Various Concepts Used In ISRM

<div dir="ltr" style="text-align: left;" trbidi="on"> <!--[if gte mso 9]><xml> <w:WordDocument> <w:View>Normal</w:View> <w:Zoom>0</w:Zoom> <w:TrackMoves/> <w:TrackFormatting/> <w:PunctuationKerning/> <w:ValidateAgainstSchemas/> <w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid> <w:IgnoreMixedContent>false</w:IgnoreMixedContent> <w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText> <w:DoNotPromoteQF/> <w:LidThemeOther>EN-US</w:LidThemeOther> <w:LidThemeAsian>X-NONE</w:LidThemeAsian> <w:LidThemeComplexScript>X-NONE</w:LidThemeComplexScript> <w:Compatibility> <w:BreakWrappedTables/> <w:SnapToGridInCell/> <w:WrapTextWithPunct/> <w:UseAsianBreakRules/> <w:DontGrowAutofit/> <w:SplitPgBreakAndParaMark/> <w:DontVertAlignCellWithSp/> <w:DontBreakConstrainedForcedTables/> <w:DontVertAlignInTxbx/> <w:Word11KerningPairs/> <w:CachedColBalance/> </w:Compatibility> <w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel> <m:mathPr> <m:mathFont m:val="Cambria Math"/> <m:brkBin m:val="before"/> <m:brkBinSub m:val="--"/> <m:smallFrac m:val="off"/> <m:dispDef/> <m:lMargin m:val="0"/> <m:rMargin m:val="0"/> <m:defJc m:val="centerGroup"/> <m:wrapIndent m:val="1440"/> <m:intLim m:val="subSup"/> <m:naryLim m:val="undOvr"/> </m:mathPr></w:WordDocument> </xml><![endif]--> <br /> <div class="MsoNormal" style="line-height: normal; text-align: justify;"> <b style="mso-bidi-font-weight: normal;"><span style="font-family: "Times New Roman","serif"; font-size: 14.0pt;">Q1. What Is DOS ?</span></b></div> <div class="MsoNormal" style="line-height: normal; text-align: justify;"> <span style="font-family: "Times New Roman","serif"; font-size: 12.0pt; mso-bidi-font-weight: bold; mso-fareast-font-family: "Times New Roman"; mso-font-kerning: 18.0pt;">DoS attack - Denial of Service attack is </span><span style="font-family: "Times New Roman","serif"; font-size: 12.0pt;">a type of attack on a <a href="http://www.webopedia.com/TERM/N/network.html"><span style="color: windowtext; text-decoration: none; text-underline: none;">network</span></a> that is designed to bring the network to its knees by flooding it with useless <a href="http://www.webopedia.com/TERM/T/traffic.html"><span style="color: windowtext; text-decoration: none; text-underline: none;">traffic</span></a>. Many DoS attacks, such as the <i>Ping of Death</i> and <i>Teardrop</i> attacks, exploit limitations in the <a href="http://www.webopedia.com/TERM/T/TCP_IP.html"><span style="color: windowtext; text-decoration: none; text-underline: none;">TCP/IP</span></a> protocols. For all known DoS attacks, there are software fixes that system administrators can install to limit the damage caused by the attacks. But, like <a href="http://www.webopedia.com/TERM/V/virus.html"><span style="color: windowtext; text-decoration: none; text-underline: none;">viruses</span></a>, new DoS attacks are constantly being dreamed up by <a href="http://www.webopedia.com/TERM/H/hacker.html"><span style="color: windowtext; text-decoration: none; text-underline: none;">hackers</span></a>.</span></div> <div class="MsoNormal" style="line-height: normal; text-align: justify;"> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjfSBlDjMx8c3NtIuX859kNDUxtQx7-OAEe0vSSeU703awM7oYb_ZqkyoMkbrv3si8LD3y8ebsOGTgLT2ZLz8BPFMvvlgbxb1nbIz7qqihVrrYak5s61VEU_KVb5mC_DtMll02Rnn6QJfV-/s1600/isrm@allicient.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="255" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjfSBlDjMx8c3NtIuX859kNDUxtQx7-OAEe0vSSeU703awM7oYb_ZqkyoMkbrv3si8LD3y8ebsOGTgLT2ZLz8BPFMvvlgbxb1nbIz7qqihVrrYak5s61VEU_KVb5mC_DtMll02Rnn6QJfV-/s1600/isrm@allicient.png" width="320" /></a></div> </div> <div class="MsoNormal" style="line-height: normal; text-align: justify;"> <b style="mso-bidi-font-weight: normal;"><span style="font-family: "Times New Roman","serif"; font-size: 14.0pt;">Q2. What Is Non Repudiation In Network Security ?</span></b></div> <div class="MsoNormal" style="line-height: normal; text-align: justify;"> <span style="font-family: "Times New Roman","serif"; font-size: 12.0pt;">Non-repudiation is the ability to prove that an operation or event has taken place, so that this cannot be repudiated later. For e-mails, for example, non-repudiation is used to guarantee that the recipient cannot deny receiving the message, and that the sender cannot deny sending it. Non-repudiation (NR) is one of the security services (or dimensions as defined in the document X.805 by the ITU) for point to point communications. Secure communications need to integrate a service in charge of generating digital evidence (rather than simply information logs) in order to resolve disputes arisen in case of network errors or entities' misbehaviour when digital information is exchanged between both points.</span></div> <div class="MsoNormal" style="line-height: normal; text-align: justify;"> <br /></div> <div class="MsoNormal" style="line-height: normal; text-align: justify;"> <b style="mso-bidi-font-weight: normal;"><span style="font-family: "Times New Roman","serif"; font-size: 14.0pt;">Q3. what is privacy and security on the internet ?</span></b></div> <b>Data Security</b><br /> <div style="text-align: justify;"> Data security is commonly referred to as the confidentiality, availability, and integrity of data. In other words, it is all of the practices and processes that are in place to ensure data isn't being used or accessed by unauthorized individuals or parties. Data security ensures that the data is accurate and reliable and is available when those with authorized access need it. <a href="http://business.ftc.gov/privacy-and-security/data-security"><span style="color: windowtext; text-decoration: none; text-underline: none;">A data security plan</span></a> includes facets such as collecting only the required information, keeping it safe, and destroying any information that is no longer needed. These steps will help any business meet the legal obligations of possessing sensitive data. </div> <b style="mso-bidi-font-weight: normal;"> <span style="mso-bidi-font-weight: bold;">Data Privacy</span></b><br /> <div style="text-align: justify;"> Data privacy is suitably defined as the appropriate use of data. When companies and merchants use data or information that is provided or entrusted to them, the data should be used according to the agreed purposes. The Federal Trade Commission enforces penalties against <a href="http://www.ftc.gov/opa/2006/01/choicepoint.shtm"><span style="color: windowtext; text-decoration: none; text-underline: none;">companies that have negated to ensure the privacy of a customer's data</span></a>. In some cases, companies have sold, disclosed, or rented volumes of the consumer information that was entrusted to them to other parties without getting prior approval. </div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> <b style="mso-bidi-font-weight: normal;"><span style="font-size: 14.0pt;">Q4. What is DMZ why it is used .</span></b></div> <div style="text-align: justify;"> In computer networks, a DMZ (demilitarized zone) is a computer host or small network inserted as a "neutral zone" between a company's private network and the outside public network. It prevents outside users from getting direct access to a server that has company data. (The term comes from the geographic buffer zone that was set up between North Korea and South Korea following the UN "police action" in the early 1950s.) A DMZ is an optional and more secure approach to a firewall and effectively acts as a proxy server as well.</div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> <b style="mso-bidi-font-weight: normal;"><span style="font-size: 14.0pt;">Q5. For what application RSA is recommended ?</span></b></div> <div style="text-align: justify;"> The RSA algorithm is used worldwide to secure Internet, banking and credit card transactions. </div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> <b style="mso-bidi-font-weight: normal;"><span style="font-size: 14.0pt;">Q6. What is the use of digital signature standard ?</span></b></div> <div style="text-align: justify;"> Digital Signature Standard (DSS) is the <a href="http://searchsecurity.techtarget.com/definition/digital-signature"><span style="color: windowtext; text-decoration: none; text-underline: none;">digital signature</span></a> <a href="http://whatis.techtarget.com/definition/algorithm"><span style="color: windowtext; text-decoration: none; text-underline: none;">algorithm</span></a> (DSA) developed by the U.S. National Security Agency (<a href="http://searchsecurity.techtarget.com/definition/National-Security-Agency"><span style="color: windowtext; text-decoration: none; text-underline: none;">NSA</span></a>) to generate a digital signature for the <a href="http://searchsecurity.techtarget.com/definition/authentication"><span style="color: windowtext; text-decoration: none; text-underline: none;">authentication</span></a> of electronic documents. DSA is a pair of large numbers that are computed according to the specified algorithm within parameters that enable the authentication of the signatory, and as a consequence, the <a href="http://searchdatacenter.techtarget.com/definition/integrity"><span style="color: windowtext; text-decoration: none; text-underline: none;">integrity</span></a> of the data attached. Digital signatures are generated through DSA, as well as verified. Signatures are generated in conjunction with the use of a <a href="http://searchsecurity.techtarget.com/definition/private-key"><span style="color: windowtext; text-decoration: none; text-underline: none;">private key</span></a>; verification takes place in reference to a corresponding <a href="http://searchsecurity.techtarget.com/definition/public-key"><span style="color: windowtext; text-decoration: none; text-underline: none;">public key</span></a>. Each signatory has their own paired public (assumed to be known to the general public) and private (known only to the user) keys. Because a signature can only be generated by an authorized person using their private key, the corresponding public key can be used by anyone to verify the signature.</div> <div style="text-align: justify;"> <br /></div> <div class="MsoNormal" style="line-height: normal; text-align: justify;"> <b style="mso-bidi-font-weight: normal;"><span style="font-family: "Times New Roman","serif"; font-size: 14.0pt;">Q7. What Is The Need Of Security Assessment?</span></b></div> <div class="MsoNormal" style="line-height: normal; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;"> <span style="font-family: "Times New Roman","serif"; font-size: 12.0pt; mso-fareast-font-family: "Times New Roman";">There are many benefits to doing periodic assessments beyond simply complying with government regulations. Undertaking regular assessments can help you to:</span></div> <ul type="disc"> <li class="MsoNormal" style="line-height: normal; mso-list: l0 level1 lfo1; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; tab-stops: list .5in;"><span style="font-family: "Times New Roman","serif"; font-size: 12.0pt; mso-fareast-font-family: "Times New Roman";">Find out whether your security has already been compromised. You might not know unless you look, and you will sleep better at night if you know.</span></li> <li class="MsoNormal" style="line-height: normal; mso-list: l0 level1 lfo1; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; tab-stops: list .5in;"><span style="font-family: "Times New Roman","serif"; font-size: 12.0pt; mso-fareast-font-family: "Times New Roman";">Stay on top of the latest security threats — with new attacks coming on the scene every day, you could become vulnerable even if nothing has changed since your last assessment!</span></li> <li class="MsoNormal" style="line-height: normal; mso-list: l0 level1 lfo1; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; tab-stops: list .5in;"><span style="font-family: "Times New Roman","serif"; font-size: 12.0pt; mso-fareast-font-family: "Times New Roman";">Make sure that your staff is being vigilant by maintaining a focus on IT security.</span></li> <li class="MsoNormal" style="line-height: normal; mso-list: l0 level1 lfo1; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; tab-stops: list .5in;"><span style="font-family: "Times New Roman","serif"; font-size: 12.0pt; mso-fareast-font-family: "Times New Roman";">Increase awareness and understanding of security issues throughout your company.</span></li> <li class="MsoNormal" style="line-height: normal; mso-list: l0 level1 lfo1; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; tab-stops: list .5in;"><span style="font-family: "Times New Roman","serif"; font-size: 12.0pt; mso-fareast-font-family: "Times New Roman";">Make smart security investments by prioritizing and focusing on the high-importance, high-payoff items.</span></li> <li class="MsoNormal" style="line-height: normal; mso-list: l0 level1 lfo1; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; tab-stops: list .5in;"><span style="font-family: "Times New Roman","serif"; font-size: 12.0pt; mso-fareast-font-family: "Times New Roman";">Demonstrate to your customers that security is important to you — this shows them that you care about them and their data.</span></li> </ul> <div class="MsoNormal" style="line-height: normal; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;"> <br /></div> <div class="MsoNormal" style="line-height: normal; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;"> <b style="mso-bidi-font-weight: normal;"><span style="font-family: "Times New Roman","serif"; font-size: 14.0pt; mso-fareast-font-family: "Times New Roman";">Q8.What Is The Difference Between Qualitative And Quantitative Risk Management ?</span></b></div> <div class="MsoNormal" style="line-height: normal; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;"> <br /></div> <table border="1" cellpadding="0" class="MsoNormalTable" style="border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-insideh: .75pt solid windowtext; mso-border-insidev: .75pt solid windowtext; mso-cellspacing: 1.5pt; mso-yfti-tbllook: 1184; width: 652px;"> <thead> <tr style="mso-yfti-firstrow: yes; mso-yfti-irow: 0;"> <td style="border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .75pt; padding: .75pt .75pt .75pt .75pt;"><div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;"> <br /></div> <div align="center" class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: center;"> <b><span style="font-family: "Times New Roman","serif"; font-size: 12.0pt; mso-fareast-font-family: "Times New Roman";">Perform Qualitative Risk Analysis</span></b></div> </td> <td style="border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .75pt; padding: .75pt .75pt .75pt .75pt; width: 257.15pt;" width="343"><div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;"> <br /></div> <div align="center" class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: center;"> <b><span style="font-family: "Times New Roman","serif"; font-size: 12.0pt; mso-fareast-font-family: "Times New Roman";">Perform Quantitative Risk Analysis</span></b></div> </td> </tr> </thead> <tbody> <tr style="mso-yfti-irow: 1;"> <td style="border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .75pt; padding: .75pt .75pt .75pt .75pt;"><div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;"> <span style="font-family: "Times New Roman","serif"; font-size: 12.0pt; mso-fareast-font-family: "Times New Roman";">Perform Qualitative Risk Analysis Process consider all the risks identified in the identify risk process.</span></div> </td> <td style="border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .75pt; padding: .75pt .75pt .75pt .75pt; width: 257.15pt;" width="343"><div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;"> <span style="font-family: "Times New Roman","serif"; font-size: 12.0pt; mso-fareast-font-family: "Times New Roman";">Perform Quantitative Risk Analysis process only considers the risks which are marked for further analysis in the Perform Qualitative Risk Analysis Process. These are the risks which have high impact on the project objectives.</span></div> </td> </tr> <tr style="mso-yfti-irow: 2;"> <td style="border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .75pt; padding: .75pt .75pt .75pt .75pt;"><div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;"> <span style="font-family: "Times New Roman","serif"; font-size: 12.0pt; mso-fareast-font-family: "Times New Roman";">Perform Qualitative Risk Analysis Process does not analyze the risks mathematically to identify the probability and distribution rather stakeholders inputs (expert judgment) are used to judge the probability and impact.</span></div> </td> <td style="border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .75pt; padding: .75pt .75pt .75pt .75pt; width: 257.15pt;" width="343"><div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;"> <span style="font-family: "Times New Roman","serif"; font-size: 12.0pt; mso-fareast-font-family: "Times New Roman";">Perform Quantitative Risk Analysis uses the probability distributions to characterize the risk’s probability and impact, it also use project model (e.g. Schedule, cost estimate), mathematical and simulation tools to calculate the probability and impact.</span></div> </td> </tr> <tr style="mso-yfti-irow: 3;"> <td style="border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .75pt; padding: .75pt .75pt .75pt .75pt;"><div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;"> <span style="font-family: "Times New Roman","serif"; font-size: 12.0pt; mso-fareast-font-family: "Times New Roman";">In this, we assess individual risks by assigning numeric ranking of probability and impact, usually the rank of 0 to 1 is used where 1 demonstrates high.</span></div> </td> <td style="border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .75pt; padding: .75pt .75pt .75pt .75pt; width: 257.15pt;" width="343"><div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;"> <span style="font-family: "Times New Roman","serif"; font-size: 12.0pt; mso-fareast-font-family: "Times New Roman";">This predicts likely project outcomes in terms of money or time based on combined effects of risks, it estimates the likelihood of meeting targets and contingency needed to achieve desired level of comfort.</span></div> </td> </tr> <tr style="mso-yfti-irow: 4; mso-yfti-lastrow: yes;"> <td style="border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .75pt; padding: .75pt .75pt .75pt .75pt;"><div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;"> <span style="font-family: "Times New Roman","serif"; font-size: 12.0pt; mso-fareast-font-family: "Times New Roman";">Perform Qualitative Risk Analysis process is usually applied in most of the projects.</span></div> </td> <td style="border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .75pt; padding: .75pt .75pt .75pt .75pt; width: 257.15pt;" width="343"><div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;"> <span style="font-family: "Times New Roman","serif"; font-size: 12.0pt; mso-fareast-font-family: "Times New Roman";">Perform Quantitative Risk Analysis Process may not be applied to many simple or moderately complex projects. We may not find its use in software projects.</span></div> </td> </tr> </tbody></table> <div class="MsoNormal" style="line-height: normal; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;"> <br /></div> <div class="MsoNormal" style="line-height: normal; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;"> <b style="mso-bidi-font-weight: normal;"><span style="font-family: "Times New Roman","serif"; font-size: 14.0pt; mso-fareast-font-family: "Times New Roman";">Q 9. What do you understand by VPN ?</span></b></div> A <span style="mso-bidi-font-weight: bold;">virtual private network</span> (<span style="mso-bidi-font-weight: bold;">VPN</span>) extends a <a href="http://en.wikipedia.org/wiki/Private_network" title="Private network"><span style="color: windowtext; text-decoration: none; text-underline: none;">private network</span></a> across a <a href="http://en.wikipedia.org/wiki/Public" title="Public"><span style="color: windowtext; text-decoration: none; text-underline: none;">public</span></a> network, such as the <a href="http://en.wikipedia.org/wiki/Internet" title="Internet"><span style="color: windowtext; text-decoration: none; text-underline: none;">Internet</span></a>. It enables a computer or network-enabled device to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security and management policies of the public network. A VPN is created by establishing a virtual <a href="http://en.wikipedia.org/wiki/Point-to-point_%28network_topology%29" title="Point-to-point (network topology)"><span style="color: windowtext; text-decoration: none; text-underline: none;">point-to-point</span></a> connection through the use of dedicated connections, virtual <a href="http://en.wikipedia.org/wiki/Tunneling_protocols" title="Tunneling protocols"><span style="color: windowtext; text-decoration: none; text-underline: none;">tunneling protocols</span></a>, or traffic encryption. Major implementations of VPNs include <a href="http://en.wikipedia.org/wiki/OpenVPN" title="OpenVPN"><span style="color: windowtext; text-decoration: none; text-underline: none;">OpenVPN</span></a> and <a href="http://en.wikipedia.org/wiki/IPsec" title="IPsec"><span style="color: windowtext; text-decoration: none; text-underline: none;">IPsec</span></a>.<br /> A VPN connection across the Internet is similar to a <a href="http://en.wikipedia.org/wiki/Wide_area_network" title="Wide area network"><span style="color: windowtext; text-decoration: none; text-underline: none;">wide area network</span></a> (WAN) link between websites. From a user perspective, the extended network resources are accessed in the same way as resources available within the private network.<br /> <br /> <div class="MsoNormal"> <b style="mso-bidi-font-weight: normal;"><span style="font-family: "Times New Roman","serif"; font-size: 14.0pt; line-height: 115%;">Q 10. What Are The Essential Ingredients Of A Symmetric Cipher?</span></b></div> <div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;"> <span style="font-family: "Times New Roman","serif"; font-size: 12.0pt; mso-fareast-font-family: "Times New Roman";">A symmetric encryption scheme has different ingredients <br /> <b style="mso-bidi-font-weight: normal;">Plaintext:</b> </span></div> <div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;"> <span style="font-family: "Times New Roman","serif"; font-size: 12.0pt; mso-fareast-font-family: "Times New Roman";">This is the original message or data that is fed into the algorithm as input.<br /> Encryption algorithm: The encryption algorithm performs various substitutions and transformations on the plaintext.<br /> <b style="mso-bidi-font-weight: normal;">Secret key:</b></span></div> <div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;"> <span style="font-family: "Times New Roman","serif"; font-size: 12.0pt; mso-fareast-font-family: "Times New Roman";"><span style="mso-spacerun: yes;"> </span>The secret key is also input to the encryption algorithm. The exact substitutions and transformations performed by the algorithm depend on the key.<br /> <b style="mso-bidi-font-weight: normal;">Ciphertext:</b> </span></div> <div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;"> <span style="font-family: "Times New Roman","serif"; font-size: 12.0pt; mso-fareast-font-family: "Times New Roman";">This is the scrambled message produced as output. It depends on the plaintext and the secret key. For a given message, two different keys will produce two different ciphertexts.<br /> <b style="mso-bidi-font-weight: normal;">Decryption algorithm: </b></span></div> <div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;"> <span style="font-family: "Times New Roman","serif"; font-size: 12.0pt; mso-fareast-font-family: "Times New Roman";">This is essentially the encryption algorithm run in reverse. It takes the ciphertext and the secret key and produces the original plaintext. </span></div> <div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;"> <br /></div> <div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;"> <b style="mso-bidi-font-weight: normal;"><span style="font-family: "Times New Roman","serif"; font-size: 14.0pt; mso-fareast-font-family: "Times New Roman";">Q11. What is Tipple DES ?</span></b></div> <div style="text-align: justify;"> In <a href="http://en.wikipedia.org/wiki/Cryptography" title="Cryptography"><span style="color: windowtext; text-decoration: none; text-underline: none;">cryptography</span></a>, <span style="mso-bidi-font-weight: bold;">Triple DES</span> (<span style="mso-bidi-font-weight: bold;">3DES</span>) is the common name for the <span style="mso-bidi-font-weight: bold;">Triple Data Encryption Algorithm</span> (<span style="mso-bidi-font-weight: bold;">TDEA</span> or <span style="mso-bidi-font-weight: bold;">Triple DEA</span>) <a href="http://en.wikipedia.org/wiki/Symmetric-key_algorithm" title="Symmetric-key algorithm"><span style="color: windowtext; text-decoration: none; text-underline: none;">symmetric-key</span></a> <a href="http://en.wikipedia.org/wiki/Block_cipher" title="Block cipher"><span style="color: windowtext; text-decoration: none; text-underline: none;">block cipher</span></a>, which applies the <a href="http://en.wikipedia.org/wiki/Data_Encryption_Standard" title="Data Encryption Standard"><span style="color: windowtext; text-decoration: none; text-underline: none;">Data Encryption Standard</span></a> (DES) cipher algorithm three times to each data block.</div> <div style="text-align: justify;"> The original DES cipher's <a href="http://en.wikipedia.org/wiki/Key_size" title="Key size"><span style="color: windowtext; text-decoration: none; text-underline: none;">key size</span></a> of 56 bits was generally sufficient when that algorithm was designed, but the availability of increasing computational power made <a href="http://en.wikipedia.org/wiki/Brute-force_attack" title="Brute-force attack"><span style="color: windowtext; text-decoration: none; text-underline: none;">brute-force attacks</span></a> feasible. Triple DES provides a relatively simple method of increasing the key size of DES to protect against such attacks, without the need to design a completely new block cipher algorithm.</div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> <b style="mso-bidi-font-weight: normal;"><span style="font-size: 14.0pt;">Q12 What is massage authentication code ?</span></b></div> In <a href="http://en.wikipedia.org/wiki/Cryptography" title="Cryptography"><span style="color: windowtext; text-decoration: none; text-underline: none;">cryptography</span></a>, a <span style="mso-bidi-font-weight: bold;">message authentication code</span> (often <span style="mso-bidi-font-weight: bold;">MAC</span>) is a short piece of information used to <a href="http://en.wikipedia.org/wiki/Authentication" title="Authentication"><span style="color: windowtext; text-decoration: none; text-underline: none;">authenticate</span></a> a <a href="http://en.wikipedia.org/wiki/Message" title="Message"><span style="color: windowtext; text-decoration: none; text-underline: none;">message</span></a> and to provide integrity and authenticity assurances on the message. Integrity assurances detect accidental and intentional message changes, while authenticity assurances affirm the message's origin.<br /> A MAC <a href="http://en.wikipedia.org/wiki/Algorithm" title="Algorithm"><span style="color: windowtext; text-decoration: none; text-underline: none;">algorithm</span></a>, sometimes called a <a href="http://en.wikipedia.org/wiki/HMAC" title="HMAC"><span style="color: windowtext; mso-bidi-font-weight: bold; text-decoration: none; text-underline: none;">keyed</span><span style="color: windowtext; text-decoration: none; text-underline: none;"> (<span style="mso-bidi-font-weight: bold;">cryptographic</span>) <span style="mso-bidi-font-weight: bold;">hash function</span></span></a> (however, cryptographic hash function is only one of the possible ways to generate MACs), accepts as input a <a href="http://en.wikipedia.org/wiki/Secret_key" title="Secret key"><span style="color: windowtext; text-decoration: none; text-underline: none;">secret key</span></a> and an arbitrary-length message to be authenticated, and outputs a MAC (sometimes known as a <i>tag</i>). The MAC value protects both a message's <a href="http://en.wikipedia.org/wiki/Data_integrity" title="Data integrity"><span style="color: windowtext; text-decoration: none; text-underline: none;">data integrity</span></a> as well as its <a href="http://en.wikipedia.org/wiki/Authentication" title="Authentication"><span style="color: windowtext; text-decoration: none; text-underline: none;">authenticity</span></a>, by allowing verifiers (who also possess the secret key) to detect any changes to the message content.<br /> <br /> <b style="mso-bidi-font-weight: normal;"><span style="font-size: 14.0pt;">Q13. what is digital signature ?</span></b><br /> <div style="text-align: justify;"> A <span style="mso-bidi-font-weight: bold;">digital signature</span> is a mathematical scheme for demonstrating the authenticity of a digital message or document. A valid digital signature gives a recipient reason to believe that the message was created by a known sender, such that the sender cannot deny having sent the message (<a href="http://en.wikipedia.org/wiki/Authentication" title="Authentication"><span style="color: windowtext; text-decoration: none; text-underline: none;">authentication</span></a> and <a href="http://en.wikipedia.org/wiki/Non-repudiation" title="Non-repudiation"><span style="color: windowtext; text-decoration: none; text-underline: none;">non-repudiation</span></a>) and that the message was not altered in transit (<a href="http://en.wikipedia.org/wiki/Data_integrity" title="Data integrity"><span style="color: windowtext; text-decoration: none; text-underline: none;">integrity</span></a>). Digital signatures are commonly used for software distribution, financial transactions, and in other cases where it is important to detect forgery or tampering.</div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> <b style="mso-bidi-font-weight: normal;"><span style="font-size: 14.0pt;">Q14. What is key distribution center ?</span></b></div> Domain services that use directories for holding account databases and global catalogs are called key distribution centers. In addition to holding these databases and catalogs, a key <a href="http://www.wisegeek.com/what-is-a-distribution-center.htm"><span style="color: windowtext; text-decoration: none; text-underline: none;">distribution center</span></a> uses them to refer to the key distribution centers of other domains. The idea of the key distribution center is based on cryptography and is used in computer <a href="http://www.wisegeek.com/what-is-network-security.htm"><span style="color: windowtext; text-decoration: none; text-underline: none;">network security</span></a>. The cryptography used in these centers is a system of secret codes that reduces the risk of exchanging keys, which are a form of information that is <a href="http://www.wisegeek.com/what-is-encryption.htm"><span style="color: windowtext; text-decoration: none; text-underline: none;">encrypted</span></a> and controls an algorithm’s operation. Oftentimes, this kind of center operates within a system that allows a limited amount of users access or allows users access within limited times.<br /> A key distribution center operates using Kerberos™, which is a protocol for network authentication. These centers ensure secure methods of authentication when requests are made for a computer network’s services. Generally, the distribution center operates as follows: a user requests access to particular services within a computer network, and the center uses encrypted techniques to authenticate that the user making the request is who he claims to be. The first request is sent to the server, which sends a notice for the user to authenticate himself. Upon completing this request, the request is then sent to a server for ticket granting.<br /> <br /> <b style="mso-bidi-font-weight: normal;"><span style="font-size: 14.0pt;">Q15 What Is Risk Management ?</span></b><br /> <span style="mso-bidi-font-weight: bold;">Risk management</span> is the identification, assessment, and prioritization of <a href="http://en.wikipedia.org/wiki/Risk" title="Risk"><span style="color: windowtext; text-decoration: none; text-underline: none;">risks</span></a> followed by coordinated and economical application of resources to minimize, monitor, and control the probability and/or impact of unfortunate events<sup id="cite_ref-Risk_Management_pg._46_1-0"> </sup><span style="mso-spacerun: yes;"> </span>or to maximize the realization of opportunities. Risk management’s objective is to assure <a href="http://en.wikipedia.org/wiki/Uncertainty" title="Uncertainty"><span style="color: windowtext; text-decoration: none; text-underline: none;">uncertainty</span></a> does not deviate the endeavor from the business goals. <br /> Risks can come from different ways e.g. uncertainty in financial markets, threats from project failures (at any phase in design, development, production, or sustainment life-cycles), legal liabilities, credit risk, accidents, <a href="http://en.wikipedia.org/wiki/Act_of_God" title="Act of God"><span style="color: windowtext; text-decoration: none; text-underline: none;">natural causes and disasters</span></a> as well as deliberate attack from an adversary, or events of uncertain or unpredictable <a href="http://en.wikipedia.org/wiki/Root_cause" title="Root cause"><span style="color: windowtext; text-decoration: none; text-underline: none;">root-cause</span></a>. There are two types of events i.e. negative events can be classified as risks while positive events are classified as opportunities. Several risk management <a href="http://en.wikipedia.org/wiki/Technical_standard" title="Technical standard"><span style="color: windowtext; text-decoration: none; text-underline: none;">standards</span></a> have been developed including the <a href="http://en.wikipedia.org/wiki/Project_Management_Institute" title="Project Management Institute"><span style="color: windowtext; text-decoration: none; text-underline: none;">Project Management Institute</span></a>, the <a href="http://en.wikipedia.org/wiki/National_Institute_of_Standards_and_Technology" title="National Institute of Standards and Technology"><span style="color: windowtext; text-decoration: none; text-underline: none;">National Institute of Standards and Technology</span></a>, actuarial societies, and ISO standards. Methods, definitions and goals vary widely according to whether the risk management method is in the context of project management, security, <a href="http://en.wikipedia.org/wiki/Risk_analysis_%28engineering%29" title="Risk analysis (engineering)"><span style="color: windowtext; text-decoration: none; text-underline: none;">engineering</span></a>, <a href="http://en.wikipedia.org/wiki/Industrial_%26_Organizational_Assessment" title="Industrial & Organizational Assessment"><span style="color: windowtext; text-decoration: none; text-underline: none;">industrial processes</span></a>, financial portfolios, actuarial assessments, or public health and safety.<br /> <br /> <b style="mso-bidi-font-weight: normal;"><span style="font-size: 14.0pt;">Q16 What is PGP ?</span></b><br /> PGP (Pretty good Privacy) is the most widely recognized public key encryption program in the world. It can be used to protect the privacy of <a href="http://www.wisegeek.com/what-is-email.htm"><span style="color: windowtext;">email</span></a>, data files, drives and instant messaging.<br /> Traffic on the Internet is susceptible to snooping by third parties with a modicum of skill. Data packets can be captured and stored for years. Even mail servers will often indefinitely store messages, which can be read now or at a future point, sometimes long after the author has changed his or her point of view. Email, unlike a phone call or letter, is not legally protected as private communication, and can therefore be read by third parties, legal or otherwise, without permission or knowledge of the author. Many privacy watchdog groups advocate, <i>if you aren't using encryption, don't include anything in an email you wouldn't want to see published.</i> Ideally this includes personal information as well, such as name, address, phone number, passwords, and so on.<br /> PGP encryption provides privacy missing from online communication. It changes plain, readable text into a complex code of characters that is completely unreadable. The email or instant message travels to the destination or recipient in this cyphered form. The recipient uses PGP to decrypt the message back into readable form. </div>

Various Concepts Used In ISRM

Q1. What Is DOS ? DoS attack - Denial of Service attack is a type of attack on a network that is designed to bring the network to it...

Read more »