Illustrate briefly how the ISO 27001 Standard can be employed as generic framework for compliance with the Sarbanes-Oxley and Basel II.
Illustrate what is meant by
(i) Segregation of duties and
(ii) Compensating control.
Exemplify your answer with an illustration.
Describe briefly the major objectives of penetration testing and recognize three (3) potential security risks that a penetration testing can address. Which penetration testing strategy can more cost effectively test organisation’s network design? Justify your answer.
Describe briefly the following the terms:-
(i) Buffer Overflow
(ii) Denial of Service Attack
(iii) Phishing attack and countermeasures