Question:
(a) What are the various options to mitigate risks in an Information Security Management System (ISMS)? For each option specify an instance where it can be used.
(b) Explain what is meant by ‘clear desk and clear screen policy' and how is compliance verified. Mention the control and clause number in ISO 27001:2005.
(c) Explain briefly the vulnerability exploited by the following access control threats and their possible countermeasures (i) Buffer Overflow and (ii) Botnets.
(d) Explain what is meant by Type I error, Type II error and the cross over error rate for a biometric system. What is considered the most important error for a biometric access control system?
(e) Explain the difference between a signature based IDS and a statistical anomaly IDS.