Principles of Information Systems (MindTap Course List)
13th Edition
ISBN: 9781305971776
Author: Ralph Stair, George Reynolds
Publisher: Cengage Learning
expand_more
expand_more
format_list_bulleted
Question
Chapter 13, Problem 2CE
Program Plan Intro
Security policy:
- A security policy defines an organization’s security requirements.
- It provides controls and consents needed for meeting requirements.
- A security policy is a well written document in an organization giving the guidelines to how to protect the organization from threats.
- It includes
computer security threats, and how to handle situations when they do occur. - A good security policy must identify all of a company's assets as well as all the potential threats to those assets.
- The employees of the company need to be kept updated on the company's security policies.
- The policies themselves should also be updated regularly.
Expert Solution & Answer
Trending nowThis is a popular solution!
Students have asked these similar questions
Your firm has around 200 workers and contractors, and you are in charge of training them all on computer security. What topics would you cover in the fundamental security training session that you would conduct for workers who are not involved in IT? What type of further training on matters pertaining to security would be acceptable for staff after they have a firm grasp on the fundamentals?
You teach the 200 employees and contractors of your company on computer security. The most important things you'd cover in a half-hour security training session for non-IT staff are: What kind of security-related training is necessary once the fundamentals have been covered?
One of the most sophisticated attacks on record was carried out by a virus known as
Stuxnet. Stuxnet first appeared in 2009 but became widely known in 2011 when it was revealed
that it had apparently severely damaged or incapacitated the high-speed centrifuges involved in
Iran’s uranium enrichment program. Read about Stuxnet and see what strategy/tactics you can
devise based on software quality attributes against it
Chapter 13 Solutions
Principles of Information Systems (MindTap Course List)
Ch. 13.1 - Prob. 1RQCh. 13.1 - Prob. 2RQCh. 13.1 - Prob. 1CTQCh. 13.1 - Prob. 2CTQCh. 13.2 - Prob. 1RQCh. 13.2 - Prob. 2RQCh. 13.2 - Prob. 1CTQCh. 13.2 - Prob. 2CTQCh. 13 - Prob. 1SATCh. 13 - Prob. 2SAT
Ch. 13 - Prob. 3SATCh. 13 - Prob. 4SATCh. 13 - Prob. 5SATCh. 13 - Prob. 6SATCh. 13 - Prob. 7SATCh. 13 - Prob. 8SATCh. 13 - Prob. 9SATCh. 13 - Prob. 10SATCh. 13 - Prob. 11SATCh. 13 - Prob. 12SATCh. 13 - Prob. 13SATCh. 13 - Prob. 14SATCh. 13 - Prob. 1RQCh. 13 - Prob. 2RQCh. 13 - Prob. 3RQCh. 13 - Prob. 4RQCh. 13 - Prob. 5RQCh. 13 - Prob. 6RQCh. 13 - Prob. 7RQCh. 13 - Prob. 8RQCh. 13 - Prob. 9RQCh. 13 - Prob. 10RQCh. 13 - Prob. 11RQCh. 13 - Prob. 12RQCh. 13 - Prob. 13RQCh. 13 - Prob. 14RQCh. 13 - Prob. 15RQCh. 13 - Prob. 16RQCh. 13 - Prob. 1DQCh. 13 - Prob. 2DQCh. 13 - Prob. 3DQCh. 13 - Prob. 4DQCh. 13 - Prob. 5DQCh. 13 - Prob. 6DQCh. 13 - Prob. 7DQCh. 13 - Prob. 1PSECh. 13 - Prob. 2PSECh. 13 - Prob. 1TACh. 13 - Prob. 2TACh. 13 - Prob. 3TACh. 13 - Prob. 1WECh. 13 - Prob. 2WECh. 13 - Prob. 3WECh. 13 - Prob. 1CECh. 13 - Prob. 2CECh. 13 - Prob. 3CECh. 13 - Prob. 1CTQ1Ch. 13 - Prob. 2CTQ1Ch. 13 - Prob. 3CTQ1Ch. 13 - Prob. 1CTQ2Ch. 13 - Prob. 2CTQ2Ch. 13 - Prob. 3CTQ2
Knowledge Booster
Similar questions
- A software solution to be used by a large organization (let us say 1000 users) can be provided by a physical network infrastructure and a private data center, or by cloud infrastructures and the Internet. Discuss the two cases and compare their effectiveness and efficiency. Introduce suitable metrics to support your points. ABC bank had their security systems checked and updated almost three years ago and believe it is now time to call in the experts to fish out any vulnerabilities and resolve them in a suitable way. The company hired to do these checks found the following security flaws: FLAW #1 - BROKEN AUTHENTICATIONAn attacker can easily brute force user passwords by sending an unlimited amount of POST requests to /login. FLAW #2 - SENSITIVE DATA EXPOSUREThe bank's web application uses HTTP to send user credentials and passwords are stored in plain text. FLAW #3 - BROKEN ACCESS CONTROLA cookie is set to the browser in order to remember the user which contains the unique ID. An…arrow_forwardyou will be given a role and some prompts to answer. You are the system administrator for a large hospital with 1000s of Windows, Unix, and embedded systems, such as medical devices. How would you go about making sure that your system is secure and manage the vulnerabilities that arise in it? What tools and processes would you use? How do you think you can get buy in from your organization to incorporate a vulnerability management strategy?arrow_forwardThe computer lab of a local college needs a one-page document that it will distribute to its incoming students to increase their security awareness. After reading the information presented in this module and other sources, prepare a document, which should include a 10-item bullet list of the things that students must remember to reduce the risks of using information technology. After reading the information presented in this module and other sources, write a one-page paper about three high-profile companies that faced security breaches in the last two years. Identify two vulnerabilities that enabled hackers to break into these companies’ systems. Denial of service (DoS) is among the security threats that have been on the rise in recent years. After reading the information presented in this module and other sources, write a one-page paper that outlines four recommendations for dealing with this security threat. Cite three U.S. companies that have been among the victims of this security…arrow_forward
- Discuss how you could use firewalls to support organizational security. What are the advantages and disadvantages of using hardware- and software-based firewalls? What software tools could you use to assess the security of the firewalls used to protect your organization's computer architecture? How can you bypass blocked sites using anonymous website surfing sites?arrow_forwardThe stakeholders of a software company have four new security requirements that they are considering including in the next release of their flagship product: Two-factor authentication (2FA), Captcha for Bot Detection (CBT), Password Expirations (PEX), and Role-base access control (RBA). Given the time constraints, they may not be able to include all, so they need to prioritize these requirements based on three criteria: Maintainability (MA), Ease of Use (EU), and Integration Support (IS). They have the following pairwise preferences of the criteria: Maintainability is three times as important as Ease of Use Ease of Use is two times as important as Integration Support Maintainability is five times as important as Integration Support Based on the above information, do the following: 1. Using the AHP calculations, calculate the criteria weights and rank the threearrow_forwardThe stakeholders of a software company have four new security requirements that they are considering including in the next release of their flagship product: Two-factor authentication (2FA), Captcha for Bot Detection (CBT), Password Expirations (PEX), and Role-base access control (RBA). Given the time constraints, they may not be able to include all, so they need to prioritize these requirements based on three criteria: Maintainability (MA), Ease of Use (EU), and Integration Support (IS). They have the following pairwise preferences of the criteria: Maintainability is three times as important as Ease of Use Ease of Use is two times as important as Integration Support Maintainability is five times as important as Integration Support Based on the above information, do the following: Make a matrix capturing all pairwise comparisons of importance of criteria.arrow_forward
- The stakeholders of a software company have four new security requirements that they are considering including in the next release of their flagship product: Two-factor authentication (2FA), Captcha for Bot Detection (CBT), Password Expirations (PEX), and Role-base access control (RBA). Given the time constraints, they may not be able to include all, so they need to prioritize these requirements based on three criteria: Maintainability (MA), Ease of Use (EU), and Integration Support (IS). They have the following pairwise preferences of the criteria: Maintainability is three times as important as Ease of Use Ease of Use is two times as important as Integration Support Maintainability is five times as important as Integration Support Based on the above information, do the following: Rank the four security requirements using the criteria weights and the following alternatives matrix: MA EU IS 2FA 0.36 0.29 0.09 CBT 0.13 0.33 0.18 PEX 0.27 0.21…arrow_forwardDo you have any recommendations for a critical and analytical assessment of serverless computing security and the areas that require improvement??arrow_forwardExplain the part that firewalls play in keeping your firm secure and what they do specifically. What are the advantages and disadvantages of using firewalls, both hardware and software, and why is it necessary to choose one kind of firewall over another? What sorts of software tools do you employ in order to examine the security of the information technology infrastructure at your organisation? Is there anything you can do that would enable you to circumvent the web filtering system that is present on a website?arrow_forward
- Some experts in IT security believe businesses should recruit former computer criminals as consultants to uncover weaknesses in their security protocols. Do you agree? Is there a good or negative explanation for this?arrow_forwardThis week, your flooring sales and installation company client wants you to explain the different kinds of attack threats their business faces from hackers. Write a 1- to 2-page memo or create a 1- to 2-page table that summarizes attack threats from hackers to any business, noting which are applicable to your client's business; how the vulnerabilities in a system can be exposed; and countermeasures that can mitigate against threats from attack. Describe sniffing attacks, identify a protocol that is vulnerable to sniffing, and suggest appropriate countermeasures. Describe session hijacking, provide an example of a specific threat from session hijacking, and recommend appropriate countermeasures for the threat. Describe spoofing, provide an example of a specific threat from spoofing, and recommend appropriate countermeasures for the threat. Describe poisoning attacks, provide an example of a specific threat from a poisoning attack, and recommend appropriate countermeasures…arrow_forwardJohn Martin, a highly skilled computer technician with a master's degree in computer science took a low profile evening job as a janitor at Kent Manufacturing Company. Since the position was low level no security clearance or background check was necessary. While working at nights, John snooped through offices for confidential information regarding system operations, internal controls, and the financial thresholds for trans-action that would trigger special reviews. He observed employees who were working late, type in their passwords, and managed to install a Trojan horse virus onto the system to capture the IDs and passwords of other employees. During the course of several weeks, john obtained the necessary IDs and passwords to set himself up in the system as a supplier, a customer, systems administrator, which gave him access to most of the accounting system’s functions. As a customer, John ordered inventory that was shipped to a rented building and later sold. As a system…arrow_forward
arrow_back_ios
SEE MORE QUESTIONS
arrow_forward_ios
Recommended textbooks for you
Principles of Information Systems (MindTap Course...Computer ScienceISBN:9781305971776Author:Ralph Stair, George ReynoldsPublisher:Cengage Learning
Fundamentals of Information SystemsComputer ScienceISBN:9781337097536Author:Ralph Stair, George ReynoldsPublisher:Cengage Learning
Management Of Information SecurityComputer ScienceISBN:9781337405713Author:WHITMAN, Michael.Publisher:Cengage Learning,
Systems ArchitectureComputer ScienceISBN:9781305080195Author:Stephen D. BurdPublisher:Cengage Learning
Principles of Information Systems (MindTap Course...Computer ScienceISBN:9781285867168Author:Ralph Stair, George ReynoldsPublisher:Cengage Learning
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781305971776
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Fundamentals of Information Systems
Computer Science
ISBN:9781337097536
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Management Of Information Security
Computer Science
ISBN:9781337405713
Author:WHITMAN, Michael.
Publisher:Cengage Learning,
Systems Architecture
Computer Science
ISBN:9781305080195
Author:Stephen D. Burd
Publisher:Cengage Learning
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781285867168
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning