Question 1 Information is a very important asset of an organisation, it must be protected and transmitted in a more secure manner. List and explain five characteristics of information that must be...

PFA


Question 1 Information is a very important asset of an organisation, it must be protected and transmitted in a more secure manner. List and explain five characteristics of information that must be present to guarantee security. (10) Question 2 Define the term hacking and briefly describe the five phases of hacking phases. (10) Question 3 Describe and explain the following attacks. (20) The answers should include the following: - What is the objective of the attacker? - Topology of the attack (diagram) - How does the attack exploit the system? a) Man-in-the Middle attack (8) b) Denial-of -service attack (6) c) IP spoofing (6) Question 4 List and explain five malware attacks that a hackers can execute to compromise the organization’s information, networks, and information systems. (10) Question 5 Discuss the any two South African laws that can help prevent collection, storage, access, and transmission of personal information without consent of individuals? (10). Question 6 For companies to be able to enforce their information security policies and procedure there are certain requirement that must be met. What are the requirements for a policy to become enforceable? (10) Question 7 Most business which does not have business continuity and disaster recovery plans most times fail to survive when acts of nature happens. Why is business continuity and disaster recovery planning important to an organization or business continuity? (10) Question 8 Remote working has become a most common practice most business has adopted to survive during the pandemic. Most employees have been working from home over the past 18 months. The remote working strategy seemed to have benefited many companies while at the same time, the companies have also been exposed to cybercriminals. As an Information Security Expert, you are required to advice the IT department technicians two best solutions that can help the business minimize cybercriminals to access the business sensitive information and use employees to access the company system. The solution you are recommending should be able to prevent access of unauthorized the business information systems and networks. In your answer describe each solution and how it can be implemented (10). Question 9 When you are running an Intrusion Detection System/Intrusion Prevention System: a. What is the difference between false positive and false negative alarms? (5) b. As a security expert which one of the two must be attended to prevent an attack (5)