Question 1:
(a) Explain what is meant by the term „incident handling? in the context of information security.
(b) Describe the main features of an effective incident management system.
(c) Explain the main goals of a Business Impact Assessment for management and its role in incident management.
(d) Explain the main phases of the OCTAVE method for risk assessment and the key success factors for its implementation.
Question 2:
You have just been appointed as Security Consultant, reporting directly to the Chief Executive Officer in a major bookstore which in addition to its main store also operates an interactive website where orders can be placed online by customers as well as accepting credit card payments online. Your role is to advise management on what needs to be done by the company to be compliant with section 6.6 of the Payment Card Industry Data Security Standard. Your answer should state the security requirements for section 6.6 of the PCI DSS and focus on the process and options that management need to consider in order to secure web-based applications to be compliant with section 6.6.