Question

In: Accounting

Which preventive, detective, and/or corrective controls would best mitigate the follow- ing threats? An employee’s laptop...

Which preventive, detective, and/or corrective controls would best mitigate the follow- ing threats?

  1. An employee’s laptop was stolen at the airport. The laptop contained personal in- formation about the company’s customers that could potentially be used to commit identity theft.

  2. A salesperson successfully logged into the payroll system by guessing the payroll supervisor’s password.

  3. Acriminalremotelyaccessedasensitivedatabaseusingtheauthenticationcredentials (user ID and strong password) of an IT manager. At the time the attack occurred, the IT manager was logged into the system at his workstation at company headquarters.

  4. An employee received an e-mail purporting to be from her boss informing her of an important new attendance policy. When she clicked on a link embedded in the e-mail to view the new policy, she infected her laptop with a keystroke logger.

  5. A company’s programming staff wrote custom code for the shopping cart feature on its website. The code contained a buffer overflow vulnerability that could be ex- ploited when the customer typed in the ship-to address.

  6. A company purchased the leading “off-the-shelf” e-commerce software for linking its electronic storefront to its inventory database. A customer discovered a way to directly access the back-end database by entering appropriate SQL code.

  7. Attackers broke into the company’s information system through a wireless access point located in one of its retail stores. The wireless access point had been purchased and installed by the store manager without informing central IT or security.

  8. An employee picked up a USB drive in the parking lot and plugged it into his laptop to “see what was on it.” As a result, a keystroke logger was installed on that laptop.

  9. Once an attack on the company’s website was discovered, it took more than 30 min- utes to determine who to contact to initiate response actions.

  10. To facilitate working from home, an employee installed a modem on his office work- station. An attacker successfully penetrated the company’s system by dialing into that modem.

  11. An attacker gained access to the company’s internal network by installing a wireless access point in a wiring closet located next to the elevators on the fourth floor of a high-rise office building that the company shared with seven other companies.

The need to be 270 word

Solutions

Expert Solution

Combined answer of the whole question is provided at one place


Related Solutions

Question: Which preventive, detective, and/or corrective controls would best mitigate the following threats? An employee’s laptop...
Question: Which preventive, detective, and/or corrective controls would best mitigate the following threats? An employee’s laptop was stolen at the airport. The laptop contained personal information about the company’s customers that could potentially be used to commit identity theft. A salesperson successfully logged into the payroll system by guessing the payroll supervisor’s password. A criminal remotely accessed a sensitive database using the authentication credentials (user ID and strong password) of an IT manager. At the time the attack occurred, the...
For each of these classes, there are four types of controls: Preventive (Deterrent) Detective Corrective (Recovery)...
For each of these classes, there are four types of controls: Preventive (Deterrent) Detective Corrective (Recovery) Compensating Please assign the correct Class of Security Control and Type of Control that match with the Security Control Listed below. It might be possible that multiple control classes or Control types could be an answer. It could also be None. Security Control Control Class: A-Administration) T-Technical P Physical) Control Type P – Preventive D – Detective CR –Corrective CM-Compensating Security Awareness Training Firewall...
Detective controls are better than preventive controls: a. Detective controls are better than preventive controls b....
Detective controls are better than preventive controls: a. Detective controls are better than preventive controls b. Detective controls are as useful as preventive controls c. There is only one kind of internal control d. Preventive controls are better than detective controls
Identify which IT Application Controls would best mitigate the threats outlined. Expand upon your answer to...
Identify which IT Application Controls would best mitigate the threats outlined. Expand upon your answer to analyze the relationship among risk/opportunity/control. Also consider how these scenarios could be detected by an audit internal or external. Which types of input controls would mitigate the following threats? Posting the amount of a sale to a customer account that does not exist. A Customer entering too many characters into the five-digit zip code while making an online purchase, causing the server to crash....
In Chapter 7, we discussed the differences between preventive, detective, and corrective controls. Chapters 8-10 offer...
In Chapter 7, we discussed the differences between preventive, detective, and corrective controls. Chapters 8-10 offer specific types of controls within those categories over information security, confidentiality, privacy, processing integrity, and availability. Think about controls that you have encountered in your own life (personal, professional, within organizational memberships, etc.). Note that at the time, you may or may not have realized that the answer to “why is this done?” was that a control was being implemented: a control over operations,...
Provide examples of business concerns describing the Preventive, Detective and Corrective Action with reference to Internal...
Provide examples of business concerns describing the Preventive, Detective and Corrective Action with reference to Internal Control. A disaster recovery plan (DRP) is a documented process or set of procedures to execute an organization's disaster recovery processes and recover and protect a business IT infrastructure in the event of a disaster. It is "a comprehensive statement of consistent actions to be taken before, during and after a disaster". Describe a Disaster Recovery Plan (DRP) for Information Technology of a Saudi...
Name a preventive control, detective control, or corrective control you had developed or experienced or read...
Name a preventive control, detective control, or corrective control you had developed or experienced or read about.
Week 4 Question 1: "Classify the following control activities as preventive, detective or corrective and explain...
Week 4 Question 1: "Classify the following control activities as preventive, detective or corrective and explain your reasoning, (a) Employees have a password to gain access to the system. (b) When sales are entered, the system retrieves customer details based on the customer number. (c) A check is performed to identify if all cheques can be accounted for. (d) Systems development is subject to sign-off by the CIO before it can take place. (e) Virus definitions are updated daily. (f)...
discuss about further into COBIT and the 3 types on controls: preventative, detective and corrective.
discuss about further into COBIT and the 3 types on controls: preventative, detective and corrective.
We can classify a company's control procedures into three major types: preventive controls, detective controls, and...
We can classify a company's control procedures into three major types: preventive controls, detective controls, and corrective controls. What is the difference between prventive controls, detective controls and corrective controls?
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT