Essentials of MIS (13th Edition)
13th Edition
ISBN: 9780134802756
Author: Kenneth C. Laudon, Jane Laudon
Publisher: PEARSON
expand_more
expand_more
format_list_bulleted
Question
Chapter 8, Problem 3RQ
Program Plan Intro
System vulnerability:
- When huge data amounts are been kept in electronic form, it becomes susceptible to many threats.
- The information systems in many locations are been interconnected through communication networks.
- The unauthorized access can occur at many access points in network and is not limited to single location.
- The data flowing over networks could be accessed; valuable information could be stolen while transmission or data could be altered without authorization.
- The denial-of-service attacks are launched by intruders to disrupt website operations.
- Internets are vulnerable than internal networks as it is open to everyone.
Explanation of Solution
Application Controls:
- Application controls denote specific controls that are exclusive to each application.
- It includes both manual as well as automated procedures.
- It ensures that authorized data is been processed by application.
- The types include:
-
o Input controls:
- It checks data for correctness as well as completeness while they go in system...
-
o Input controls:
Explanation of Solution
Risk assessment function:
- A risk assessment would determine risk level to firm if an explicit activity is not controlled properly.
- The information assets value, vulnerability point, likely problem frequency and damage potential can be determined by business managers.
- Controls could be added or adjusted to focus on greater risk areas.
- Security risk analysis would involve determination of what is needed to be protected and the manner to protect.
- It denotes an examining process for risks of firm and ranking for those risks by severity level.
- The cost effective decisions are been involved in process...
Explanation of Solution
Security policy, Acceptable use policy and Identity management:
- A security policy denotes ranking of information risks, identification of acceptable goals of security as well as identification of
mechanism to achieve goals.- o It drives policies that determine acceptable information resource usage of firm.
- o It determines access details of company’s information assets.
- An acceptable use policy denotes acceptable uses of resources of firm and equipment for computing.
- o It includes desktop, laptop, wireless devices, Internet and telephones.
- o It clarifies privacy, responsibility of user as well as personal usage for company equipment policies...
Explanation of Solution
Information systems auditing promotes control and security:
Information system auditing determines effectiveness of information system security as well as control.- An MIS audit would identify all control...
Expert Solution & Answer
Want to see the full answer?
Check out a sample textbook solution
Students have asked these similar questions
PurposeThis course project is intended to assess your ability to identify, design, and organize information technology (IT) security policies.Learning Objectives and OutcomesSuccessful completion of this project will ensure that you can develop draft IT security policies for an organization and apply learning constructs from the course. By the end of this project, you will be able to do the following:Evaluate compliance laws relevant to the U.S. Department of Defense.Assess policy frameworks appropriate for an organization in a given scenario.Evaluate security controls and standards for the seven domains of a typical IT infrastructure.Develop DoD-compliant policies for an organization’s IT infrastructure.Required Source Information and ToolsWeb References: Links to Web references in this document and related materials are subject to change without prior notice. These links were last verified on January 4, 2022. The following tools and resources will be needed to complete this…
There are various enacted statutes or laws that address different aspects of cybersecurity.
1.) What piece of legislation (law) do you think has been most impactful in this realm and why? Be sure to give the name of a state or federal statute (law), a brief description discussing its purpose, and how it has impacted cybersecurity from a legal perspective.
true or false
4. The security policy develops over time and is a living document that the company and security officer must review and update at regular intervals.
Chapter 8 Solutions
Essentials of MIS (13th Edition)
Ch. 8.1 - Prob. 1CQ1Ch. 8.1 - Prob. 2CQ1Ch. 8.1 - Prob. 3CQ1Ch. 8.1 - Prob. 4CQ1Ch. 8.4 - Prob. 1CQ2Ch. 8.4 - Prob. 2CQ2Ch. 8.4 - Prob. 3CQ2Ch. 8.4 - Prob. 4CQ2Ch. 8 - Prob. 1IQCh. 8 - Prob. 2IQ
Ch. 8 - Prob. 3IQCh. 8 - Prob. 4IQCh. 8 - Prob. 5IQCh. 8 - Prob. 1RQCh. 8 - Prob. 2RQCh. 8 - Prob. 3RQCh. 8 - Prob. 4RQCh. 8 - Prob. 5DQCh. 8 - Prob. 6DQCh. 8 - Prob. 7DQCh. 8 - Prob. 8HMPCh. 8 - Prob. 9HMPCh. 8 - Prob. 11CTPCh. 8 - Prob. 12CTPCh. 8 - Prob. 13CSQCh. 8 - Prob. 14CSQCh. 8 - Prob. 15CSQCh. 8 - Prob. 16CSQCh. 8 - Prob. 17MLMCh. 8 - Prob. 18MLM
Knowledge Booster
Similar questions
- The majority of individuals agree that creating proper security rules and consistently implementing them are necessary actions to take. Describe the importance of creating, implementing, and maintaining security policies.arrow_forwardQuestion Design a case study involving a hypothetical cybersecurity scenario by using this outline 1. The various types of stakeholders potentially affected by the case, and the differentstakes/interests they have in the outcome.2. The different types of cybersecurity professionals or practitioners that might be involved in a case like this, and their specific responsibilities.3. The potential benefits and risks of harm that could be created by effective or ineffective cybersecurity practices in the case, including ‘downstream’ impacts. 4. The ethical challenges most relevant to this case 5. The ethical obligations to the public that such a case might entail for the cybersecurity professionals involved.6. Any potential in the case for disparate impacts on others, and how those impacts might affect the lives of different stakeholders7. The ethical best-case scenario (the best outcome for others that the cybersecurity practitioners involved could hope to secure from their practice)…arrow_forwardImplementing strategy for an information security governance. Explain in detail.arrow_forward
- Subject : LEGAL AND ETHICAL ASPECTS OF INFORMATION SYSTEMS Explain why a successful information security program is the responsibility of both an organization’s general management and IT management?arrow_forwardA security control is a specific action or procedure provided to protect confidentiality, integrity and availability of information/systems. Explain information security control with respect to the following: (i) Administrative Controls (ii) Technical or Logical Controls (iii) Physical Controlsarrow_forwardPrinciples of Information Security Discuss Information Security Governance in terms of its role in reaching secure information system.arrow_forward
- Industrial system security. What is an article, or information resource regarding security awareness and implementing security in an Industrial Control environment?arrow_forwardComputer Science Pick one security law that most interests you with an emphasis on the areas that impact information security and assurance. Write a 1 page summary that includes what it is, what is its purpose/relevance, why is it important, who or what it applies to, ramnifications if not followed, and impact on information and assurance.arrow_forwardExamples aid in communicating. This section discusses how standard personnel practices are merged with controls and information security concepts to become part of the information security role.arrow_forward
- A security mechanism is a method, tool or procedure for enforcing a security policy. (a) What are the different types of mechanisms that can be used to secure the system? Give ONE (1) example for each mechanism.arrow_forward10 steps to a successful security policy within an organization.arrow_forwardList at least five components of security goalsarrow_forward
arrow_back_ios
arrow_forward_ios
Recommended textbooks for you
Principles of Information Security (MindTap Cours...Computer ScienceISBN:9781337102063Author:Michael E. Whitman, Herbert J. MattordPublisher:Cengage Learning
Management Of Information SecurityComputer ScienceISBN:9781337405713Author:WHITMAN, Michael.Publisher:Cengage Learning,
Principles of Information Systems (MindTap Course...Computer ScienceISBN:9781305971776Author:Ralph Stair, George ReynoldsPublisher:Cengage Learning
Fundamentals of Information SystemsComputer ScienceISBN:9781305082168Author:Ralph Stair, George ReynoldsPublisher:Cengage Learning
Principles of Information Systems (MindTap Course...Computer ScienceISBN:9781285867168Author:Ralph Stair, George ReynoldsPublisher:Cengage Learning
Principles of Information Security (MindTap Cours...
Computer Science
ISBN:9781337102063
Author:Michael E. Whitman, Herbert J. Mattord
Publisher:Cengage Learning
Management Of Information Security
Computer Science
ISBN:9781337405713
Author:WHITMAN, Michael.
Publisher:Cengage Learning,
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781305971776
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Fundamentals of Information Systems
Computer Science
ISBN:9781305082168
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781285867168
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning