

New All IIBF Certifications PDFs in single link 2020-2021

Monday, 20 January 2020

IT security recollected questions on 19.01.2020

Recollected questions on IT security
19.01.2020

1. Major change in It act 2008 and IT act 2000
2. which act is ammened after CTS ? choices r Rbi a t BR act Indian evudence act
3.It security s resoonsible fir all employes and driver is CiSO
4.Ciso will report to Hirm
5. Threat vulnerability case study
6. Threat vector
7.crime s not bcos of oppurtnty need ratiaisation answer s inteligence
8.Which metal dector is used in inland indepth
9. which metal detector cannot diferentiate metals
10. which does not comes under indepth Security
11.SQL injection
12. case study qn on Rootkit
1e.RTP
14.ROP
15.unit twating /whitebox/ blackbox testing
16. warm site/ cold site
17. COBIT developed by which agency of USA
18.which ia bench mark of Indian security stds COBIT OR IASA
19. what has to be hand over to conpany in case of Escrow arrangement- Source code
20. When it has to handover and who should demand the codes under escrow agreemnt
30.salomi technique
31. Acess control case study
32. Acess control policy is for Physical acess or al type access
33. For software protection no physical security s needed or physic security is fully needed or partly if it s a single pC.
34.Maker checker checjer has role power more than maker.
35which is cheaper RFID or Barcode reader
36. wether both bar code reader and RFID can be scanned with same scanner?
37.when a sytem ahould be Tagged with RFId as soon as it is bought or wen it is brought yo the company erc.
38. Arranging the sequence of Physical.movembt of Hardwares like listing sequencing tagging etc.
39. life cycle of aoftware devepmnetn lik planning devolping testing implementing and the mam twist is wether maintannce comes under life cycle of developing or the life cycl ends with inplementing only.?
40.which fire extinguisher to b used in setver room Co2
41.CAPtCha is case sensitive
42.stenography/ cryptography.
43 Malware/ spyware/ Addware/ Botner
44. wether Botnet iz a malwRe,?
45. Wanna cry is a ransomware
46. Some question was abt layers in Osi model
47.Ddos
48.dual core process
49. Trapdoor
50.Bit glass
51. Digital india aims at - bringing internet and e governancce to all parts of society
t2. Cobit is computer governance or IT governamce
53. which ia important in bank customer data prootection along with adata centre or Only dafa centres hvng other data?
54. Atm jackpotti g
55. Green dispensor
56.Load balancing
57. wether security policy of a company is confidential or it can be known to all
58.PGP
59.Dumbster Drving
50. which technique if used for mallicious intention bcomes crime - Sniffing
60. Iso 27700 /27001/27002 _ 2 questions
61. open source application - MS word
62. PCI dss used for??
63. Iaas Paas
76. In buffef overflow attacker targets_ stack
77. secuirty to be ensured untill last mile
78. -Network attac hed storage
79. why disk duplex is better than disk miroring
80.Zeus is a malware attacking banks
81. Zombies
82.spiral model/ iterative model/ waterfall model case study
83.jitter technology
84. pDC (plan do chek)
85. which std is used for life çycle Iso/iec 5288:2008

Questions are modearaate. Taxman book is more than enough to pass. If V COMPLete Cyber crime and fraud managemnt exam before completing IT security it will be easier since 30% questions can be related.

In Taxman book at the end of Each topic few topics were given under the title "KEY WORDS". Most questions are from that.

Friday, 1 November 2019

IT SECURITY 26.10.2019 MEMORY BASED RECOLLECTED QUESTIONS

IT SECURITY
***********
Giv priority to Technical terms...
***************
26.10.2019 MEMORY BASED RECOLLECTED QUESTIONS
Salomi technique

Accountability- biometric login wat d user has/knows/is

Access control
Access privilege

Maker checker principle

Ciso/cfo role

Anti piracy

Thteat/vulnerability/impact

RFID radio frequency identification

Perimeter security

3 most common metal detector

Fire extinguishers

E waste

BYOT/BYOD /work from home

Commonly used sever

Router/modem/switch/gateway

White box/black box testing

Alpha/beta testing

ISO certfctn standard specifctn

COBIT

STEGNOGRAPHY/RANSOMWARE/CYBER TERRORISM/SOCIAL ENGG

DOS/DDOS

CAPTCHA

MALWARE/SPYWARE/ADWARE/ROOTKIT/BOTNETS

FASTFLUX/STUXNET

HOTSITE/WARMSITE/COLDSITE

IS AUDIT QUALIFCTNS

GUIDELINES FOR FRAUD PREVENTION

FSDC

Sunday, 29 September 2019

IT security recollected on 27.09.2019

Some of the recalled questions/topics are as following...

2-3 questions on Escrow
Security governance
Cert in
Major change from it act to it amendment act
BC DRP steps
2 questions on firewall
RTO
RPO
CISO reports to whom
Who are responsible for IT security
Maker checker difference
Spyware
VoIP
Black/white box testing
Salami attack
ISMS
PDC and DRC
2 questions on fault tolerant systems
Disadvantage of check list audit
2-4 questions on physical security
ITAM 2 questions
What cant be disclosed under RTI act 2005
Schema
Modem
Green server
Telnet uses which port
2-3 questions on security standards
E wastes
2-3 questions related to software development
COBIT
Threat vector
DoS
SQL
Cross site scripting
Steganography
Cryptography
Beta testing
Multiplexers
CAPTCHA
Dual core processor

Tuesday, 27 August 2019

Re collected question IT SECURITY 25/08/2019

Re collected question IT SECURITY 25/08/2019

Salami technique
Trapdoors
Bit glass
Tread , vulnerability & tread vector
3 basic principle of
Information
Natting
Bank role in environmental security
Difference between cryptography& ..
Unit test & white box text
Azure cloud belongs to which company - Microsoft
COBIT
Clouds
CISO reporting
CISO responsibility
Root kit
Backup in banks
RBI role other than as a regular
Multiplexer
Switch
ATM jackpotting
Perimeter access
Use of library in software
Excluded Events in RTI ACT
Vsat
VIOP eve dropping
Checker maker in banks
Scavenger
Port no 23
SOX
27001&27002
Middle man attack
DMZ
SINGLE POINT OF FAILURE
SQL
RTO& rpo
Hot warm cold site
PGP
Mac & IP address
Digital forensics
Escrow arrangements
Blade server
Load balancing
RFID & bar coding
Metal detectors
IPS & ids
More questions on physical movements of hardware

These r the topics from which questions were asked . For 1 & 2 mark questions , options r quite confusing and need a double thought before answering.

Cleared IT SECURITY with 57 marks .. its 5 th certifications in a row AML KYC, Bcdsi, msme , Prevention cybercrime.
Next trying for CAIIB

Thanks Srinivas sir ,,

Sunday, 18 August 2019

Recollected Questions 21.07.2019 IT security recollected on 21.07.2019

ROBO backup

Skimmer and shimmer

RFID and Barcode shortcomings

ISO 27001

After Jillani committee 1996

What IT act took place

Downstream liability

Routers

A/B testing

VoiP eavesdropping

User level controls

PCI DSS

HIPAA

Defence in Depth

Green servers

Blade servers

E -wastes

Scavenging

ATM jitter

Mobile banking

TCP IP

VLAN

Cyptography

Steganography

IDS DNS

CLOUD computing

Threats

Vulnerability

SQL Injection

Cyber terrorism

Viruses worms

Malware

Stuxnet

Fault tolerence

Business continuity and Disaster recovery

Saturday, 25 May 2019

IT security recollected questions on 25.05.2019

It security recollected questions 25/05/19 shared by member
OECD 1992
PILLARS OF IS
ISP/NSP INTERMEDIARIES SEC 79 PTOTECTION
ITA 2000 PROVIDES LEGAL RECOGNITION TO ELEC.RECORDS
CISO TO REPORT TO HIRM
PGP IN EMAIL
DOWNSTREAM LIABILITY
SALAMI TECHNIQUE
TROZAN HORSE
SPLIT TESTING
CLOUD COMPUTING
DIGITAL INDIA INITIATIVE
PERIMETER SECURITY
IPS BIOMETRIC
IDS CCTV
GREEN SERVEE
SCAVENGING
BLADE SERVER
IP ADDRESS N MAC ADDRESS
VSAT
LOAD BALANCING SERVER
ROUTER
SWITCHES
ISO 14000, 27000 SERIES
ISO/IEC 12207
ISO 90003:2004
COBIT VERSION
SOX 2002
PXI/DSS
RFID/BAR CODE
PSEUDO CODE
PPI
OSI MODEL LAYERS
TCP/IP MODEL LAYERS
NAT
TUNELLING
IP SEC
FTP PORT NO
DNS ATTACK
FIREWALLS
66D SOCIAL ENGG
DOS ATTACK
APT
STUXNET
VIRUS/WORM
SLA
POLYMORPHIC THREAT
RTO N RPO
CLOUD BACKUP
ROBO BACKUP
PDC N SDC
BCDRP
HOT SITE
SPF
RESIDUAL RISK
AUDIT AROUND/THROUGH COMPUTER

Sunday, 20 January 2019

IT security recollected questions on 20.01.2019

IT SECURITY-Recollected Q(20/01/2019)

1-Trapdoor

2-Botnet

3-access privilege

4-logical security
5-audit trail
6-rfid
7-issm
8-nsp and isp are generally called?
9-sniffer
10-one qus from RTI
11-whitebox testing
12-beta testing
13-ciso
14-threat/vunerbility
15-BIA
16-Risk=probabilty*damage potential
17-ISMS
18-Risk control
19-ISO270001
20-it governace how related to security governance
21-KRA
22-GPRS
23-Trojan horse
24-shema
25-CCTV which type control
26-best way to protect atm fraud
27-e-waste
28-what type fire extingure used in compter and electrical equip..
29-bar code
30-why matrix code used over bar code
31-intrusion prevention
32-one question related to security perimeter
33-BIG Data
34-BYOD which type risk
35-HP open view software
36-load balancing
37-inteligent device used in network-Router
38-switch-forwards mac add
39-mpls
40-vsat
41-air gaps
42-off the shelf software
43-adware
44-one qustion (arrange testing)unit/uat/beta..
45-salami technique
46-a major threat that faces telecom industry-eaves dropping
47-CDR
48-one ques from bpo
49-SDLC
50-ISO/IEC 90003:2004 (2 ques)
51-PDCA
52-SOX
53-PCI DSS
54-SAS 70
55-ATM related ( small camera are placed whic has capability of transmission)
56-how RFID (rj45 with visible external cabeling)
57-defense in depth (2 question)
58-what to do to receive govt green certificate like this..
59-tunneling
60-one ques from sensor base lighting ( light on only when movement)
61-one ques related to RDBMS
62-CVV
63-why rupay by npci( to compete with visa and mastercard)
64-audit control
65-tcp ip layers
66-NAT
67-smtp
68-dmz
69-unified threat management
70-SIEM
71-VOIP
72-IP SEC
73-COTS
74-IaaS
75-payper click
76-buffer overflow
77-stuxnet
78-one ques related to cyber terrorism
79-spyware
80-one ques related to rootkit
81-one ques related to high availabilty
82-latency
83-recovery block
84-dual core
85-2 ques related to rpo/rto
86-edp
87-check list bast audit, whts demerit ?
88-comparision ( audit through computer/audit with computer)
89-insurance-IRDA
90-FSDC
91-UCC/2007
92-CDR
93-pension form regulatory manged by ?94- digital signature replaced by?

IT security exam was of moderate level.

The questions were asked from.

OSI model, IP spoofing, IS audit methodologies, threat management, Software security control, Business continuity plan, Salami technique, access privilege and some case studies questions from various topics.

Thank you!

Saturday, 6 October 2018

IT related bits

1) If a computer is bind to store confidential or sensitive information in order to ensure that can not be accessed, which of the
following shall be made use of a) close circuit TV b) encryption c) buried line censors
d) locking and guarding e) None of the above
2) A computer can not boot if it does not have the :
a)compiler b) loader c) operating system d) assembler e) None of the above
3) Transfer of fund by computers without banks intervention can be done by
a) fax b) telephone c) camera d) IMB e) None of the above
4) The device that connect different types of networks is called :
a) b) hub c) bridge d) router e) None of the above
5) The processing machine that process the cheques of high speed in the clearing house is called
a) processor b) router cum shorter c) encoder d) all the above e) None of the above
6) The signature of the customer can be captured by
a) keyboard b) mouse c) scanner d) all of the above e) None of the above
7) The basic unit of a mark sheet into which you enter data in enclosed sheet is called
a) tab b) cell c) box d) range e) None of the above
8) Batch reports area : a) adhoc report b) EOD/BOD report c) available under business objective
d) generated by FRS data base e) None
9) First page of website in terminal : a) home page b) index c) java script d) bookmark e) None of the above

11) sending an e mail is equal to
a)picturing an event b) narrating a story c) writing a letter d) creating a drawing e) None of the above
12) The term VPN stands for
a)virtual private network b) vocational planning network c) voice program network d) voluntary program network e) None of the above
13) To move the cursor to the end of the document line
a)ctrl+end b) alt+ctrl+end c) page down d) ctrl+alt e) none of the above
14) The resolution of the computer screen is determine by which of the following
a)colour b) memory c) pixcels d) processing speed e) none of the above
15) Which of the following refer to a small single line network
a)LAN b) DSL c) RAM d) USB e) None of the above
16) The fraud and other type of crimes that happen on the internet network are called
a)internet fraud b) internet crimes c) cyber crimes d) electronic fraud e) None of the above
17) Which of the following term describe computer program better
a)hardware instruction b) input devices c) output devices d) central processing unit e) None of the above
18) Which of the following activities are carried through electronic means it is called
a)e-banking b) e-business in banking c) internet banking d) all the above e) None of these
19) A small line which flashes on the computer screen
a)cursor b) mouse c) cell d) all the above e) None of the above
20) computer use the ------number system to store the data and perform calculations
a)binary b) octal c) decimal d) hexadecimal e) None of the above
21) IFSC code is
a)11 digit alpha numeric code b) 10 digit alpha numeric c) 1 digit numeric d) 11 digit alpha code e) None
22) cannet is an example of
a)internet b) intranet c) both d) internal software e) None of the above
23) Which of the following makes use of the artificial intelligence
a) user of the computer b) computer c) operating system d) application systen e) the above all of
24) The name of UPI app in our bank is called
a)canmobile b) canara swipe c) e- infobook d) empower e) None of the above
25) The computer that co ordinate all computer activities into a network is known as
a)sever b) UPS c) modulator d) LAN e) None of the above
26) Which of the following is not a storage device
a)tape drive b) floppy disc drive c) hard disc drive d) printer driver e) None of the above
27) Servers of computers that provides resources to other computers connected to a
a)network b) mainframe c) supercomputer d) client e) None of the above
28) ASBA means - a)application supported by block account b) application supported by block amount c) application supported by
block arrangement d) application supported by block demat a/c e) None of the above
29) Collecting personal information and effectively bring another individual is known as the crime of
a)spooling b) identify theft c) spoofing d) hacking e) None of the above
30) Saving bank a/c is transferred from one cbs branch to another cbs branch. The a/c no is
a)does not change b) changes c) can not transferred a/c in cbs d) new branch dp code is added e) None
31) In page preview mode :
a)you can see all pages of document b) you can see the page you are currently working c) you can see only that page do not contain
document d) you can only see the title page of your document e) None of the above
32) Ram stands for -
a)random access memory b) ready application module c) read access memory d) remote access memory e) None
33) Printing device that create an image directly on paper by spraying ink and has substances recurring cost is known as - a) plotter b)
desk jet printer c) inkjet printer d) dot matrix printer e) None of the above
34) --------is data that has been organized or presented in meaningful fashion
a)process b)software c)storage d)information e) None of the above
35) The term cyber law stands for which of the following
a)the law governing cyber cafe establishment only b) the low governing computer activity c) the law relating to various information
technology d) any of the above e) None of the above
36. Which of the following package was first introduced in our bank - a) ibbs b)banks 2000 c)alpm d) cbs d) none
37) which of the following services are available in the atms
a) balance enquiry b)mobile top-up c)opening of term deposit a/c d)a & b e) a to c
38) which of the following can be used to select the entire document
a)cntrl +a b) alt+s c)shift+a d)cntrl+k e)cntrl+h
39) coded entities which are used to access to a computer system are called
a)entry code b)password c)security commands d)code words e)none of these
40) ________ is the appearance of typed characters - a)size b)format c)point d)colour e)none of these
41) idealing a customer must have one_______across the bank
a)account id b)customer id c) cbs id d)place id e) all of above
42) the term led stands for
a) light electronic device b) light electrical device c) light emitting device d)local electronic device e)none of above
43) junk email is also called - a)spam b)spoof c)sniffer script d) spool e) none of these
44) modem is connected to -a) a telephone line b) a keyboard c) a printer d) mouse e0 scaner
45) date and time are available on the desktop at - a) keyboard b) recycle bin c) my computer d) task bar e) none
46) information technology has resulted in - a) improved efficiency b) innovative products c)effective delivery system d) enhanced
productivity e)all of the above
47)the signature of customer can be captured by - a) keyboard b)scanner c) mouse d)all of the above e) none
48) to insert a word into the middle of a sentence
a) move the curser to the desired location in the sentence and type the new word
b) move the curser to the desired location in the sentence press enter key and type the new word
c) move the curse to the beginning of the sentence and start typing
d) retype the whole sentence e)none of these
49) whenever networks are not possible ,our bank has gone for satellite connections otherwise called as
a) winsat b) vsat c) sat d) vat e) tat
50) Unwanted repetitions massages, such as unsolicited bulk email is called as
A) spam b) trash c) Calibri d) courier e) none of these
ANSWER
1 B 2 C 3 D 4 D 5 E 6 C 7 B 8 B 9 A
11 C 12 A 13 A 14 C 15 A 16 C 17 D 18 D 19 A 20 A
21 A 22 B 23 E 24 A 25 D 26 D 27 A 28 A 29 D 30 A
31 A 32 A 33 A 34 D 35 C 36 C 37 D 38 B 39 B 40 B
41 B 42 C 43 A 44 A 45 D 46 E 47 B 48 B 49 B 50 A

Sunday, 12 August 2018

All IIBF Certifications PDFs in single link

Sunday, 15 July 2018

Today IT security recollected questions

IT Security recollected questions 15-07-18

Non repudiation,access privilege,2FA,CISO,corporate IT Security,DRM,Threat,vulnerabilities,risk appetite,sec governance,rfid,ips,ids,bar coding,metal detectors,fire extinguishers,testing methodologies 2-3 questions,cloud computing 2-3 questions,cdr,iso 27001,cobit,etsi tc cyber,Sox,sas 70,defense in depth,green server,refurbishment,dumpster driving,social eng,database schema,atm security,jackpotting,escrow arrangement 2 questions,spf,vlans,mpls,ftp,firewalls,siem,s/w models,big data,buffer overflow,stuxnet,botnet,fast flux,rootkit,San,drsite,Indian fin sys,powers of rbi

Most of d questions wr of the type (what is not),(which is wrong)

IT security recollected questions

IT act defines data as

Information is classified based on criticality, confidentiality, availability and purpose

Information security is protection of information assets

Non repudiation definition

Which of the following is not a perimeter security method

IT security is responsibility of All employees in an organisation

CISO will not report to CIO

Access previlage: clerical staff cannot make loan disbursement

What is pretty good privacy

Digital right management involves copy right and antipiracy technology

Difference between threat and vulnerability

Definitions of threat vulnerability impact and risk

Crime is not because of need, opportunity and rationalization. One wrong option

2 questions on metal detectors

Which of the following is not an intrusion detection systems - biometric tools

Social engineering is done by

SQL injection definition

Buffer overflow definition

First digital weapon used in PLC - stuxnet

Which of the following is not true regarding cyber terrorism

Malware that targets industrial and software equipment - stuxnet

Fast flux definition

Rootkit related question

What do you understand by the term hijacker

What is the concern faced by security managers in BYOD technology

Case study type question on single point failure

Features of fault tolerant system-2 questions

One of the following is not a requisite for fault tolerance

One of the following is not true regarding high availability-latency, raid,

Questions on white box testing and black testing

Software fault tolerance methods include recovery blocks, n programming, acceptance tests

Recovery time objective., recovery point objective

Robo backup

DR site location in seismic zone

Hot site, warm site

Secondary site located in same city as primary data centre

Auditing around the computer, auditing through the computer, auditing with computer

COBIT is not a security standard

Latest version of COBIT is COBIT 5

Audit risk definition

RBI, sebi, tria and irda regulates (match the following)

One of the following is not the role of RBI

Call data record includes

One of the following is not included in IT act

Version control

Escrow arrangement

Cloud computing and big data

COBIT VERY important for IT

COBIT (Control Objectives for Information and Related Technologies) is a good-practice framework created by international professional association ISACA for information technology (IT) management and IT governance. COBIT provides an implementable "set of controls over information technology and organizes them around a logical framework of IT-related processes and enablers
ISACA first released COBIT in 1996, originally as a set of control objectivesto help the financial audit community better maneuver in IT-related environments.Seeing value in expanding the framework beyond just the auditing realm, ISACA released a broader version 2 in 1998 and expanded it even further by adding management guidelines in 2000's version 3. The development of both the AS 8015: Australian Standard for Corporate Governance of Information and Communication Technologyin January 2005 and the more international draft standard ISO/IEC DIS 29382 (which soon after became ISO/IEC 38500) in January 2007

IT SECURITY

SOFTWARE ATTACKS by
Virus
A virus is a type of malicious software (malware) comprised of small pieces of code attached to legitimate programs. When that program runs, the virus runs.
Viruses are malicious programs that spread throughout computer files without user knowledge. Most widespread virus infections spread through email message attachments that activate when opened. The vicious cycle of a virus perpetuates as infected emails are forwarded to multiple users. Viruses also spread through shared media, such as Universal Serial Bus (USB) drives.

Initially created as pranks, viruses are responsible for widespread and significant computer system and file destruction. Installing anti-virus software helps prevent, block or remove previously installed viruses
Worm
A worm is a type of malicious software (malware) that replicates while moving across computers, leaving copies of itself in the memory of each computer in its path.
A worm locates a computer’s vulnerability and spreads within its connected network like an infection, while continually seeking new vulnerabilities. Like viruses, worms often originate from e-mail attachments that appear to be from trusted senders. Worms then spread to a user’s contacts via his e-mail account and address book.
Some worms spread and then do nothing while tthers cause harm. In such cases, the worm’s code is known as payload.

Malicious Software (Malware)
Malicious software, commonly known as malware, is any software that brings harm to a computer system. Malware can be in the form of worms, viruses, trojans, spyware, adware and rootkits, etc., which steal protected data, delete documents or add software not approved by a user.

Security standards and best practices

Security standards and best practices
The Standard of Good Practice for Information Security, published by the Information Security Forum (ISF), is a business-focused, practical and comprehensive guide to identifying and managing information security risks in organizations and their supply chains.
The most recent edition is 2016, an update of the 2014 edition.
The 2011 Standard is the most significant update of the standard for four years. It includes information security 'hot topics' such as consumer devices, critical infrastructure, cybercrime attacks, office equipment, spreadsheets and databases and cloud computing.
The 2011 Standard is aligned with the requirements for an Information Security Management System (ISMS) set out in ISO/IEC 27000-seriesstandards, and provides wider and deeper coverage of ISO/IEC 27002 control topics, as well as cloud computing, information leakage, consumer devices and security governance.
In addition to providing a tool to enable ISO 27001 certification, the 2011 Standard provides full coverage of COBIT v4 topics, and offers substantial alignment with other relevant standards and legislation such as PCI DSS and the Sarbanes Oxley Act, to enable compliance with these standards too.
The Standard is used by Chief Information Security Officers (CISOs), information security managers, business managers, IT managers, internal and external auditors, IT service providers in organizations of all sizes.
The 2011 Standard is available free of charge to members of the ISF. Non-members are able to purchase a copy of the standard directly from the ISF.

IT Governance Standards and Best Practices
ISO/IEC 27000 family of Information Security Management Systems - This document provides an overview of ISO/IEC 27000 family of Information Security Management Systems which consists of inter-related standards and guidelines, already published or under development, and contains a number of significant structural components.
ISO 27001 - This document provides the ISO standards of the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization.
ISO 27002 - This document introduces the code of practice for information security controls.
British Standard 7799 Part 3 - This set of guidelines is published by BSI Group for the information security risk management.
COBIT - The Control Objectives for Information and related Technology (COBIT) is published by the Standards Board of Information Systems Audit and Control Association (ISACA) providing a control framework for the governance and management of enterprise IT.

IT SECURITY Software testing

Software testing can be conducted as soon as executable software (even if partially complete) exists. The overall approach to software development often determines when and how testing is conducted. For example, in a phased process, most testing occurs after system requirements have been defined and then implemented in testable programs. In contrast, under an agile approach, requirements, programming, and testing are often done concurrently.

The box approach
Software testing methods are traditionally divided into white- and black-box testing. These two approaches are used to describe the point of view that the tester takes when designing test cases.

White-box testing

White-box testing (also known as clear box testing, glass box testing, transparent box testing and structural testing, by seeing the source code) tests internal structures or workings of a program, as opposed to the functionality exposed to the end-user. In white-box testing, an internal perspective of the system, as well as programming skills, are used to design test cases. The tester chooses inputs to exercise paths through the code and determine the appropriate outputs. This is analogous to testing nodes in a circuit, e.g. in-circuit testing (ICT).

PHYSICAL AND ENVIRONMENTAL SECURITY IT SECURITY EXAM

PHYSICAL AND ENVIRONMENTAL SECURITY

It is generally accepted that, when it comes to protecting information resources from a physical perspective (i.e. where we are protecting tangible assets that one can touch, kick, steal, drop, etc.,), the name of the game has to be about convincing a perpetrator that the cost, time and risk of discovery involved in attempting unauthorised access to information or equipment exceeds the value of the gains thus made.

Physical security is not a modern phenomenon - it exists to deter or prevent unauthorised persons from entering a physical facility or stealing something of perceived value. The safety of personnel should not be overlooked in this respect.

Little has changed over the centuries when it comes to protecting property, with locked doors/chests, armed security guards, booby-traps, etc.

Corporate IT Security Policy

Corporate IT Security Policy Significant technological advances have changed the way we do business. That is, the internet, email, and text messages have virtually replaced faxes, letters and telexes in the corporate world. The internet to used to obtain information and efficiently communicate with clients, business associates, and partners. While internet usage comes with numerous advantages such as the speed of communication and an increase in the bottom line, it also contains several drawbacks that can seriously hinder business productivity and growth. For example, personnel can use the internet as a distraction to peruse their Facebook, Twitter, and Instagram accounts, shop on Amazon or eBay, check the latest sports statistics, exchange personal emails with colleagues, friends, and so on. These activities not only heighten the risk of incoming malware, but also lower employee productivity and revenue. Therefore, devising a corporate IT security policy will help to mitigate the negative consequences associated with internet use – and email specifically. The “nuts and bolts” of an IT security policy

IIBF & NISM Adda

Sunday, 8 November 2020

IT security recollected questions on 08.11.2020

Sunday, 20 September 2020

20.09.2020 IT security recollected

Sunday, 6 September 2020

IT security recollected questions on 06.09.2020

Sunday, 22 March 2020

New All IIBF Certifications PDFs in single link 2020-2021

Monday, 20 January 2020

IT security recollected questions on 19.01.2020

Friday, 1 November 2019

IT SECURITY 26.10.2019 MEMORY BASED RECOLLECTED QUESTIONS

Sunday, 29 September 2019

IT security recollected on 27.09.2019

Tuesday, 27 August 2019

Re collected question IT SECURITY 25/08/2019

Sunday, 18 August 2019

Recollected Questions 21.07.2019 IT security recollected on 21.07.2019

Saturday, 25 May 2019

IT security recollected questions on 25.05.2019

Sunday, 20 January 2019

IT security recollected questions on 20.01.2019

Saturday, 6 October 2018

IT related bits

Sunday, 12 August 2018

All IIBF Certifications PDFs in single link

Sunday, 15 July 2018

Today IT security recollected questions

COBIT VERY important for IT

Wednesday, 11 July 2018

IT SECURITY

Security standards and best practices

IT SECURITY Software testing

PHYSICAL AND ENVIRONMENTAL SECURITY IT SECURITY EXAM

Corporate IT Security Policy

IIBF Certificate Exams(Adda)

Followers