The following is a list of 10 common security problems. For each problem, describe why it is a problem and choose a control plan from this chapter that would prevent or detect the problem from occurring. Criminals posing as small business owners obtained names, addresses, and social security numbers from an organization whose business is providing such information only to legitimate customers who have a right to the data. An executive of a financial services firm implements a wireless network so that she can work at home from anywhere in her house. After setting up the network, she logs on using the default password. An organization’s top salesman uses a consumer-grade instant messaging (IM) client (e.g., AOL Instant Messaging). Such clients bypass antivirus and spam software, don’t have auditing and logging capabilities, and allow users to choose their IM names. A financial analyst’s laptop was stolen from his car. The laptop contained the names and social security numbers of 27,500 current and former employees. To keep track of the passwords used to access various computer systems, employees create Word documents listing their passwords and store the document with the name “passwords.doc.” Backup disks that included information on 3.9 million credit card customers were lost in transit to a credit bureau. Data included names, social security numbers, account numbers, and payment histories. Private and sensitive information is sent to multiple persons via e-mail. The e-mails include all addressee names within the e-mail address list. An individual made millions by purchasing bank account information from eight employees of various banks. He had approximately 540,000 accounts in his database. Some bank employees were accessing up to 300 customer accounts each week to obtain the account information that they were selling. A third-party processor of credit card transactions allowed an unauthorized individual to infiltrate its network and access cardholder data. An individual sold his cell phone on eBay. The cell phone contained hundreds of confidential business-related e-mails.
The following is a list of 10 common security problems. For each problem, describe why it is a problem and choose a control plan from this chapter that would prevent or detect the problem from occurring.
-
Criminals posing as small business owners obtained names, addresses, and social security numbers from an organization whose business is providing such information only to legitimate customers who have a right to the data.
-
An executive of a financial services firm implements a wireless network so that she can work at home from anywhere in her house. After setting up the network, she logs on using the default password.
-
An organization’s top salesman uses a consumer-grade instant messaging (IM) client (e.g., AOL Instant Messaging). Such clients bypass antivirus and spam software, don’t have auditing and logging capabilities, and allow users to choose their IM names.
-
A financial analyst’s laptop was stolen from his car. The laptop contained the names and social security numbers of 27,500 current and former employees.
-
To keep track of the passwords used to access various computer systems, employees create Word documents listing their passwords and store the document with the name “passwords.doc.”
-
Backup disks that included information on 3.9 million credit card customers were lost in transit to a credit bureau. Data included names, social security numbers, account numbers, and payment histories.
-
Private and sensitive information is sent to multiple persons via e-mail. The e-mails include all addressee names within the e-mail address list.
-
An individual made millions by purchasing bank account information from eight employees of various banks. He had approximately 540,000 accounts in his database. Some bank employees were accessing up to 300 customer accounts each week to obtain the account information that they were selling.
-
A third-party processor of credit card transactions allowed an unauthorized individual to infiltrate its network and access cardholder data.
-
An individual sold his cell phone on eBay. The cell phone contained hundreds of confidential business-related e-mails.
Trending now
This is a popular solution!
Step by step
Solved in 3 steps with 3 images