Why is human behavior considered one of the biggest potential threats to operating system integrity?
STUDY QUESTIONS
- Why is human behavior considered one of the biggest potential threats to operating system integrity?
- What are the issues that need to be considered before implementing keystroke monitoring?
- Describe the three ways on how an audit trail can be used to support security objectives.
- Explain how poorly designed audit trail logs can actually be dysfunctional.
- Why would a systems programmer create a back door if he or she has access to the program in his or her day-to-day tasks?
PROBLEMS
Problem 1:
Charles Hart, an accounts payable clerk, is an hourly employee. He never works a minute past 5 P.M. unless the overtime has been approved. Charles has recently found himself faced with some severe financial difficulties. He has been accessing the system from his home during the evening and setting up an embezzlement scheme. As his boss, what control technique(s) can be used to help detect this type of fraud?
Problem 2:
In 2002, Mr. Rollerball started Mighty Mouse, Inc., a small, 75-employee firm that produces and sells wireless keyboards and other devices to vendors through its manufacturing plant in Little Rock, Arkansas. In its first 2 years of business, MM saw a substantial growth in sales and at current capacity was unable to keep up with demand. To compete, MM enlarged its manufacturing facilities. The new facility increased to 250 employees. During this period of expansion, MM has paid little attention to internal control procedures.
Recently, systems problems and hardware failures have caused the operating system to crash. Mr. Rollerball was extremely concerned to discover that confidential company information had been printed out a result of these crashes. Also, important digital documents were erased from storage media.
Malicious programs such as viruses, worms, and Trojan horses have plagued the company and caused significant data corruption. MM has devoted significant funds and time trying to fix the damage caused to its operating system.
Out of necessity to get the job done, as well as for philosophical reasons, system administrators and programmers have provided users relatively free access to the operating
system. Restricting access was found to inhibit business and impede recovery from systems failures. From the outset, an open approach was regarded as an efficient and effective way to ensure that everyone obtained the information they needed to perform their jobs.
Requirement:
- What internal control problems do you find?
- How can MM improve internal controls?
Problem 3:
Analyze the following scenarios:
- The systems operator opened a bag of burned microwave popcorn directly under a smoke detector in the computing room where two mainframes, three high-speed printers, and approximately 40 tapes are housed. The extremely sensitive smoke detector triggered the sprinkler system. Three minutes passed before the sprinklers could be turned off.
- A system programmer intentionally placed an error into a program that causes the operating system to fail and dump certain confidential information to disks and printers.
- Jane’s employer told her she would be laid off in 3 weeks. After 2 weeks, Jane realized that finding another secretarial job was going to be very tough. She became bitter. Her son told her about a virus that had infected his school’s computers and that one of his disks had been infected. Jane took the infected disk to work and copied it onto the network server, which is connected to the company’s mainframe. One month later, the company realized that some data and application programs had been destroyed.
- Robert discovered a new sensitivity analysis public domain program on the Internet. He downloaded the software to his personal computer at home, then took the application to work and placed it onto his networked personal computer. The program had a virus on it that eventually spread to the company’s mainframe.
- Murray, a trusted employee and a systems engineer, had access to both the computer access control list and user passwords. The firm’s competitor recently hired him for twice his salary. After leaving, Murray continued to browse through his old employer’s data, such as price lists, customer lists, bids on jobs, and so on. He passed this information on to his new employer.
Requirement:
For each scenario, Identify the control lapses, discuss the potential consequences and give a control that can prevent or detect and correct the risks involved..
Scenario |
Control lapses |
Potential consequence(s) |
Suggested controls |
Scenario A |
|
|
|
Scenario B |
|
|
|
Scenario C |
|
|
|
Scenario D |
|
|
|
Scenario E |
|
|
|
Trending now
This is a popular solution!
Step by step
Solved in 2 steps