YG Entertainment (YGE) is a company dedicated to producing and distributing video clips specializing inhip-hop music. Born in the internet era, the company has actively supported laptops and tablets, so staffcan easily work remotely. They can access the company databases through the internet and provide onlineinformation to customers. This decision to support remote work has increased productivity and high moraleamong employees who were allowed to work up to two (2) days a week from home. Based on writtenprocedures and a training course, employees learn security procedures to avoid the risk of unauthorizedaccess to company data. Employees’ access to the company data includes using log-on IDs and passwordsto the application server through a virtual private network (VPN). Initial passwords are assigned by thesecurity administrator. When the employee logs on for the first time, the system forces a password changeto improve confidentiality. Management is currently considering ways to improve security protection forremote access by employees.YGE ask its information system (IS) auditor to review its new VPN implementation to accommodate theincrease in remote work. The auditor discovers that the organization needed to enable remote access toone of its servers for remote maintenance purposes. The firewall policy did not allow any external accessto the internal systems. Therefore, it was decided to install a modem on that server and activate the remoteaccess service to permit dial-up access. To mitigate any vulnerabilities associated with dial-up modems, apolicy has been implemented to manually power the modem only when the third party requests access tothe server and is powered off by the company’s system administrator when the access is no longer needed.Because more and more systems are being maintained remotely, the company asks an IS auditor toevaluate the current risk of the existing solution and propose the best strategy for addressing futureconnectivity requirements.Required:a. When an employee notifies the company that he/she has forgotten his/her password, what should bedone FIRST by the security administrator?b. What is the MOST significant risk that the IS auditor should evaluate regarding the existing remoteaccess practice?c. What control may be implemented to prevent an attack on the internal network initiated through aninternet VPN connection?d. What test is MOST important for the IS auditor to perform as part of the review of dial-up accesscontrols?
YG Entertainment (YGE) is a company dedicated to producing and distributing video clips specializing inhip-hop music. Born in the internet era, the company has actively supported laptops and tablets, so staffcan easily work remotely. They can access the company databases through the internet and provide onlineinformation to customers. This decision to support remote work has increased productivity and high moraleamong employees who were allowed to work up to two (2) days a week from home. Based on writtenprocedures and a training course, employees learn security procedures to avoid the risk of unauthorizedaccess to company data. Employees’ access to the company data includes using log-on IDs and passwordsto the application server through a virtual private network (VPN). Initial passwords are assigned by thesecurity administrator. When the employee logs on for the first time, the system forces a password changeto improve confidentiality. Management is currently considering ways to improve security protection forremote access by employees.YGE ask its information system (IS) auditor to review its new VPN implementation to accommodate theincrease in remote work. The auditor discovers that the organization needed to enable remote access toone of its servers for remote maintenance purposes. The firewall policy did not allow any external accessto the internal systems. Therefore, it was decided to install a modem on that server and activate the remoteaccess service to permit dial-up access. To mitigate any vulnerabilities associated with dial-up modems, apolicy has been implemented to manually power the modem only when the third party requests access tothe server and is powered off by the company’s system administrator when the access is no longer needed.Because more and more systems are being maintained remotely, the company asks an IS auditor toevaluate the current risk of the existing solution and propose the best strategy for addressing futureconnectivity requirements.Required:a. When an employee notifies the company that he/she has forgotten his/her password, what should bedone FIRST by the security administrator?b. What is the MOST significant risk that the IS auditor should evaluate regarding the existing remoteaccess practice?c. What control may be implemented to prevent an attack on the internal network initiated through aninternet VPN connection?d. What test is MOST important for the IS auditor to perform as part of the review of dial-up accesscontrols?
Chapter1: Financial Statements And Business Decisions
Section: Chapter Questions
Problem 1Q
Related questions
Question
YG Entertainment (YGE) is a company dedicated to producing and distributing video clips specializing inhip-hop music. Born in the internet era, the company has actively supported laptops and tablets, so staffcan easily work remotely. They can access the company databases through the internet and provide onlineinformation to customers. This decision to support remote work has increased productivity and high moraleamong employees who were allowed to work up to two (2) days a week from home. Based on writtenprocedures and a training course, employees learn security procedures to avoid the risk of unauthorizedaccess to company data. Employees’ access to the company data includes using log-on IDs and passwordsto the application server through a virtual private network (VPN). Initial passwords are assigned by thesecurity administrator. When the employee logs on for the first time, the system forces a password changeto improve confidentiality. Management is currently considering ways to improve security protection forremote access by employees.YGE ask its information system (IS) auditor to review its new VPN implementation to accommodate theincrease in remote work. The auditor discovers that the organization needed to enable remote access toone of its servers for remote maintenance purposes. The firewall policy did not allow any external accessto the internal systems. Therefore, it was decided to install a modem on that server and activate the remoteaccess service to permit dial-up access. To mitigate any vulnerabilities associated with dial-up modems, apolicy has been implemented to manually power the modem only when the third party requests access tothe server and is powered off by the company’s system administrator when the access is no longer needed.Because more and more systems are being maintained remotely, the company asks an IS auditor toevaluate the current risk of the existing solution and propose the best strategy for addressing futureconnectivity requirements.Required:a. When an employee notifies the company that he/she has forgotten his/her password, what should bedone FIRST by the security administrator?b. What is the MOST significant risk that the IS auditor should evaluate regarding the existing remoteaccess practice?c. What control may be implemented to prevent an attack on the internal network initiated through aninternet VPN connection?d. What test is MOST important for the IS auditor to perform as part of the review of dial-up accesscontrols?
Expert Solution
This question has been solved!
Explore an expertly crafted, step-by-step solution for a thorough understanding of key concepts.
Step by step
Solved in 2 steps
Knowledge Booster
Learn more about
Need a deep-dive on the concept behind this application? Look no further. Learn more about this topic, accounting and related others by exploring similar questions and additional content below.Recommended textbooks for you
Accounting
Accounting
ISBN:
9781337272094
Author:
WARREN, Carl S., Reeve, James M., Duchac, Jonathan E.
Publisher:
Cengage Learning,
Accounting Information Systems
Accounting
ISBN:
9781337619202
Author:
Hall, James A.
Publisher:
Cengage Learning,
Accounting
Accounting
ISBN:
9781337272094
Author:
WARREN, Carl S., Reeve, James M., Duchac, Jonathan E.
Publisher:
Cengage Learning,
Accounting Information Systems
Accounting
ISBN:
9781337619202
Author:
Hall, James A.
Publisher:
Cengage Learning,
Horngren's Cost Accounting: A Managerial Emphasis…
Accounting
ISBN:
9780134475585
Author:
Srikant M. Datar, Madhav V. Rajan
Publisher:
PEARSON
Intermediate Accounting
Accounting
ISBN:
9781259722660
Author:
J. David Spiceland, Mark W. Nelson, Wayne M Thomas
Publisher:
McGraw-Hill Education
Financial and Managerial Accounting
Accounting
ISBN:
9781259726705
Author:
John J Wild, Ken W. Shaw, Barbara Chiappetta Fundamental Accounting Principles
Publisher:
McGraw-Hill Education