You are the Information Security Director for a medium sized company. You recently experienced a ransom-ware attack that cost the company $500,000.00. After the attack your CEO held a meeting and informed you and the other IT professionals that it “WILL” not happen again. Write a Directive to the employees of the company summarizing the requirement for all personnel to adopt the new 2-factor authentication for IT equipment access. Include a 30-day timeline to adopt, and the consequences of not adhering to the new policy. Instructions:

You are the Information Security Director for a medium sized company. You recently experienced a ransom-ware attack that cost the company $500,000.00. After the attack your CEO held a meeting and informed you and the other IT professionals that it “WILL” not happen again. Write a Directive to the employees of the company summarizing the requirement for all personnel to adopt the new 2-factor authentication for IT equipment access. Include a 30-day timeline to adopt, and the consequences of not adhering to the new policy. Instructions:

MIS

9th Edition

ISBN:9781337681919

Author:BIDGOLI

Publisher:BIDGOLI

Chapter5: Protecting Information Resources

Section: Chapter Questions

Problem 1P

See similar textbooks

Similar questions

An email message has just arrived in your inbox from an unknown sender asking personal identifying details. Because you believed the letter to be credible, you responded to the sender by providing the information he or she wanted. You are now aware, on the other hand, that you may have been a victim of a phishing scheme. What are your plans for the rest of the day? Explain the various approaches to overcoming security issues, as well as the methods used to address this issue.
You just received an email message from someone requesting personal identification information. Believing the message was legitimate, you provided the requested information to the original sender. You now realize, however that you might have fallen victim to a phishing scam. What are your next steps? Explain different ways to overcome security risks and measures taken to overcome this problem.
Describe a recent security breach involving access control or authentication in the headlines of your article. If so, how did it affect daily operations? How much harm has the firm sustained?
Your firm has around 200 workers and contractors, and you are in charge of training them all on computer security. What topics would you cover in the fundamental security training session that you would conduct for workers who are not involved in IT? What type of further training on matters pertaining to security would be acceptable for staff after they have a firm grasp on the fundamentals?
In your organization, a laptop containing patient information was stolen. The laptop was password protected but the health information of the patients in it was not encrypted. In light of the HIPAA Security Rule, discuss whether the HIPAA Security violation occurred or not, and why you think so? Provide a review of this incident's consequences for the organization. Offer a preventive measure to implement to avoid similar issues in the future.
Assume that you are the team member in STM Company. You are asked to outline a security policy for The STM. In your answer you need to explain first the policy concept, then the CIA triad that must be followed for make the policy. Afterward, the policy must mention the approved staff (how are allowed to read modify the data), the conditions of password creations, how STM employee will login in STM company, the changes that done in the firewall, how to measure the data breaches in data, and the physical security. I need the best solution in information security please
Assuming that we had to place our current Yoga application into production, with the addition of the firewall we installed identity three(3) significant and distinct areas for which our application and its environment is still vulnerable, and list some possible ways we would need to protect those vulnerabilities? Be sure to be specific, thorough, and use critical thinking. Imagine this is for your boos, and your job depends on it, but keep it limited to just three paragraphs. Each paragraph should clearly list a vulnerability and at least one mitigation for each. Expected length: 3 well-formed but concise paragraphs.
You have been hired as a cybersecurity consultant for ACME. ACME has millions of customer records as they process payments for the retail industry. ACME's direct competitor, EMCA, has recently lost critical customer information due to a crypto-malware attack. ACME's executives have asked you to come up with a security plan to decrease the risk and potential impact of crypto-malware attacks. Please suggest the most appropriate security strategy (policies, people, products, etc.) to accomplish this task.
You work as the head of the IT department for a local hospital. Another hospital in your state was recently the target of a ransomware attack. Fearing a similar attack, senior management of your hospital has asked you if your hospital is prepared for such an attack. They have requested a 1- to 2-page memo that describes the hospital’s protections against a ransomware attack. In your memo, include a chart with columns for Authorization, Authentication, Roles, and Mitigation. In each column, list related security protections the hospital should use to protect against ransomware attacks. Additionally, based on your chart, provide a final summary on how the hospital can mitigate the risk of a ransomware attack and how the hospital can respond if it does face such an attack.
Question 1You have recently been offered an intern position in your tertiary instution as a junior ComputerLab supervisor. Your manager wants you to take a leading role in managing the computer lab, inparticular, security data, applications and the network.Your manager requested you to explain the categories of attackers to everyone that will beattending the next staff meeting. In preparation of this, answer the following questions:Q.1.1 Using the Computer Lab scenario above, provide one example of an attack thateach of the attackers (A – C below) could use to attack/compromise the computerlab data, applications, or network security.Attacker Type ExampleA. HackavistsB. Script kiddiesC. InsidersQ.1.2 Describe how you would use any two security principles to defend against any ofthe attacks you mentioned in Q.1.1 above.Q.1.3 For the following concept, provide a definition and a suitable example. Includethe information security implication as well in your answer.• Thwarting identity…
Along with the firewall we constructed, identify three (3) important and distinct places in which our application and its environment remain susceptible, and suggest some alternate ways for mitigating those risks. Be precise, exhaustive, and critical. Consider writing this for your employer, but limit yourself to three paragraphs. Each paragraph should provide at least one vulnerability and one mitigation. 3 well-structured yet succinct paragraphs
SCENARIO 1: You have just completed a routine security audit on the company’s information systems, and you found several areas of vulnerability. For example, file permissions have not been updated in some time, no comprehensive password policy exists, and network traffic is not fully encrypted. You noted these areas, among others, in a report to your supervisor. The report included specific recommendations to fix the problems. Your supervisor responded by saying that budgets are tight right now, and she could not approve your requests to resolve these issues. As an IT professional, you are very uncomfortable with the risk level, but you have been unable to sway your supervisor. When you discussed the situation with a colleague, he said, “Why worry about it? If it’s good enough for her, it should be good enough for you.” What do you think of your colleague’s advice, and why? Is this an ethical question? If you are still is uncomfortable, what are your options? SCENARIO 2: You work for a…