Pearson eText for Software Engineering -- Instant Access (Pearson+)
10th Edition
ISBN: 9780137503148
Author: Ian Sommerville
Publisher: PEARSON+
expand_more
expand_more
format_list_bulleted
Expert Solution & Answer
Chapter 13, Problem 13.2E
Explanation of Solution
Mentcare System:
Mentcare system is used in many healthcare facilities and is designed for use in clinics attended by patients suffering from mental health problems and records details of their consultations and conditions.
- Asset: Asset is any resource owned by the business and for Mentcare healthcare system, an asset can be local customer
database stored in hospital’s database. - Exposure: Exposure is the state of having no protection from harmful situations and for Mentcare healthcare system; exposure can be loss of consultation records which could have clinical consequences.
- Vulnerability: Vulnerability is being exposed to the possibility of being attacked and for Mentcare healthcare system; vulnerability can arise when physician leaves consultation with patient but leave them logged into systems...
Expert Solution & Answer
Want to see the full answer?
Check out a sample textbook solutionStudents have asked these similar questions
Write a scenario or situation that shows
attacks that affected a system, then
suggest Security Mechanisms Can be
used to protect the victim from such
attacks. write and explain
this with give
references?
Which of the following is true regarding vulnerability appraisal?
a. Vulnerability appraisal is always the easiest and quickest step.
b. Every asset must be viewed in light of each threat.
c. Each threat could reveal multiple vulnerabilities.
d. Each vulnerability should be cataloged.
Which of the following is the best description of purpose of risk management?
a. To implement measures to reduce risks to an acceptable level.
b. To outline the threats to which IT resources are exposed.
c. To determine the damage caused by possible security incidents.
d. To determine the probability that a certain risk will occur.
Chapter 13 Solutions
Pearson eText for Software Engineering -- Instant Access (Pearson+)
Knowledge Booster
Similar questions
- Write a scenario or situation that shows attacks that affected a system, then suggest Security Mechanisms Can be used to protect the victim from such attacks.arrow_forwardWhat is a person or element that has the power to carry out a threat? a. Threat actor b. Agent c. Risk exploiter d. Cyber invaderarrow_forwardThere are two graphs presented from the CERT on reported incidents and vulnerabilities. Keep in mind the difference between an incident and vulnerability. While these charts are dated they still provide valuable trend information that continues to rise. Today, both security incidents and security vulnerabilities continue to rise for a variety of reasons. What reasons can you provide for the continuing upwards trend in the number of incidents reported? You should provide at least four (4) reasons with supporting data and reasoned arguments to support your answer. Good answers will provide facts, reasoned arguments and references that go beyond anecdotal information. Explain using facts, reasoned arguments and references that go beyond anecdotal information and link to sources. PLEASE ADD YOUR SOURCES! Please have clear writing as well! Thank you!arrow_forward
- Assume that a security model is needed for the protection of information in your class. Using the CNSS model, examine each of the cells, and write a brief statement on how you would address the three components of each cell.arrow_forwardAssume that a security model is needed for the protection of information in your class. Using the CNSS model, examine each of the cells and write a brief statement on how you would address the three components occupying that cell.arrow_forwardIn this section, you will prepare a risk mitigation plan using SimpleRisk. Before using SimpleRisk, you will create a paper-based plan. You will need to create three security controls in your risk mitigation plan: one control that reduces the asset value, one that reduces the vulnerability severity, and one that reduces the threat impact. Your security controls should also include examples of both strategic and tactical controls. You can refer to the following table for a clearer picture of the requirements. Security Control Reduces Level (strategic/tactical) Asset value Vulnerability severity Threat Impact Define three security controls designed to mitigate the risk associated with a recent leak of sensitive information that was stored in cleartext files. Once you have identified your security controls, use SimpleRisk to create a Risk Mitigation plan. You do not need to perform a management review in this section.arrow_forward
- Read the comic operational survival. What security context is mentioned in this comic? (hint: remember that threat must be human, not natural).arrow_forwardImagine that a virus was attached to an email that was sent to Jim, and that this email caused Jim to get infected with the virus. Are you able to provide a description of this attack, including the vulnerabilities, hazards, and those who committed it?arrow_forwardUsing concrete examples might help you make your point more clear. In order to be a part of the information security function, conventional personnel practises are merged with controls and integrated with information security concepts in this area.arrow_forward
- Answer all question Q. or identity theft where an employee's identity can be compromised by external factors such an email from unwanted sources or a fake identity being created and used? Q. Risk. is the process by which the probability and impact of individual risks are measured? Q. A is defined as "the potential for a threat-source to exercise (accidentally trigger or intentionally exploit) a specific vulnerability"? Q. Risk management steps should also be considered in the development of a that will be used by employees in an organization? Q. refers to the "magnitude of harm that could be caused by a threat exploiting vulnerability?arrow_forwardRead the scenario based on the fictional company, Sequential Label and Supply Company ( SLS) on the first two pages in Chapter 1. This scenario illustrates that the information risks and controls are not in balance at Sequential Label and Supply. Though Amy works in a technical support role and her job is to solve technical problems, it does not occur to her that a malicious software pro-gram, like a worm or virus, might be the agent of the company’s current ills. Management also shows signs of confusion and seems to have no idea how to contain this kind of incident. If you were in Amy’s place and were faced with a similar situation, what would you do? How would you react? Would it occur to you that something far more insidious than a technical malfunction was happening at your company? The next day at SLS found everyone in technical support busy restoring computer systems to their former state and installing new virus and worm control software. Amy found herself learning how to…arrow_forwardWhen there is a threat and a vulnerability that the threat can exploit, we have a zero-day vulnerability. an asset. a risk. an APT (advanced persistent threat).arrow_forward
arrow_back_ios
SEE MORE QUESTIONS
arrow_forward_ios
Recommended textbooks for you
- Management Of Information SecurityComputer ScienceISBN:9781337405713Author:WHITMAN, Michael.Publisher:Cengage Learning,Information Technology Project ManagementComputer ScienceISBN:9781337101356Author:Kathy SchwalbePublisher:Cengage LearningPrinciples of Information Security (MindTap Cours...Computer ScienceISBN:9781337102063Author:Michael E. Whitman, Herbert J. MattordPublisher:Cengage Learning
Management Of Information Security
Computer Science
ISBN:9781337405713
Author:WHITMAN, Michael.
Publisher:Cengage Learning,
Information Technology Project Management
Computer Science
ISBN:9781337101356
Author:Kathy Schwalbe
Publisher:Cengage Learning
Principles of Information Security (MindTap Cours...
Computer Science
ISBN:9781337102063
Author:Michael E. Whitman, Herbert J. Mattord
Publisher:Cengage Learning