EBK SOFTWARE ENGINEERING
10th Edition
ISBN: 9780133943238
Author: SOMMERVILLE
Publisher: PEARSON CO
expand_more
expand_more
format_list_bulleted
Expert Solution & Answer
Chapter 14, Problem 14.10E
Explanation of Solution
Ethical issues:
Organization can easily identify any insider attack with the help of the logging system to keep the track of the user activities inside the organization.
- The logging system is used to keep the track of all the users who access the system and try to detect the unusual activities.
- If an employee tries to access the unauthorized data, the data analysis software can easily detect such activities and sends an alert to administrator.
- The security of system can be improved...
Expert Solution & Answer
Want to see the full answer?
Check out a sample textbook solutionStudents have asked these similar questions
Suppose a worker in your organization frequently forgets his password, attempts to use obvious passwords, reuses old passwords, and sometimes gets locked out of the system for failed login attempts. How would you deal with such a user? What organizational policies should be in place for handling user behaviors of this kind?
When managers in hotels plan to purchase new technologies or upgrade their existing systems in their establishments, what they need to be noticed in System security and Data security?
Chain Link Consulting is an information technology consulting company that focuses on system security concerns. When the company's president asks you to assist her with the preparation of a presentation for a group of potential clients at a trade show meeting next month, you say "yes." First and foremost, she would like you to examine system security concerns in light of all six security levels. Afterwards, she wants you to come up with a list of methods that Chain Link might evaluate a client's security procedures in order to obtain an accurate evaluation of their level of exposure.It was her way of making the situation more intriguing by saying that it was fine to be imaginative in your ideas, but that you should avoid proposing anything that would be unlawful or immoral. Example: It might be OK to pretend as a job candidate with phony references to see whether they were being reviewed, but it would be inappropriate to steal a lock and access the computer room to check on things.Your…
Knowledge Booster
Similar questions
- Post a link to an article, or information resource regarding security monitoring or monitoring tools that can be used in an Industrial Control environment. Explain what issues do you find most relevant in the article or tools you have identified, and what considerations you think should be made when deploying security monitoring tools in an industrial environment. Are the tools the same? Is there recommendations specific for ICS environments?arrow_forward• What do you think are some of the difficulties in putting together a good logging and monitoring program since this goes far beyond just collecting and storing the logs somewhere.• What are valuable sources of logs during a security incident and how might these logs help resolve an operational or security issue?arrow_forwardIn the realm of systems management, the significance of implementing backup strategies is a subject of inquiry. It is imperative to ascertain the reasons behind the perceived importance of backups and explore the methods by which this objective can be achieved?arrow_forward
- In 2018, the credit rating agency Equifax disclosed a major data breach involving the personal information of nearly 150 million people. Although Equifax's internal policy required patching critical vulnerabilities within 48 hours, a vulnerability was left unpatched for about 2 months. This was the vulnerability that was exploited by hackers to gain access to the system and obtain the personal information. In this exercise, you will analyze the Equifax incident and consider how the RMF could have helped Equifax prevent the incident. Carefully review this report and identify two vulnerabilities from different organizational levels, such as one vulnerability from Level 3 and one vulnerability from Level 1 or 2. Now think about the seven steps of the RMF. Summarize how these steps could have helped Equifax prevent or mitigate the vulnerabilities you identified. Identify at least one step for each vulnerability.arrow_forwardConsider an automated audit log analysis tool. This tool could be used to distinguish “suspicious activities” from normal user behaviour on a system for some organisations. (This tool could be used for many more purposes as well.) Discuss in detail the pros and cons of the automated audit log analysis tool?arrow_forwardYou are the new information security consultant company for the XYZ Group, a medium-sized software development company. Before hiring you, the company had been plagued with security incidents that are listed below. Management has asked you to help assess the risk and conduct a cost/benefit analysis of proposed solutions. Incident #1: Two years ago, plans for a new product were leaked onto the Internet, and as a result a competitor was able to produce a rival version of the software and get it to market first. XYZ estimates that sales of that software, which were expected to be at $1 million annually, were reduced by 50% due to the information leakage. Next year, the company is planning to introduce a new software that will be a major upgrade to the previous model. It should regain the company's market share in that product line. The cost for averting a similar information leak for the new product is not yet known, but training the staff, which would cost about $50,000 per year, is…arrow_forward
- A case study on a recent incident involving a security flaw in authentication or access control could be quite intriguing. Does this affect the way the company operates? I hoped to learn about the company's loss history and the character of any losses that have transpired.arrow_forwardTake, for example, the authentication or access control system that was recently discovered to have a flaw. If that is the case, how did it influence the day-to-day operations? Is there a record of the specific losses that have been experienced by the company?arrow_forwardTake the most recent instance of a security flaw involving authentication or access control that was reported in the media. If that is the case, how did it influence the day-to-day operations? Is there a list anywhere that details the specific losses that have been suffered by the company?arrow_forward
- a.what is roc in it audit? b.what is a cold site in it audit?arrow_forwardWhat is "log management," and how can it aid in system troubleshooting and security analysis?arrow_forwardWe will present four potential logical security solutions that would provide the system security administrator more power. These methods would provide the administrator more control.arrow_forward
arrow_back_ios
SEE MORE QUESTIONS
arrow_forward_ios
Recommended textbooks for you
- Management Of Information SecurityComputer ScienceISBN:9781337405713Author:WHITMAN, Michael.Publisher:Cengage Learning,
Management Of Information Security
Computer Science
ISBN:9781337405713
Author:WHITMAN, Michael.
Publisher:Cengage Learning,