YG Entertainment (YGE) is a company dedicated to producing and distributing video clips specializing in hip-hop music. Born in the internet era, the company has actively supported laptops and tablets, so staff can easily work remotely. They can access the company databases through the internet and provide online information to customers. This decision to support remote work has increased productivity and high morale among employees who were allowed to work up to two (2) days a week from home. Based on written procedures and a training course, employees learn security procedures to avoid the risk of unauthorized access to company data. Employees’ access to the company data includes using log-on IDs and passwords to the application server through a virtual private network (VPN). Initial passwords are assigned by the security administrator. When the employee logs on for the first time, the system forces a password change to improve confidentiality. Management is currently considering ways to improve security protection for remote access by employees. YGE ask its information system (IS) auditor to review its new VPN implementation to accommodate the increase in remote work. The auditor discovers that the organization needed to enable remote access to one of its servers for remote maintenance purposes. The firewall policy did not allow any external access to the internal systems. Therefore, it was decided to install a modem on that server and activate the remote access service to permit dial-up access. To mitigate any vulnerabilities associated with dial-up modems, a policy has been implemented to manually power the modem only when the third party requests access to the server and is powered off by the company’s system administrator when the access is no longer needed. Because more and more systems are being maintained remotely, the company asks an IS auditor to evaluate the current risk of the existing solution and propose the best strategy for addressing future connectivity requirements. Required: a. When an employee notifies the company that he/she has forgotten his/her password, what should be done FIRST by the security administrator? b. What is the MOST significant risk that the IS auditor should evaluate regarding the existing remote access practice? c. What control may be implemented to prevent an attack on the internal network initiated through an internet VPN connection? d. What test is MOST important for the IS auditor to perform as part of the review of dial-up access controls?

Computer Networking: A Top-Down Approach (7th Edition)
7th Edition
ISBN:9780133594140
Author:James Kurose, Keith Ross
Publisher:James Kurose, Keith Ross
Chapter1: Computer Networks And The Internet
Section: Chapter Questions
Problem R1RQ: What is the difference between a host and an end system? List several different types of end...
icon
Related questions
Question
100%

YG Entertainment (YGE) is a company dedicated to producing and distributing video clips specializing in hip-hop music. Born in the internet era, the company has actively supported laptops and tablets, so staff can easily work remotely. They can access the company databases through the internet and provide online information to customers. This decision to support remote work has increased productivity and high morale among employees who were allowed to work up to two (2) days a week from home. Based on written procedures and a training course, employees learn security procedures to avoid the risk of unauthorized access to company data. Employees’ access to the company data includes using log-on IDs and passwords to the application server through a virtual private network (VPN). Initial passwords are assigned by the security administrator. When the employee logs on for the first time, the system forces a password change to improve confidentiality. Management is currently considering ways to improve security protection for remote access by employees. YGE ask its information system (IS) auditor to review its new VPN implementation to accommodate the increase in remote work. The auditor discovers that the organization needed to enable remote access to one of its servers for remote maintenance purposes. The firewall policy did not allow any external access to the internal systems. Therefore, it was decided to install a modem on that server and activate the remote access service to permit dial-up access. To mitigate any vulnerabilities associated with dial-up modems, a policy has been implemented to manually power the modem only when the third party requests access to the server and is powered off by the company’s system administrator when the access is no longer needed. Because more and more systems are being maintained remotely, the company asks an IS auditor to evaluate the current risk of the existing solution and propose the best strategy for addressing future connectivity requirements.

Required:

a. When an employee notifies the company that he/she has forgotten his/her password, what should be done FIRST by the security administrator?

b. What is the MOST significant risk that the IS auditor should evaluate regarding the existing remote access practice?

c. What control may be implemented to prevent an attack on the internal network initiated through an internet VPN connection?

d. What test is MOST important for the IS auditor to perform as part of the review of dial-up access controls?

Expert Solution
trending now

Trending now

This is a popular solution!

steps

Step by step

Solved in 2 steps

Blurred answer
Recommended textbooks for you
Computer Networking: A Top-Down Approach (7th Edi…
Computer Networking: A Top-Down Approach (7th Edi…
Computer Engineering
ISBN:
9780133594140
Author:
James Kurose, Keith Ross
Publisher:
PEARSON
Computer Organization and Design MIPS Edition, Fi…
Computer Organization and Design MIPS Edition, Fi…
Computer Engineering
ISBN:
9780124077263
Author:
David A. Patterson, John L. Hennessy
Publisher:
Elsevier Science
Network+ Guide to Networks (MindTap Course List)
Network+ Guide to Networks (MindTap Course List)
Computer Engineering
ISBN:
9781337569330
Author:
Jill West, Tamara Dean, Jean Andrews
Publisher:
Cengage Learning
Concepts of Database Management
Concepts of Database Management
Computer Engineering
ISBN:
9781337093422
Author:
Joy L. Starks, Philip J. Pratt, Mary Z. Last
Publisher:
Cengage Learning
Prelude to Programming
Prelude to Programming
Computer Engineering
ISBN:
9780133750423
Author:
VENIT, Stewart
Publisher:
Pearson Education
Sc Business Data Communications and Networking, T…
Sc Business Data Communications and Networking, T…
Computer Engineering
ISBN:
9781119368830
Author:
FITZGERALD
Publisher:
WILEY