Explanation of Solution
a.
Threats:
A threat is a thing that can cause damage to the organization, IT systems or other networks.
Example:
If the user wants to transact amount through online, he/she must provide the bank details like account number and password over the web to access an account.
Threat in above example: The details of an account may be accessed by any intruder without user’s knowledge which leads to loss of information.
Types of threats:
There are three types of threats in system security. They are as follows:
- Human error...
Explanation of Solution
b.
Safeguards:
Safeguard is a measurement by an individual or organization to protect occurrence of threats. “Encryption” is a method which acts as a safeguard that encrypt the information of the company so that others can’t access the data.
The following components used to act as a safeguard to protect the system. They are:
- IDS (Intrusion Detection System).
- Brute force attack.
- Strong password.
- Cookie.
- CCleaner.
IDS:
- Intrusion detection system (IDS) is an application software or device which is used to monitor the networks or activities of the system for unauthorized access and threats to produce the caution reports to authorized user.
- The use of an IDS program is sobering because crime rate of the security is high so that, IDS will generate many false alarms that will compromise the effectiveness.
Brute force attack:
- Brute force attack is a method to find the login cardinalities by generating all possible routes and comparing their distances...
Explanation of Solution
c.
The safeguard can be categorized into three types, they are:
- Technical safeguard
- Data safeguard
- Human safeguard
Technical safeguards:
The technical components are involved to protect the data is known as technical safeguards. Hardware and software components mostly involved in it.
Five types of technical safeguards:
The technical safeguards can be divided into five types. There are:
- Identification and authentication
- Encryption
- Firewalls
- Malware protection
- Design for secure applications
Identification and authentication:
- Identification is uniquely identifying a person with some data credentials.
- For example: username, smart card, or anything else that uniquely identify the person.
- Authentication is a process that proving the identity of the person using credentials.
- For example: Giving right password proves the username of the person.
Encryption:
- Encryption is a process to transform the plain text into cipher text to protect data from unauthorized access. The cipher key will be decrypted using a “key”.
- Note: Key is a string used to unlock a message
Firewall:
- Firewall is a computer program used protects the system from an unauthorized access. It can be used in computers, routers or special purpose networks.
- The Purpose of the firewall is to filter the network traffic coming from, analyze the packet’s type and its contents then check the packets are part of authorized network.
- Normally organizations use multiple firewalls. They are:
- Perimeter firewall – It is used to check the outside network of the organization.
- Internal firewall – check the inside network of the organization.
- Packet filtering firewall – It examines each part of the packet.
Malware:
- Set of programs which are deleting or copy the data from user’s computer is known as malware. It is created for damage the computer’s data and it is created as malicious software.
- The malware can categorize into six types. They are:
- Virus
- Trojan horses
- Worm
- Spyware
- Adware
- Ransomware
Data safeguards:
Data safeguards is a protection guard that protect the
- Data administration
- Database administration
Data administration:
- Data administration is for developing data policies and enforcing data standards.
- It is an organization level component that is responsible for maintenance of the database, formatting and providing security for the organization data.
Database administration:
- Database administration is a function that is relevant to certain database...
Explanation of Solution
d.
The discussion about “Q10-4” is how the organizations respond to the security threats:
Senior management:
Senior management is a team to manage and control security threats and risk activities.
There are two critical security function needs to be addressed in senior management they are:
- Security policy
- Risk management
Security policy:
Security policy was established by an organization and it can vary by each component. For example, security policy in database states information about customers, suppliers, and employees.
Requirements of security policies:
The following minimum requirements need to stipulate the security policy about an organization.
- Information about sensitive data and shared data which is stored by an organization.
- Details of number of employees and others have copies of data about an organization.
- Request from employees and others to change the inaccurate data stored.
Security policies need to specify the following details:
- Check whether the organization is governmental or nongovernmental.
- Whether it is private sector or public...
Explanation of Solution
e.
List of security procedures to temporary employees:
The security procedures are vary to employees and temporary employees. Temporary employees are working on certain period. An organization provide some security procedures for temporary employees they are:
- Position definition
- Limited access
- Monitoring the employee
Position definition:
- An organization should teach the job description for authorities because security threats involved in each position...
Explanation of Solution
f.
List of procedures regarding with disaster plan:
An organization should take the following actions before security incident occurs. By using these actions, the organization can take the action to reduce the further loss.
- Plan.
- Backups and recovery.
Organization should have a plan before the disaster:
- Every organization should have a plan for disaster before the incident occurs...
Want to see the full answer?
Check out a sample textbook solutionChapter 10 Solutions
Using MIS (10th Edition)
- Broadly speaking, the assignment requires you to produce a 3000-word report that provides a critical reflection on a real-world security scenario provided in the case study, with evidence of risk assessment using suitable methodologies, and how this can inform mitigation of future incidents. The assignment also requires the delivery of a 10-minute presentation to disseminate the findings reported in your report, to address the role of Information Risk Management to the wider organisation. The assignment is described in more detail in section 2. This is an individual assignment. Working on this assignment will help you to develop your knowledge and understanding of applying risk methodologies to resolve real-world security incidents. It will also help to develop your critical thinking skills for identifying appropriate mitigation strategies to avoid future security incidents. If you have questions about this assignment, please post them to the discussion board "Information Risk…arrow_forward(Look for publicly available resources related to information security. Based from those references, answer the following questions below. Properly cite all the reference you will be using.) Why is there a need of Information security in every Organization?.arrow_forwardIn this section, you will prepare a risk mitigation plan using SimpleRisk. Before using SimpleRisk, you will create a paper-based plan. You will need to create three security controls in your risk mitigation plan: one control that reduces the asset value, one that reduces the vulnerability severity, and one that reduces the threat impact. Your security controls should also include examples of both strategic and tactical controls. You can refer to the following table for a clearer picture of the requirements. Security Control Reduces Level (strategic/tactical) Asset value Vulnerability severity Threat Impact Define three security controls designed to mitigate the risk associated with a recent leak of sensitive information that was stored in cleartext files. Once you have identified your security controls, use SimpleRisk to create a Risk Mitigation plan. You do not need to perform a management review in this section.arrow_forward
- Explain in the detail the elements of the spheres of security model. Document needs to have significant amount of detail explaining each component.arrow_forwardUsing a flow diagram, demonstrate how input validation of usernames/passwords should be performed using the positive security model.arrow_forwardAfter reading the case presented in the module, write a short response to the following discussion questions and ethical decision making scenario. Discussion Questions Before the discussion at the start of this chapter, how do Fred, Gladys, and Charlie each perceive the scope and scale of the new information security effort? Did Fred’s perception change after that? How should Fred measure success when he evaluates Gladys’ performance for this project? How should he evaluate Charlie’s performance? Which of the threats discussed in this chapter should receive Charlie’s attention early in his planning process?arrow_forward
- You have suggested the use of the National Training Standard for Information Security Professional (NTSIS) / CNSS security model, also known as the McCumbers cube. - Using a University as an example, discuss the three dimensions of the said CNSS Security model, giving a brief explanation of each of the 27 cells in the modelarrow_forwardWrite a 3 page paper titled “Hospital Information Systems SecurityWrite a 3 page paper (excluding title and reference pages) titled “Hospital Information Systems Security”. The assignment must include 2-3 APA references. Discuss the following in your paper:The fundamental concepts of information The principles associated with information securitySecurity conceptsPrinciples and models and education for the personnelAccess controlsBasic cryptography and its applicationsIntrusion detection and prevention ………………………… Added to cartarrow_forwardPost your answer to the Question (100 – 150 words): (1) Discuss the importance of policy in both daily life and information security. (2) Discuss the concept of GRC (Governance, Risk, and Compliance) in terms of information security. (3) Give an example of a company that applies GRC in Saudi Arabia. Note: You must write the discussion using your own words, and you must provide the references that you use (e.g., books, websites, articles) in your discussion.arrow_forward
- What do you mean by security objectives?arrow_forwardAssume that you will need a security model in order to maintain the confidentiality of the information pertaining to your class. Examine each of the cells with the use of the CNSS model, and then provide a brief remark on how you would approach the management of the three components that are found in that cell.arrow_forwardThere are two graphs presented from the CERT on reported incidents and vulnerabilities. Keep in mind the difference between an incident and vulnerability. While these charts are dated they still provide valuable trend information that continues to rise. Today, both security incidents and security vulnerabilities continue to rise for a variety of reasons. What reasons can you provide for the continuing upwards trend in the number of incidents reported? You should provide at least four (4) reasons with supporting data and reasoned arguments to support your answer. Good answers will provide facts, reasoned arguments and references that go beyond anecdotal information. Explain using facts, reasoned arguments and references that go beyond anecdotal information and link sources.arrow_forward
- Management Of Information SecurityComputer ScienceISBN:9781337405713Author:WHITMAN, Michael.Publisher:Cengage Learning,Principles of Information Security (MindTap Cours...Computer ScienceISBN:9781337102063Author:Michael E. Whitman, Herbert J. MattordPublisher:Cengage Learning