YG Entertainment (YGE) is a company dedicated to producing and distributing video clips specializing inhip-hop music. Born in the internet era, the company has actively supported laptops and tablets, so staffcan easily work remotely. They can access the company databases through the internet and provide onlineinformation to customers. This decision to support remote work has increased productivity and high moraleamong employees who were allowed to work up to two (2) days a week from home. Based on writtenprocedures and a training course, employees learn security procedures to avoid the risk of unauthorizedaccess to company data. Employees’ access to the company data includes using log-on IDs and passwordsto the application server through a virtual private network (VPN). Initial passwords are assigned by thesecurity administrator. When the employee logs on for the first time, the system forces a password changeto improve confidentiality. Management is currently considering ways to improve security protection forremote access by employees.YGE ask its information system (IS) auditor to review its new VPN implementation to accommodate theincrease in remote work. The auditor discovers that the organization needed to enable remote access toone of its servers for remote maintenance purposes. The firewall policy did not allow any external accessto the internal systems. Therefore, it was decided to install a modem on that server and activate the remoteaccess service to permit dial-up access. To mitigate any vulnerabilities associated with dial-up modems, apolicy has been implemented to manually power the modem only when the third party requests access tothe server and is powered off by the company’s system administrator when the access is no longer needed.Because more and more systems are being maintained remotely, the company asks an IS auditor toevaluate the current risk of the existing solution and propose the best strategy for addressing futureconnectivity requirements.Required:a. When an employee notifies the company that he/she has forgotten his/her password, what should bedone FIRST by the security administrator?b. What is the MOST significant risk that the IS auditor should evaluate regarding the existing remoteaccess practice?c. What control may be implemented to prevent an attack on the internal network initiated through aninternet VPN connection?d. What test is MOST important for the IS auditor to perform as part of the review of dial-up accesscontrols?
YG Entertainment (YGE) is a company dedicated to producing and distributing video clips specializing inhip-hop music. Born in the internet era, the company has actively supported laptops and tablets, so staffcan easily work remotely. They can access the company databases through the internet and provide onlineinformation to customers. This decision to support remote work has increased productivity and high moraleamong employees who were allowed to work up to two (2) days a week from home. Based on writtenprocedures and a training course, employees learn security procedures to avoid the risk of unauthorizedaccess to company data. Employees’ access to the company data includes using log-on IDs and passwordsto the application server through a virtual private network (VPN). Initial passwords are assigned by thesecurity administrator. When the employee logs on for the first time, the system forces a password changeto improve confidentiality. Management is currently considering ways to improve security protection forremote access by employees.YGE ask its information system (IS) auditor to review its new VPN implementation to accommodate theincrease in remote work. The auditor discovers that the organization needed to enable remote access toone of its servers for remote maintenance purposes. The firewall policy did not allow any external accessto the internal systems. Therefore, it was decided to install a modem on that server and activate the remoteaccess service to permit dial-up access. To mitigate any vulnerabilities associated with dial-up modems, apolicy has been implemented to manually power the modem only when the third party requests access tothe server and is powered off by the company’s system administrator when the access is no longer needed.Because more and more systems are being maintained remotely, the company asks an IS auditor toevaluate the current risk of the existing solution and propose the best strategy for addressing futureconnectivity requirements.Required:a. When an employee notifies the company that he/she has forgotten his/her password, what should bedone FIRST by the security administrator?b. What is the MOST significant risk that the IS auditor should evaluate regarding the existing remoteaccess practice?c. What control may be implemented to prevent an attack on the internal network initiated through aninternet VPN connection?d. What test is MOST important for the IS auditor to perform as part of the review of dial-up accesscontrols?
Essentials Of Business Analytics
1st Edition
ISBN:9781285187273
Author:Camm, Jeff.
Publisher:Camm, Jeff.
Chapter6: Data Mining
Section: Chapter Questions
Problem 6P
Related questions
Question
YG Entertainment (YGE) is a company dedicated to producing and distributing video clips specializing inhip-hop music. Born in the internet era, the company has actively supported laptops and tablets, so staffcan easily work remotely. They can access the company databases through the internet and provide onlineinformation to customers. This decision to support remote work has increased productivity and high moraleamong employees who were allowed to work up to two (2) days a week from home. Based on writtenprocedures and a training course, employees learn security procedures to avoid the risk of unauthorizedaccess to company data. Employees’ access to the company data includes using log-on IDs and passwordsto the application server through a virtual private network (VPN). Initial passwords are assigned by thesecurity administrator. When the employee logs on for the first time, the system forces a password changeto improve confidentiality. Management is currently considering ways to improve security protection forremote access by employees.YGE ask its information system (IS) auditor to review its new VPN implementation to accommodate theincrease in remote work. The auditor discovers that the organization needed to enable remote access toone of its servers for remote maintenance purposes. The firewall policy did not allow any external accessto the internal systems. Therefore, it was decided to install a modem on that server and activate the remoteaccess service to permit dial-up access. To mitigate any vulnerabilities associated with dial-up modems, apolicy has been implemented to manually power the modem only when the third party requests access tothe server and is powered off by the company’s system administrator when the access is no longer needed.Because more and more systems are being maintained remotely, the company asks an IS auditor toevaluate the current risk of the existing solution and propose the best strategy for addressing futureconnectivity requirements.Required:a. When an employee notifies the company that he/she has forgotten his/her password, what should bedone FIRST by the security administrator?b. What is the MOST significant risk that the IS auditor should evaluate regarding the existing remoteaccess practice?c. What control may be implemented to prevent an attack on the internal network initiated through aninternet VPN connection?d. What test is MOST important for the IS auditor to perform as part of the review of dial-up accesscontrols?
Expert Solution
This question has been solved!
Explore an expertly crafted, step-by-step solution for a thorough understanding of key concepts.
Step by step
Solved in 2 steps
Knowledge Booster
Learn more about
Need a deep-dive on the concept behind this application? Look no further. Learn more about this topic, accounting and related others by exploring similar questions and additional content below.Recommended textbooks for you
Essentials Of Business Analytics
Statistics
ISBN:
9781285187273
Author:
Camm, Jeff.
Publisher:
Cengage Learning,
Managerial Accounting: The Cornerstone of Busines…
Accounting
ISBN:
9781337115773
Author:
Maryanne M. Mowen, Don R. Hansen, Dan L. Heitger
Publisher:
Cengage Learning
Cornerstones of Cost Management (Cornerstones Ser…
Accounting
ISBN:
9781305970663
Author:
Don R. Hansen, Maryanne M. Mowen
Publisher:
Cengage Learning
Essentials Of Business Analytics
Statistics
ISBN:
9781285187273
Author:
Camm, Jeff.
Publisher:
Cengage Learning,
Managerial Accounting: The Cornerstone of Busines…
Accounting
ISBN:
9781337115773
Author:
Maryanne M. Mowen, Don R. Hansen, Dan L. Heitger
Publisher:
Cengage Learning
Cornerstones of Cost Management (Cornerstones Ser…
Accounting
ISBN:
9781305970663
Author:
Don R. Hansen, Maryanne M. Mowen
Publisher:
Cengage Learning
Principles of Accounting Volume 2
Accounting
ISBN:
9781947172609
Author:
OpenStax
Publisher:
OpenStax College
Accounting Information Systems
Accounting
ISBN:
9781337619202
Author:
Hall, James A.
Publisher:
Cengage Learning,