Essentials of MIS (13th Edition)
13th Edition
ISBN: 9780134802756
Author: Kenneth C. Laudon, Jane Laudon
Publisher: PEARSON
expand_more
expand_more
format_list_bulleted
Question
Chapter 8, Problem 9HMP
Program Plan Intro
System vulnerability:
- When huge data amounts are been kept in electronic form, it becomes susceptible to many threats.
- The
information systems in many locations are been interconnected through communication networks. - The unauthorized access can occur at many access points in network and is not limited to single location.
- The data flowing over networks could be accessed; valuable information could be stolen while transmission or data could be altered without authorization.
- The denial-of-service attacks are launched by intruders to disrupt website operations.
- Internets are vulnerable than internal networks as it is open to everyone.
Explanation of Solution
Platform to address:
- First platform:
- o The Windows Vista Ultimate operated by high level administrators has access to areas that other users do not have.
- o The core system operations are affected by task of administrators.
- Second platform:
- o The windows server with corporate applications denotes second platform.
- o The business conduction may be affected if corporate applications are corrupted.
- Third platform:
- o The Sun Solaris with e-commerce and web servers denote third platform.
- o The internal operations are ensured to be safe and secure...
Explanation of Solution
Types of control problems:
- The types of control problems includes:
-
o General controls:
- It governs design, security, and use of computer programs and data file security.
- It is applied to all computerized applications.
- It consists of a combination of software, hardware and manual procedures that creates overall control environment.
- Windows Vista ultimate for high level administrators.
- Sun Solaris for e-commerce and web servers.
-
o Application controls:
- It denotes specific controls that are unique to each computerized application.
- It includes payroll or order processing.
- It includes both manual as well as automated procedures that ensure authorized data processing.
- It can be classified as input controls, output controls and processing controls...
-
o General controls:
Explanation of Solution
Risk of ignoring security vulnerabilities:
- The technical, environmental and organizational threats can be faced by information systems.
- The top priority should be given system security and it should be ensured by managers at all levels.
- The security awareness should be spread to all employees...
Expert Solution & Answer
Want to see the full answer?
Check out a sample textbook solution
Students have asked these similar questions
This week, your flooring sales and installation company client wants you to explain the different kinds of attack threats their business faces from hackers.
Write a 1- to 2-page memo or create a 1- to 2-page table that summarizes attack threats from hackers to any business, noting which are applicable to your client's business; how the vulnerabilities in a system can be exposed; and countermeasures that can mitigate against threats from attack.
Describe sniffing attacks, identify a protocol that is vulnerable to sniffing, and suggest appropriate countermeasures.
Describe session hijacking, provide an example of a specific threat from session hijacking, and recommend appropriate countermeasures for the threat.
Describe spoofing, provide an example of a specific threat from spoofing, and recommend appropriate countermeasures for the threat.
Describe poisoning attacks, provide an example of a specific threat from a poisoning attack, and recommend appropriate countermeasures…
CyberTech is a medium sized web application company that provides different software to its customers on SAS (Software as Service) model. After successful implementation and approaching maturity in business operations, board of the company decided to implement security framework to strengthen security posture and to gain more confidence of the customers.CISO of the organization recommends adopting ISO27001:2013 standard and get certified. CISO’s recommendations being appreciated by board and the CIO. CISO is being asked to write a report to explain;a. Steps involved in implementation of the standard.b. Deliverables associated with each step.Write an advisory report to the CIO covering the topics.
The organization you work for in Abu Dhabi is a startup company with 2 years in business. To comply with regulations, your CISO has decided to propose implementation of Information Security Management System (ISMS). As a member of the security team, you have to analyze the business needs for ISMS. Demonstrate effective contributions to the ISMS project team relevant to an assigned task as below:
Introduce the Organization
Demonstrate your project team
Highlight the roles and responsibilities of each team member on the project
Develop the ISMS for the organization by utilizing all the steps of from the ISO Standard 27001.
Chapter 8 Solutions
Essentials of MIS (13th Edition)
Ch. 8.1 - Prob. 1CQ1Ch. 8.1 - Prob. 2CQ1Ch. 8.1 - Prob. 3CQ1Ch. 8.1 - Prob. 4CQ1Ch. 8.4 - Prob. 1CQ2Ch. 8.4 - Prob. 2CQ2Ch. 8.4 - Prob. 3CQ2Ch. 8.4 - Prob. 4CQ2Ch. 8 - Prob. 1IQCh. 8 - Prob. 2IQ
Ch. 8 - Prob. 3IQCh. 8 - Prob. 4IQCh. 8 - Prob. 5IQCh. 8 - Prob. 1RQCh. 8 - Prob. 2RQCh. 8 - Prob. 3RQCh. 8 - Prob. 4RQCh. 8 - Prob. 5DQCh. 8 - Prob. 6DQCh. 8 - Prob. 7DQCh. 8 - Prob. 8HMPCh. 8 - Prob. 9HMPCh. 8 - Prob. 11CTPCh. 8 - Prob. 12CTPCh. 8 - Prob. 13CSQCh. 8 - Prob. 14CSQCh. 8 - Prob. 15CSQCh. 8 - Prob. 16CSQCh. 8 - Prob. 17MLMCh. 8 - Prob. 18MLM
Knowledge Booster
Similar questions
- You are the new information security consultant company for the XYZ Group, a medium-sized software development company. Before hiring you, the company had been plagued with security incidents that are listed below. Management has asked you to help assess the risk and conduct a cost/benefit analysis of proposed solutions. Incident #1: Two years ago, plans for a new product were leaked onto the Internet, and as a result a competitor was able to produce a rival version of the software and get it to market first. XYZ estimates that sales of that software, which were expected to be at $1 million annually, were reduced by 50% due to the information leakage. Next year, the company is planning to introduce a new software that will be a major upgrade to the previous model. It should regain the company's market share in that product line. The cost for averting a similar information leak for the new product is not yet known, but training the staff, which would cost about $50,000 per year, is…arrow_forwardChain Link Consulting is an IT consulting firm that specializes in system security issues. The company’s president has asked you to help her put together a presentation to a group of potential clients at a trade show meeting next month. First, she wants you to review system security issues, considering all six security levels. Then she wants you to come up with a list of ways that Chain Link could test a client’s security practices, in order to get a real-world assessment of vulnerability. To make matters more interesting, she told you it was OK to be creative in your recommendations, but not to propose any action that would be illegal or unethical. For example, it would be OK to pose as a job applicant with false references to see if they were being checked, but it would not be appropriate to pick a lock and enter the computer room. Your report is due tomorrow. What will you suggest?arrow_forwardChain Link Consulting is an IT consulting firm that specializes in system security issues. The company’s president has asked you to help her put together a presentation to a group of potential clients at a trade show meeting next month. First, she wants you to review system security issues, considering all six security levels. Then she wants you to come up with a list of ways that Chain Link could test a client’s security practices, in order to get a real-world assessment of vulnerability. To make matters more interesting, she told you it was OK to be creative in your recommendations, but not to propose any action that would be illegal or unethical. For example, it would be OK to pose as a job applicant with false references to see if they were being checked, but it would not be appropriate to pick a lock and enter the computer room. Your report is due tomorrow. What will you suggest? Explain your answer thoroughly and explain well.arrow_forward
- As the agile security officer for a financial company, you need to ensure the organization's use of secure communication channels to customers both domestic and international meet government export regulations. Using the Vulnerability Assessment Process Flow diagram, identify which of the seven areas of security best apply to the scenario above. Select all that apply. Input Validation: Secure input and representations | APIS: Secure API interactions Cryptography: Encryption use and vulnerabilities Client/Server: Secure distributed computing | Code Error: Secure error handling Code Quality: Secure coding practice/patterns Encapsulation: Secure data structuresarrow_forwardHarold would like to implement a security solution that allows him to correlate information from a variety of security systems and identify potential security events. Which technology best meets this need?arrow_forwardWhat are the key security challenges in IoT deployments, and how can they be mitigated?arrow_forward
- What security challenges are associated with IoT deployments, and how can they be mitigated?arrow_forwardSophos is a security company dealing with advanced anti-virus software tools for desktops, servers, and web servers. They have clients across the globe. They also provide their limited anti-virus tools for free to individual users for trial purposes. Develop a basic resource list (with at least four critical resources) for this business that could form part of your risk management activities. Justify why each resource should be included in this list by highlighting its risk sensitivity and risk tolerance.arrow_forwarda Cybersecurity expert has determined ICS vulnerability would destroy 50 percent of the process asset that is valued $10,000,000. The vulnerability has the projected occurrence of once every 4 years. The mitigation control for the ICS vulnerability is $5,500,000 with annual maintenance cost of $300,000. What is your recommended way forward in addressing the vulnerability?arrow_forward
- A best practice for performing vulnerability assessments within the seven domains of a typical IT infrastructure is to identify assets first. Why should you identify assets before performing vulnerability scans?arrow_forwardDiscuss the main security challenges associated with IoT applications and how they can be mitigated.arrow_forwardThe United States Air Force (USAF) recently announced that it will outsource "low-hanging" IT operations so that airmen are focused on Cyber Mission Defense teams. You work as a Security Analyst for IBM and have been asked to write a briefing on how your company can provide the IT products and services needed by the USAF that provide a layered, or Defense-in-depth, security architecture. Detail how your recommendations will meet the national strategy to deny, deter, deflect, delay and detect cyber-attacks.arrow_forward
arrow_back_ios
SEE MORE QUESTIONS
arrow_forward_ios
Recommended textbooks for you
Management Of Information SecurityComputer ScienceISBN:9781337405713Author:WHITMAN, Michael.Publisher:Cengage Learning,
Principles of Information Systems (MindTap Course...Computer ScienceISBN:9781285867168Author:Ralph Stair, George ReynoldsPublisher:Cengage Learning
Principles of Information Security (MindTap Cours...Computer ScienceISBN:9781337102063Author:Michael E. Whitman, Herbert J. MattordPublisher:Cengage Learning
Management Of Information Security
Computer Science
ISBN:9781337405713
Author:WHITMAN, Michael.
Publisher:Cengage Learning,
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781285867168
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Principles of Information Security (MindTap Cours...
Computer Science
ISBN:9781337102063
Author:Michael E. Whitman, Herbert J. Mattord
Publisher:Cengage Learning