EBK ESSENTIALS OF MIS
12th Edition
ISBN: 8220101459305
Author: LAUDON
Publisher: PEARSON
expand_more
expand_more
format_list_bulleted
Question
Chapter 8, Problem 9HMP
Program Plan Intro
System vulnerability:
- When huge data amounts are been kept in electronic form, it becomes susceptible to many threats.
- The
information systems in many locations are been interconnected through communication networks. - The unauthorized access can occur at many access points in network and is not limited to single location.
- The data flowing over networks could be accessed; valuable information could be stolen while transmission or data could be altered without authorization.
- The denial-of-service attacks are launched by intruders to disrupt website operations.
- Internets are vulnerable than internal networks as it is open to everyone.
Explanation of Solution
Platform to address:
- First platform:
- o The Windows Vista Ultimate operated by high level administrators has access to areas that other users do not have.
- o The core system operations are affected by task of administrators.
- Second platform:
- o The windows server with corporate applications denotes second platform.
- o The business conduction may be affected if corporate applications are corrupted.
- Third platform:
- o The Sun Solaris with e-commerce and web servers denote third platform.
- o The internal operations are ensured to be safe and secure...
Explanation of Solution
Types of control problems:
- The types of control problems includes:
-
o General controls:
- It governs design, security, and use of computer programs and data file security.
- It is applied to all computerized applications.
- It consists of a combination of software, hardware and manual procedures that creates overall control environment.
- Windows Vista ultimate for high level administrators.
- Sun Solaris for e-commerce and web servers.
-
o Application controls:
- It denotes specific controls that are unique to each computerized application.
- It includes payroll or order processing.
- It includes both manual as well as automated procedures that ensure authorized data processing.
- It can be classified as input controls, output controls and processing controls...
-
o General controls:
Explanation of Solution
Risk of ignoring security vulnerabilities:
- The technical, environmental and organizational threats can be faced by information systems.
- The top priority should be given system security and it should be ensured by managers at all levels.
- The security awareness should be spread to all employees...
Expert Solution & Answer
Want to see the full answer?
Check out a sample textbook solutionStudents have asked these similar questions
Chain Link Consulting is an information technology consulting company that focuses on system security concerns. When the company's president asks you to assist her with the preparation of a presentation for a group of potential clients at a trade show meeting next month, you say "yes." First and foremost, she would like you to examine system security concerns in light of all six security levels. Afterwards, she wants you to come up with a list of methods that Chain Link might evaluate a client's security procedures in order to obtain an accurate evaluation of their level of exposure.It was her way of making the situation more intriguing by saying that it was fine to be imaginative in your ideas, but that you should avoid proposing anything that would be unlawful or immoral. Example: It might be OK to pretend as a job candidate with phony references to see whether they were being reviewed, but it would be inappropriate to steal a lock and access the computer room to check on things.Your…
Perform a literature review to study and compare security mechanisms offered by any TWO cloud computing service providers e.g. Amazon, Microsoft, Google, Alibaba, IBM, etc. Analyze extensively and write a technical report on how the selected service providers guarantee security for the clients/customers data security
Submission
Technical Report. Prepare a technical report (free format) with the following structure:
Introduction
Details review of selected service providers – review must include all security features and mechanisms to guarantees clients/customers data security
Discussion – Suggest which service provider between the two that provide better security mechanisms and features
Conclusion
This week, your flooring sales and installation company client wants you to explain the different kinds of attack threats their business faces from hackers.
Write a 1- to 2-page memo or create a 1- to 2-page table that summarizes attack threats from hackers to any business, noting which are applicable to your client's business; how the vulnerabilities in a system can be exposed; and countermeasures that can mitigate against threats from attack.
Describe sniffing attacks, identify a protocol that is vulnerable to sniffing, and suggest appropriate countermeasures.
Describe session hijacking, provide an example of a specific threat from session hijacking, and recommend appropriate countermeasures for the threat.
Describe spoofing, provide an example of a specific threat from spoofing, and recommend appropriate countermeasures for the threat.
Describe poisoning attacks, provide an example of a specific threat from a poisoning attack, and recommend appropriate countermeasures…
Knowledge Booster
Similar questions
- CyberTech is a medium sized web application company that provides different software to its customers on SAS (Software as Service) model. After successful implementation and approaching maturity in business operations, board of the company decided to implement security framework to strengthen security posture and to gain more confidence of the customers.CISO of the organization recommends adopting ISO27001:2013 standard and get certified. CISO’s recommendations being appreciated by board and the CIO. CISO is being asked to write a report to explain;a. Steps involved in implementation of the standard.b. Deliverables associated with each step.Write an advisory report to the CIO covering the topics.arrow_forwardThe organization you work for in Abu Dhabi is a startup company with 2 years in business. To comply with regulations, your CISO has decided to propose implementation of Information Security Management System (ISMS). As a member of the security team, you have to analyze the business needs for ISMS. Demonstrate effective contributions to the ISMS project team relevant to an assigned task as below: Introduce the Organization Demonstrate your project team Highlight the roles and responsibilities of each team member on the project Develop the ISMS for the organization by utilizing all the steps of from the ISO Standard 27001.arrow_forwardChain Link Consulting is an IT consulting firm that specializes in system security issues. The company’s president has asked you to help her put together a presentation to a group of potential clients at a trade show meeting next month. First, she wants you to review system security issues, considering all six security levels. Then she wants you to come up with a list of ways that Chain Link could test a client’s security practices, in order to get a real-world assessment of vulnerability. To make matters more interesting, she told you it was OK to be creative in your recommendations, but not to propose any action that would be illegal or unethical. For example, it would be OK to pose as a job applicant with false references to see if they were being checked, but it would not be appropriate to pick a lock and enter the computer room. Your report is due tomorrow. What will you suggest? Explain your answer thoroughly and explain well.arrow_forward
- Chain Link Consulting is an IT consulting firm that specializes in system security issues. The company’s president has asked you to help her put together a presentation to a group of potential clients at a trade show meeting next month. First, she wants you to review system security issues, considering all six security levels. Then she wants you to come up with a list of ways that Chain Link could test a client’s security practices, in order to get a real-world assessment of vulnerability. To make matters more interesting, she told you it was OK to be creative in your recommendations, but not to propose any action that would be illegal or unethical. For example, it would be OK to pose as a job applicant with false references to see if they were being checked, but it would not be appropriate to pick a lock and enter the computer room. Your report is due tomorrow. What will you suggest?arrow_forwardAs the agile security officer for a financial company, you need to ensure the organization's use of secure communication channels to customers both domestic and international meet government export regulations. Using the Vulnerability Assessment Process Flow diagram, identify which of the seven areas of security best apply to the scenario above. Select all that apply. Input Validation: Secure input and representations | APIS: Secure API interactions Cryptography: Encryption use and vulnerabilities Client/Server: Secure distributed computing | Code Error: Secure error handling Code Quality: Secure coding practice/patterns Encapsulation: Secure data structuresarrow_forwardHarold would like to implement a security solution that allows him to correlate information from a variety of security systems and identify potential security events. Which technology best meets this need?arrow_forward
- Need this explanation please. Thank youarrow_forwardWhat are the key security challenges in IoT deployments, and how can they be mitigated?arrow_forwardYou are the new information security consultant company for the XYZ Group, a medium-sized software development company. Before hiring you, the company had been plagued with security incidents that are listed below. Management has asked you to help assess the risk and conduct a cost/benefit analysis of proposed solutions. Incident #1: Two years ago, plans for a new product were leaked onto the Internet, and as a result a competitor was able to produce a rival version of the software and get it to market first. XYZ estimates that sales of that software, which were expected to be at $1 million annually, were reduced by 50% due to the information leakage. Next year, the company is planning to introduce a new software that will be a major upgrade to the previous model. It should regain the company's market share in that product line. The cost for averting a similar information leak for the new product is not yet known, but training the staff, which would cost about $50,000 per year, is…arrow_forward
- Sophos is a security company dealing with advanced anti-virus software tools for desktops, servers, and web servers. They have clients across the globe. They also provide their limited anti-virus tools for free to individual users for trial purposes. Develop a basic resource list (with at least four critical resources) for this business that could form part of your risk management activities. Justify why each resource should be included in this list by highlighting its risk sensitivity and risk tolerance.arrow_forwardYou have been hired as a cybersecurity consultant for ACME. ACME has millions of customer records as they process payments for the retail industry. ACME's direct competitor, EMCA, has recently lost critical customer information due to a crypto-malware attack. ACME's executives have asked you to come up with a security plan to decrease the risk and potential impact of crypto-malware attacks. Please suggest the most appropriate security strategy (policies, people, products, etc.) to accomplish this task.arrow_forwardWhat security challenges are associated with IoT deployments, and how can they be mitigated?arrow_forward
arrow_back_ios
SEE MORE QUESTIONS
arrow_forward_ios
Recommended textbooks for you
- Management Of Information SecurityComputer ScienceISBN:9781337405713Author:WHITMAN, Michael.Publisher:Cengage Learning,Principles of Information Systems (MindTap Course...Computer ScienceISBN:9781285867168Author:Ralph Stair, George ReynoldsPublisher:Cengage LearningPrinciples of Information Security (MindTap Cours...Computer ScienceISBN:9781337102063Author:Michael E. Whitman, Herbert J. MattordPublisher:Cengage Learning
Management Of Information Security
Computer Science
ISBN:9781337405713
Author:WHITMAN, Michael.
Publisher:Cengage Learning,
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781285867168
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Principles of Information Security (MindTap Cours...
Computer Science
ISBN:9781337102063
Author:Michael E. Whitman, Herbert J. Mattord
Publisher:Cengage Learning