Question:
(a) Do you agree with the following statements (specify your reasons to support your answer for each):-
i) Policies are the foundation for the development of standards, guidelines and procedures
ii) Developing Recovery Time Objectives for critical functions directly relate to Business Continuity.
iii) To ensure that a disaster recovery test is successful, key systems are restored to identical operating system releases and hardware configurations
(b) Explain briefly the vulnerability exploited by the following access control threats and their possible countermeasures (i) Buffer Overflow and (ii) Botnets.
(c) Explain what is meant by the terms Recovery Point Objective (RPO) and Recovery Time Objective (RTO) and their relative importance in incident response?
(d) Describe the importance and functions of the Information Security Steering Committee for effective Information Security Governance.