Question 1:
Illustrate briefly how the ISO 27001 Standard can be employed as generic framework for compliance with the Sarbanes-Oxley and Basel II.
Question 2:
Illustrate what is meant by
(i) Segregation of duties and
(ii) Compensating control.
Exemplify your answer with an illustration.
Question 3:
Describe briefly the major objectives of penetration testing and recognize three (3) potential security risks that a penetration testing can address. Which penetration testing strategy can more cost effectively test organisation’s network design? Justify your answer.
Question 4:
Describe briefly the following the terms:-
(i) Buffer Overflow
(ii) Denial of Service Attack
(iii) Phishing attack and countermeasures