CODE GALORE CASELET
1. What are some of the emerging IT security technologies that should be considered in solving the Problem related to the case?
Ans. The Problem areas in this case are:
1 The employees from the newly acquired company Skyhaven can have access to sensitive data of Code Galore because both servers have vulnerabilities that could allow an attacker to gain unauthorised remote privileged access it can be solved by using biometric security or face recognition methods as access methods that would make the data highly secure but since the company has cash crunch they can opt for access rights and permissions to the required users.
2 The source code from Skyhaven that is to be merged with the one from Codegalore is…show more content… 3. Change leads to risk, and some significant changes have occurred. Which of these changes lead to the greatest risk?
Ans. The areas of greatest risk are :
1 Data Security: Since the companies have merged this is of prime importance as who gets to access what.
2 Confidentiality of data: The employees of Skyhaven may have access to the confidential data of code galore.
4 . Imagine that three of the greatest risk events presented themselves in worst-case scenarios. What would be some of these worst-case scenarios?
Ans. The worst case scenarios would be:
1 The computers of code galore which are connected to those of Skyhaven become attacked by malicious software and viruses, that would really jeopardize the business.
2 Since the security is weak it can cause problems if the sensitive data is leaked out of the company in any way.
5. How can the CSO in this scenario most effectively communicate newly and previously identified risk events that have grown because of the changes to senior management?
Ans. The CSO can document what are the risks involved in both the cases .He should also document his suggestion s for the mitigation of new risks. He should arrange meetings with the senior management and highlight the areas which need a prompt response before they go out of hand and lead to further losses for the company. The areas of data security and access rights have to addressed