Question

Question: Which preventive, detective, and/or corrective controls would best mitigate the following threats?

An employee’s laptop was stolen at the airport. The laptop contained personal information about the company’s customers that could potentially be used to commit identity theft.

A salesperson successfully logged into the payroll system by guessing the payroll supervisor’s password.

A criminal remotely accessed a sensitive database using the authentication credentials (user ID and strong password) of an IT manager. At the time the attack occurred, the IT manager was logged into the system at his workstation at company headquarters.

An employee received an e-mail purporting to be from her boss informing her of an important new attendance policy. When she clicked on a link embedded in the e-mail to view the new policy, she infected her laptop with a keystroke logger.

A company’s programming staff wrote custom code for the shopping cart feature on its website. The code contained a buffer overflow vulnerability that could be exploited when the customer typed in the ship-to address.

A company purchased the leading “off-the-shelf” e-commerce software for linking its electronic storefront to its inventory database. A customer discovered a way to directly access the back-end database by entering appropriate SQL code.

Attackers broke into the company’s information system through a wireless access point located in one of its retail stores. The wireless access point had been purchased and installed by the store manager without informing central IT or security.

An employee picked up a USB drive in the parking lot and plugged it into his laptop to “see what was on it.” As a result, a keystroke logger was installed on that laptop.

Once an attack on the company’s website was discovered, it took more than 30 minutes to determine who to contact to initiate response actions.

To facilitate working from home, an employee installed a modem on his office workstation. An attacker successfully penetrated the company’s system by dialing into that modem.

An attacker gained access to the company’s internal network by installing a wireless access point in a wiring closet located next to the elevators on the fourth floor of a high-rise office building that the company shared with seven other companies.

Answer 1

*Answer:

Step-by-step solution

1. Step 1 of 11

   Preventive and detective/corrective controls on the threats:

   a)

   Consider the case; an employee laptop is stolen at the airport which contains the personal information about the company customers. In the above case the information stolen can be prevented by the following actions:

   Preventive measure:

   • Sensitive information stored on laptop must be encrypted.

   • Train the employees while carrying the laptop with the personal information from the risk of theft.

   Corrective:

   • Installation of “phone home” software helps to recover the sensitive information on laptop through organization or it can be remotely erased from the outside.

   Comment

2. Step 2 of 11

   b)

   Consider the case that salesperson enters into payroll system by guessing the supervisor password.

   Preventive measure:

   • Requirement of password must be set strong enough with either of the following choices such as use of multiple character types, random characters, at least an 8 character length and changing of password frequently.

   Detective:

   • If there are more than 3 to 5 unsuccessful attempts then lock out the account and this resembles the guessing attack of the passwords.

   Comment

3. Step 3 of 11

   c)

   Assume that while IT (Information Technology) manager logged on to the system in his workstation at headquarters, a criminal at the same time access the authentication credentials presented in the sensitive database using login ID and password of the respective user.

   Preventive measure:

   • The database must be integrated both with the physical and logical security.

   • Next the system must not allow the user remotely to log in into the system whenever the physical workstation is logged on.

   Detective:

   • If the database is integrated then it identifies that an appropriate security is protected with the database.

   Comment

4. Step 4 of 11

   d)

   If the employee receive any email from their boss regarding new attendance policy. While clicking the respective link the computer is infected with a keystroke logger.

   Preventive measure:

   • Since the above case is common phishing scam attack and the employees must be trained with the security awareness program to prevent the above problem.

   Detective and corrective measure:

   • The anti-spyware software must be installed on all the company’s information system computers which help to detect and clean the spam that is automatically detected during the logon process of an employee.

   Comment

5. Step 5 of 11

   e)

   Consider the case that the staff in a company writes the custom code for the shopping cart. But the code contains the buffer overflow vulnerability while typing the shipping address.

   Preventive measure:

   • Programmers must be trained secure on programming practices.

   • The testing practice of programmers must check the input of the user.

   • Management of the organization should ensure the programming a practice of an employee’s even though there is some delay in new programs deployment and testing.

   Detective:

   • Before using into environment, the programs must be thoroughly tested with test cases.

   • Next, the internal auditor must keep on testing the newly developed in-house software.

   Comment

6. Step 6 of 11

   f)

   The electronic storefront is linked to the inventory database using the purchased e-commerce software of a company. The customer identified that the back-end database by entering the SQL (Structured Query Language) code.

   Preventive measure:

   • Maintain the secure code during the installation of third party software.

   • Test the software completely before using it.

   • Implement the patch management program so that any vendor provided the patches and fixes are immediately implemented.

   Comment

7. Step 7 of 11

   g)

   The case is that the attacker enters into information system of its retail store through wireless access point. Due to damage in access point, the store manager unknowingly installs the new wireless access point without any prior information to the security or information Technology.

   Preventive measure:

   • The unauthorized wireless access points are stopped by implementing the policy.

   Detective:

   • Conducting routine audits on company information system helps to identify the unauthorized wireless access points.

   Corrective:

   • Dismiss the employee who violate the policy and install the unauthorized wireless access points.

   Comment

8. Step 8 of 11

   h)

   An employee picks up a USB drive from the parking and he/she might plug it into the laptop to see the information but unfortunately the keystroke logger results in the laptop.

   Preventive measure:

   • Security training must be given to employees. It must teach the employees never to insert the USB drives that are other than source.

   • The anti-spyware software must be installed on all the company’s information system computers which help to detect and clean the spam that is automatically detected during the logon process of an employee.

   Comment

9. Step 9 of 11

   i)

   The case is that there is an attack on company’s website and it takes 30 minutes to identify the person to initiate the responsive action.

   Preventive measure:

   • The company must contain the document about the members and their contact information.

   • According to the attack, practice the incident responsive plan.

   Comment

10. Step 10 of 11

    j)

    In this case an employee for his/her own favor installed a modem on office workstation. Unfortunately the attacker attacks the company information system by dialing the modem.

    Preventive measure:

    • Unauthorized modems are routinely checked by dialing company allocated telephone numbers.

    Comment

11. Step 11 of 11

    k)

    Consider the case that the attacker attacks the internal network of the company by wireless access point which is closely connected next to the elevators and shared with seven computers.

    Preventive measure:

    • Lock all the wiring closets.

    • Implement the detection of intruder.

    • While authenticating the system through wireless client then keep strong attempt to log into the system.

    ***Please please like this answer so that I can get a small benefit. Please support me. Thankyou***