1.1 Evaluate the three key activities for information security as per the Standard of Good Practice for Information Security indicating which, you believe, is the weakest area of information security in any organization. Your view must incorporate the elements and scope off the risk assessment. Substantiate your view with references from the case. QUESTION TWO (20 MARKS) 2.1 "The classifications of security indents are done according to ISO 27035 standard." With reference to this statement and the case study, assess the countermeasures that may be employed for protection against cyberattacks. Your assessment should provide a detailed explanation of the typical phases in the digital forensics process. QUESTION THREE (25 MARKS) 3.1 You have been appointed as the Head: IT Security of NEW-IT Company. Provide a report detailing the recommended measures that NEW-IT Company must take to ensure security while giving remote working rights to an employee. Your recommendations must differentiate between malicious behaviour, negligent behaviour, and accidental behaviour. Page 5 of 6 QUESTION FOUR (25 MARKS) 4.1 Summarise the key objectives of an external security audit and the generic steps to be followed for security compliance monitoring paying special attention to the guidelines defined by COBIT 5 for the performance and conformance processes. TOTAL MARKS: 100