Principles of Information Security (MindTap Course List)
6th Edition
ISBN: 9781337102063
Author: Michael E. Whitman, Herbert J. Mattord
Publisher: Cengage Learning
expand_more
expand_more
format_list_bulleted
Expert Solution & Answer
Chapter 5, Problem 1E
Explanation of Solution
Evaluation list:
Looking at the issue, the issue which should be evaluated first is “b”. This one seems to be more important, because, it is linked with the e-commerce transactions.
- When the server gets attacked, it creates the serious problem and there is the possibility of stealing the sensitive data.
- Even the attackers may hack the credit card information of the customers which leads to the loss in money.
- There is also possibility of stealing the company’s sensitive information, which makes the organization non-profitable and soon it leads to shut down of the organization.
Issue “a” should be evaluated next...
Expert Solution & Answer
Trending nowThis is a popular solution!
Students have asked these similar questions
If an organization must evaluate the following three information assets for risk management, which vulnerability should be evaluated first for additional controls? Which should be evaluated last?
Switch L4 7 connects a network to the Internet. It has two vulnerabilities: it is susceptible to a hardware failure at a likelihood of 0.2, and it is subject to an SNMP buffer overflow attack at a likelihood of 0.1. This switch has an impact rating of 90 and has no current controls in place. You are 75 percent certain of the assumptions and data.
Server WebSrv6 hosts a company Web site and performs e-commerce transactions. It has a Web server version that can be attacked by sending it invalid Unicode values. The likelihood of that attack is estimated at 0.1. The server has been assigned an impact value of 100, and control has been implanted that reduces the impact of the vulnerability by 75 percent. You are 80 percent certain of the assumptions and data.
Operators use an MGMT45 control…
Exercise 1: If an organization has three information assets to evaluate for risk management purposes, as shown in the list below, which vulnerability should be evaluated for additional controls first? Which vulnerability should be evaluated last?
A CRM-Server that is connected to the Internet. It has two vulnerabilities:
(i) susceptibility to hardware failure, with a likelihood of 8, and
(ii) susceptibility to ransomware attack with a likelihood of 4.
The CRM-Server has been assigned an impact value of 10. Assume that there are no current controls in place to protect it, and there is a 75 percent certainty of the assumptions and data
An E-commerce server hosts the company Web site and supports customer transactions. It runs a server software that is vulnerable to a buffer overflow attack, with the likelihood of such an attack estimated at 6. The server has been assigned an impact value of 8. Assume that there are no current controls in place to protect the server, and there is…
Which of the following is true regarding vulnerability appraisal?
a. Vulnerability appraisal is always the easiest and quickest step.
b. Every asset must be viewed in light of each threat.
c. Each threat could reveal multiple vulnerabilities.
d. Each vulnerability should be cataloged.
Chapter 5 Solutions
Principles of Information Security (MindTap Course List)
Ch. 5 - Prob. 1RQCh. 5 - Prob. 2RQCh. 5 - Prob. 3RQCh. 5 - Prob. 4RQCh. 5 - Prob. 5RQCh. 5 - Prob. 6RQCh. 5 - Prob. 7RQCh. 5 - Prob. 8RQCh. 5 - Prob. 9RQCh. 5 - Prob. 10RQ
Ch. 5 - Prob. 11RQCh. 5 - Prob. 12RQCh. 5 - Prob. 13RQCh. 5 - Prob. 14RQCh. 5 - Prob. 15RQCh. 5 - Prob. 16RQCh. 5 - Prob. 17RQCh. 5 - Prob. 18RQCh. 5 - Prob. 19RQCh. 5 - Prob. 20RQCh. 5 - Prob. 1ECh. 5 - Prob. 2ECh. 5 - Prob. 3ECh. 5 - Prob. 4ECh. 5 - Prob. 5ECh. 5 - Prob. 1CEDQCh. 5 - Prob. 2CEDQCh. 5 - Prob. 3CEDQCh. 5 - Prob. 1EDM
Knowledge Booster
Similar questions
- A company sells products through its webpage. An attacker finds a way to inject commands into their website and retrieve information. The company stores its data unencrypted and uses a weak password for the main server. The company lost major customers’ information due to a hacking incident. From the above scenario, A. Which CIA security model elements were affected in this scenario? a.Define and identify the threat, vulnerability, and impact in this scenario? b.Suggestsome security controls, at least 3, that can be used to secure the system.arrow_forwardTo what extent does your company's network undergo preemptive vulnerability assessment?arrow_forwardAssume a year has passed and XYZ has improved its security. Using the following table, calculate the SLE, ARO, and ALE for each threat category listed. YXZ Software Company (Asset Value: $1,200,000 Threat Category Cost per Incident Frequency of Occurrence Cost of Controls Type of Control Programmer mistakes $5,000 1 per month $20,000 Training Loss of intellectual property $75,000 1 per 2 years $15,000 Firewall/IDS Software piracy $500 1 per month $30,000 Firewall/IDS Theft of information (hacker) $2,500 1 per 6 months $15,000 Firewall/IDS Threat of information (employees) $5,00 1 per year $15,000 Physical security Web defacement $500 1 per quarter $10,000 Firewall Theft of equipment $5,000 1 per 2 years $15,000 Physical security Viruses, worms, Trojan horses $1,500 1 per month $15,000 Antivirus Denial-of-service attack $2,500 1 per 6 months $10,000 Firewall…arrow_forward
- Using each term as a computer network vulnerabilities category, explain an example of a vulnerability for each category in the context of Information Security. 1. Hardware 2. Software 3. Operator 4. Maintanance man 5. Access 6. Systems programmer 7. User 8. Files 9. Hardwarearrow_forwardVulnerability intelligence should come from four sources, which should be considered. According to your estimations, which one is the most advantageous? Why?arrow_forwardGive me 5 vulnerabilities and 5 Risk for network security level controlarrow_forward
- Four sources of vulnerability intelligence should be listed and described. Which seems to be the most advantageous? Why?arrow_forwardFour sources of vulnerability intelligence should be identified and described. Which one seems to be the most advantageous? Why?arrow_forwardAssuming you have been employed to lead a cyber security consultant for a company that performs penetration testing and advice businesses from the report on how to avoid cyber-attacks, use the knowledge you have acquired in performing the following task on two different websites. Using vega software, perform a vulnerability assessment of site 1 and site 2 listed below. It is the same site that can be accessed via http and HTTPS. Site 1 : http://team.critacghana.com Site 2: https://team.critacghana.com Discuss the High, Medium, and Low Risks results obtained from the reports generated by Vega. Present technical solutions to a non-technical audience in industry-standard format concepts based on your findings. Provide five recommendations for five critical risks identified out of the scanning. The connection with the HTTPS is encrypted using TLS_AES_256_GCM-SHA384, 256-bit keys, TLS 1.3. Discuss four advantages of using TLS 1.3. Discuss three importance of performing Ethical hacking.…arrow_forward
- Four sources of vulnerability intelligence should be identified and described in detail. Which way does it seem to be the most successful? Why?arrow_forwardWrite a report which, if implemented, will address all the issues identified in the case study. Thereport must have the following structures:Q.2.1 Your report must be structured in the following approach.Q.2.1.1 Executive summary. (5)Q.2.1.2 Background (case study’s IT security issues only). (5)Q.2.1.3 Development of the proposed solution. (5)Q.2.1.4 The role of the IT risk manager in addressing physical and networkrisk.(5)Q.2.1.5 The best methods of combating the network-based attack. (5)Q.2.1.6 The impact of social engineering when combating network security. (5)Q.2.1.7 The most appropriate mechanism in implementing network accessauthentication and authorisation without compromising networksecurity.(5)Q.2.1.8 The implementation of the best strategy to fight against hacking,hijacking and maintain the online presence.(5)Q.2.1.9 The most appropriate location and strategy for the DMZ and firewallimplementation.(5)Q.2.1.10 Conclusion.arrow_forwardA new vulnerability that affects your organisation’s Wi‐Fi implementation hasjust been published. Argue why you would use operational assessment to handle the publishedvulnerability.arrow_forward
arrow_back_ios
SEE MORE QUESTIONS
arrow_forward_ios
Recommended textbooks for you
- Management Of Information SecurityComputer ScienceISBN:9781337405713Author:WHITMAN, Michael.Publisher:Cengage Learning,Principles of Information Security (MindTap Cours...Computer ScienceISBN:9781337102063Author:Michael E. Whitman, Herbert J. MattordPublisher:Cengage Learning
- Principles of Information Systems (MindTap Course...Computer ScienceISBN:9781305971776Author:Ralph Stair, George ReynoldsPublisher:Cengage LearningFundamentals of Information SystemsComputer ScienceISBN:9781337097536Author:Ralph Stair, George ReynoldsPublisher:Cengage Learning
Management Of Information Security
Computer Science
ISBN:9781337405713
Author:WHITMAN, Michael.
Publisher:Cengage Learning,
Principles of Information Security (MindTap Cours...
Computer Science
ISBN:9781337102063
Author:Michael E. Whitman, Herbert J. Mattord
Publisher:Cengage Learning
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781305971776
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Fundamentals of Information Systems
Computer Science
ISBN:9781337097536
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning