Question:
(a) What are the various options to mitigate risks in an Information Security Management System (ISMS)? For each option specify an instance where it can be used.
(b) Explain what measures should be implemented by an ISO compliant organisation to protect the security of physical data in transit. Mention the control and clause number in ISO 27001.
(c) When is it acceptable for the manager overseeing the execution of a risk analysis review to not take action on an identified risk?
(d) A company has been experiencing a rash of laptop thefts. Outline two scenarios driven by different threat-motivations. In each scenario identify
i. Asset
ii. Threat-source
iii. Threat-motivation
iv. A vulnerability exploited
v. A potential control