Case Study A Scenario A major retailer asked the IS auditor to review their readiness for complying with credit card company requirements for protecting cardholder information. The IS auditor subsequently learned the following information. The retailer uses wireless point-of-sale registers that connect to application servers located at each store. These registers use wired equivalent protection (WEP) encryption. The application server, usually located in the middle of the store’s customer service area, forwards all sales data over a frame relay network to database servers located at the retailer’s corporate headquarters, and using strong encryption over an Internet virtual private network (VPN) to the credit card processor for approval of the sale. Corporate databases are located on a protected screened subset of the corporate local area network. Additionally, weekly aggregate sales data by product line is copied from the corporate databases to magnetic media and mailed to a third party for analysis of buying patterns. It was noted that the retailer’s database software has not been patched in over two years. This is because vendor support for the database package was dropped due to management’s plans to eventually upgrade to a new ERP system. REQUIRED: Choose and Explain Briefly 1.Which of the following would present the MOST significant risk to the retailer? A. Wireless point-of-sale registers use WEP encryption. B. Databases patches are severely out-of-date. C. Credit cardholder information is sent over the Internet. D. Aggregate sales data are mailed to a third party. 2. Based on the case study, which of the following controls would be the MOST important to implement? A. Store application servers should be located in a secure area. B. Point-of-sale registers should use two-factor authentication. C. Wireless access points should use MAC address filtering. D. Aggregate sales data sent offsite should be encrypted.

Essentials Of Investments
11th Edition
ISBN:9781260013924
Author:Bodie, Zvi, Kane, Alex, MARCUS, Alan J.
Publisher:Bodie, Zvi, Kane, Alex, MARCUS, Alan J.
Chapter1: Investments: Background And Issues
Section: Chapter Questions
Problem 1PS
icon
Related questions
Question

Case Study A Scenario

A major retailer asked the IS auditor to review their readiness for complying with credit card company requirements for protecting cardholder information. The IS auditor subsequently learned the following information. The retailer uses wireless point-of-sale registers that connect to application servers located at each store. These registers use wired equivalent protection (WEP) encryption.

The application server, usually located in the middle of the store’s customer service area, forwards all sales data over a frame relay network to database servers located at the retailer’s corporate headquarters, and using strong encryption over an Internet virtual private network (VPN) to the credit card processor for approval of the sale.

Corporate databases are located on a protected screened subset of the corporate local area network. Additionally, weekly aggregate sales data by product line is copied from the corporate databases to magnetic media and mailed to a third party for analysis of buying patterns. It was noted that the retailer’s database software has not been patched in over two years. This is because vendor support for the database package was dropped due to management’s plans to eventually upgrade to a new ERP system.

REQUIRED: Choose and Explain Briefly

1.Which of the following would present the MOST significant risk to the retailer?

A. Wireless point-of-sale registers use WEP encryption.

B. Databases patches are severely out-of-date.

C. Credit cardholder information is sent over the Internet.

D. Aggregate sales data are mailed to a third party.

2. Based on the case study, which of the following controls would be the MOST important to implement?

A. Store application servers should be located in a secure area.

B. Point-of-sale registers should use two-factor authentication.

C. Wireless access points should use MAC address filtering.

D. Aggregate sales data sent offsite should be encrypted.

Expert Solution
trending now

Trending now

This is a popular solution!

steps

Step by step

Solved in 2 steps

Blurred answer
Knowledge Booster
Internal Control Components
Learn more about
Need a deep-dive on the concept behind this application? Look no further. Learn more about this topic, finance and related others by exploring similar questions and additional content below.
Recommended textbooks for you
Essentials Of Investments
Essentials Of Investments
Finance
ISBN:
9781260013924
Author:
Bodie, Zvi, Kane, Alex, MARCUS, Alan J.
Publisher:
Mcgraw-hill Education,
FUNDAMENTALS OF CORPORATE FINANCE
FUNDAMENTALS OF CORPORATE FINANCE
Finance
ISBN:
9781260013962
Author:
BREALEY
Publisher:
RENT MCG
Financial Management: Theory & Practice
Financial Management: Theory & Practice
Finance
ISBN:
9781337909730
Author:
Brigham
Publisher:
Cengage
Foundations Of Finance
Foundations Of Finance
Finance
ISBN:
9780134897264
Author:
KEOWN, Arthur J., Martin, John D., PETTY, J. William
Publisher:
Pearson,
Fundamentals of Financial Management (MindTap Cou…
Fundamentals of Financial Management (MindTap Cou…
Finance
ISBN:
9781337395250
Author:
Eugene F. Brigham, Joel F. Houston
Publisher:
Cengage Learning
Corporate Finance (The Mcgraw-hill/Irwin Series i…
Corporate Finance (The Mcgraw-hill/Irwin Series i…
Finance
ISBN:
9780077861759
Author:
Stephen A. Ross Franco Modigliani Professor of Financial Economics Professor, Randolph W Westerfield Robert R. Dockson Deans Chair in Bus. Admin., Jeffrey Jaffe, Bradford D Jordan Professor
Publisher:
McGraw-Hill Education