Essentials of MIS (13th Edition)
13th Edition
ISBN: 9780134802756
Author: Kenneth C. Laudon, Jane Laudon
Publisher: PEARSON
expand_more
expand_more
format_list_bulleted
Question
Chapter 8, Problem 9HMP
Program Plan Intro
System vulnerability:
- When huge data amounts are been kept in electronic form, it becomes susceptible to many threats.
- The
information systems in many locations are been interconnected through communication networks. - The unauthorized access can occur at many access points in network and is not limited to single location.
- The data flowing over networks could be accessed; valuable information could be stolen while transmission or data could be altered without authorization.
- The denial-of-service attacks are launched by intruders to disrupt website operations.
- Internets are vulnerable than internal networks as it is open to everyone.
Explanation of Solution
Platform to address:
- First platform:
- o The Windows Vista Ultimate operated by high level administrators has access to areas that other users do not have.
- o The core system operations are affected by task of administrators.
- Second platform:
- o The windows server with corporate applications denotes second platform.
- o The business conduction may be affected if corporate applications are corrupted.
- Third platform:
- o The Sun Solaris with e-commerce and web servers denote third platform.
- o The internal operations are ensured to be safe and secure...
Explanation of Solution
Types of control problems:
- The types of control problems includes:
-
o General controls:
- It governs design, security, and use of computer programs and data file security.
- It is applied to all computerized applications.
- It consists of a combination of software, hardware and manual procedures that creates overall control environment.
- Windows Vista ultimate for high level administrators.
- Sun Solaris for e-commerce and web servers.
-
o Application controls:
- It denotes specific controls that are unique to each computerized application.
- It includes payroll or order processing.
- It includes both manual as well as automated procedures that ensure authorized data processing.
- It can be classified as input controls, output controls and processing controls...
-
o General controls:
Explanation of Solution
Risk of ignoring security vulnerabilities:
- The technical, environmental and organizational threats can be faced by information systems.
- The top priority should be given system security and it should be ensured by managers at all levels.
- The security awareness should be spread to all employees...
Expert Solution & Answer
Want to see the full answer?
Check out a sample textbook solutionStudents have asked these similar questions
Chain Link Consulting is an information technology consulting company that focuses on system security concerns. When the company's president asks you to assist her with the preparation of a presentation for a group of potential clients at a trade show meeting next month, you say "yes." First and foremost, she would like you to examine system security concerns in light of all six security levels. Afterwards, she wants you to come up with a list of methods that Chain Link might evaluate a client's security procedures in order to obtain an accurate evaluation of their level of exposure.It was her way of making the situation more intriguing by saying that it was fine to be imaginative in your ideas, but that you should avoid proposing anything that would be unlawful or immoral. Example: It might be OK to pretend as a job candidate with phony references to see whether they were being reviewed, but it would be inappropriate to steal a lock and access the computer room to check on things.Your…
This week, your flooring sales and installation company client wants you to explain the different kinds of attack threats their business faces from hackers.
Write a 1- to 2-page memo or create a 1- to 2-page table that summarizes attack threats from hackers to any business, noting which are applicable to your client's business; how the vulnerabilities in a system can be exposed; and countermeasures that can mitigate against threats from attack.
Describe sniffing attacks, identify a protocol that is vulnerable to sniffing, and suggest appropriate countermeasures.
Describe session hijacking, provide an example of a specific threat from session hijacking, and recommend appropriate countermeasures for the threat.
Describe spoofing, provide an example of a specific threat from spoofing, and recommend appropriate countermeasures for the threat.
Describe poisoning attacks, provide an example of a specific threat from a poisoning attack, and recommend appropriate countermeasures…
CyberTech is a medium sized web application company that provides different software to its customers on SAS (Software as Service) model. After successful implementation and approaching maturity in business operations, board of the company decided to implement security framework to strengthen security posture and to gain more confidence of the customers.CISO of the organization recommends adopting ISO27001:2013 standard and get certified. CISO’s recommendations being appreciated by board and the CIO. CISO is being asked to write a report to explain;a. Steps involved in implementation of the standard.b. Deliverables associated with each step.Write an advisory report to the CIO covering the topics.
Chapter 8 Solutions
Essentials of MIS (13th Edition)
Ch. 8.1 - Prob. 1CQ1Ch. 8.1 - Prob. 2CQ1Ch. 8.1 - Prob. 3CQ1Ch. 8.1 - Prob. 4CQ1Ch. 8.4 - Prob. 1CQ2Ch. 8.4 - Prob. 2CQ2Ch. 8.4 - Prob. 3CQ2Ch. 8.4 - Prob. 4CQ2Ch. 8 - Prob. 1IQCh. 8 - Prob. 2IQ
Ch. 8 - Prob. 3IQCh. 8 - Prob. 4IQCh. 8 - Prob. 5IQCh. 8 - Prob. 1RQCh. 8 - Prob. 2RQCh. 8 - Prob. 3RQCh. 8 - Prob. 4RQCh. 8 - Prob. 5DQCh. 8 - Prob. 6DQCh. 8 - Prob. 7DQCh. 8 - Prob. 8HMPCh. 8 - Prob. 9HMPCh. 8 - Prob. 11CTPCh. 8 - Prob. 12CTPCh. 8 - Prob. 13CSQCh. 8 - Prob. 14CSQCh. 8 - Prob. 15CSQCh. 8 - Prob. 16CSQCh. 8 - Prob. 17MLMCh. 8 - Prob. 18MLM
Knowledge Booster
Similar questions
- The organization you work for in Abu Dhabi is a startup company with 2 years in business. To comply with regulations, your CISO has decided to propose implementation of Information Security Management System (ISMS). As a member of the security team, you have to analyze the business needs for ISMS. Demonstrate effective contributions to the ISMS project team relevant to an assigned task as below: Introduce the Organization Demonstrate your project team Highlight the roles and responsibilities of each team member on the project Develop the ISMS for the organization by utilizing all the steps of from the ISO Standard 27001.arrow_forwardHarold would like to implement a security solution that allows him to correlate information from a variety of security systems and identify potential security events. Which technology best meets this need?arrow_forwardWhat are the key security challenges in IoT deployments, and how can they be mitigated?arrow_forward
- a Cybersecurity expert has determined ICS vulnerability would destroy 50 percent of the process asset that is valued $10,000,000. The vulnerability has the projected occurrence of once every 4 years. The mitigation control for the ICS vulnerability is $5,500,000 with annual maintenance cost of $300,000. What is your recommended way forward in addressing the vulnerability?arrow_forwardSophos is a security company dealing with advanced anti-virus software tools for desktops, servers, and web servers. They have clients across the globe. They also provide their limited anti-virus tools for free to individual users for trial purposes. Develop a basic resource list (with at least four critical resources) for this business that could form part of your risk management activities. Justify why each resource should be included in this list by highlighting its risk sensitivity and risk tolerance.arrow_forwardYou have been hired as a cybersecurity consultant for ACME. ACME has millions of customer records as they process payments for the retail industry. ACME's direct competitor, EMCA, has recently lost critical customer information due to a crypto-malware attack. ACME's executives have asked you to come up with a security plan to decrease the risk and potential impact of crypto-malware attacks. Please suggest the most appropriate security strategy (policies, people, products, etc.) to accomplish this task.arrow_forward
- What security challenges are associated with IoT deployments, and how can they be mitigated?arrow_forwardImagine you are the project manager of EISS enterprise software development house. You are managing the development of an Enterprise Software and one of your team is about to develop the security aspects of the software. List the security requirements that you will ask them to consider and explain each of themarrow_forwardDiscuss the main security challenges associated with IoT applications and how they can be mitigated.arrow_forward
- Explain each of security's many specialisations and provide an example of how you may put them to use.arrow_forwardThe United States Air Force (USAF) recently announced that it will outsource "low-hanging" IT operations so that airmen are focused on Cyber Mission Defense teams. You work as a Security Analyst for IBM and have been asked to write a briefing on how your company can provide the IT products and services needed by the USAF that provide a layered, or Defense-in-depth, security architecture. Detail how your recommendations will meet the national strategy to deny, deter, deflect, delay and detect cyber-attacks.arrow_forwardWhen managers in hotels plan to purchase new technologies or upgrade their existing systems in their establishments, what they need to be noticed in System security and Data security?arrow_forward
arrow_back_ios
SEE MORE QUESTIONS
arrow_forward_ios
Recommended textbooks for you
- Management Of Information SecurityComputer ScienceISBN:9781337405713Author:WHITMAN, Michael.Publisher:Cengage Learning,Principles of Information Systems (MindTap Course...Computer ScienceISBN:9781285867168Author:Ralph Stair, George ReynoldsPublisher:Cengage LearningPrinciples of Information Security (MindTap Cours...Computer ScienceISBN:9781337102063Author:Michael E. Whitman, Herbert J. MattordPublisher:Cengage Learning
Management Of Information Security
Computer Science
ISBN:9781337405713
Author:WHITMAN, Michael.
Publisher:Cengage Learning,
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781285867168
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Principles of Information Security (MindTap Cours...
Computer Science
ISBN:9781337102063
Author:Michael E. Whitman, Herbert J. Mattord
Publisher:Cengage Learning