The interns who appear to be violating numerous security rules are approached by the CISO and express their discontent. They don't encrypt their workstations, download illegal music, link their personal gadgets to company computers, spend too much time on social media, and download pornographic material on business systems, claims the corporation. The CISO advises you to develop a security document (Rules of Behavior) with at least 15 rules defining what employees are allowed and not allowed to do when connected to the company network.

The interns who appear to be violating numerous security rules are approached by the CISO and express their discontent. They don't encrypt their workstations, download illegal music, link their personal gadgets to company computers, spend too much time on social media, and download pornographic material on business systems, claims the corporation. The CISO advises you to develop a security document (Rules of Behavior) with at least 15 rules defining what employees are allowed and not allowed to do when connected to the company network.

Fundamentals of Information Systems

9th Edition

ISBN:9781337097536

Author:Ralph Stair, George Reynolds

Publisher:Ralph Stair, George Reynolds

Chapter10: Ethical, Legal, And Social Issues Of Information Systems

Section: Chapter Questions

Problem 1CE

See similar textbooks

Similar questions

This week, your flooring sales and installation company client wants you to explain the different kinds of attack threats their business faces from hackers. Write a 1- to 2-page memo or create a 1- to 2-page table that summarizes attack threats from hackers to any business, noting which are applicable to your client's business; how the vulnerabilities in a system can be exposed; and countermeasures that can mitigate against threats from attack. Describe sniffing attacks, identify a protocol that is vulnerable to sniffing, and suggest appropriate countermeasures. Describe session hijacking, provide an example of a specific threat from session hijacking, and recommend appropriate countermeasures for the threat. Describe spoofing, provide an example of a specific threat from spoofing, and recommend appropriate countermeasures for the threat. Describe poisoning attacks, provide an example of a specific threat from a poisoning attack, and recommend appropriate countermeasures…
Question 1 Which of the following correctly describes the difference between privacy and security? Privacy is about the individual's control over sensitive information pertaining to the individual; security is about the methods used to provide control over information. Privacy is about controlling access to personal information; security is about controlling access to company information. None of the listed choices are correct. Privacy and security refer to the sets of controls used to protect information. Question 2 Extended service agreements which run for 3 more years require that Sifers-Grayson provide software maintenance and patches for SCADA systems sold more than fifteen years ago. The engineering workstations used to provide this support take up 500 sq ft of space in the R&D lab and, due to their reliance on Windows XP, present security vulnerabilities which need to…
In 2018, the credit rating agency Equifax disclosed a major data breach involving the personal information of nearly 150 million people. Although Equifax's internal policy required patching critical vulnerabilities within 48 hours, a vulnerability was left unpatched for about 2 months. This was the vulnerability that was exploited by hackers to gain access to the system and obtain the personal information. In this exercise, you will analyze the Equifax incident and consider how the RMF could have helped Equifax prevent the incident. Carefully review this report and identify two vulnerabilities from different organizational levels, such as one vulnerability from Level 3 and one vulnerability from Level 1 or 2. Now think about the seven steps of the RMF. Summarize how these steps could have helped Equifax prevent or mitigate the vulnerabilities you identified. Identify at least one step for each vulnerability.
The CISO approaches the interns who seem to be breaking various security standards, who express their displeasure. According to the organization, they don't encrypt their workstations, download unlicensed music, connect personal devices to corporate computers, spend too much time on social media, and download pornographic content on workplace systems. The CISO recommends that you create a security document (Rules of Behavior) that has at least 15 rules limiting what employees may and may not do when connected to the corporate network.
1. What methods does a social engineering hacker use to gain information about a user’s login ID and password? How would this method differ if it targeted an administrator’s assistant versus a data-entry clerk? 2. Consider the information stored in your personal computer. Do you currently have information stored in your computer that is critical to your personal life? If that information became compromised or lost, what effect would it have on you? 3. There are a number of professional organizations for computer security. Search for two organizations and share the websites and descriptions of those organizations. Share that information here:4. Choose two of the US federal agencies listed in Chapter 3 that deal with computer/cybercrime. List at least three differences, in terms of reach or responsibility, between the two organizations.
The computer lab of a local college needs a one-page document that it will distribute to its incoming students to increase their security awareness. After reading the information presented in this module and other sources, prepare a document, which should include a 10-item bullet list of the things that students must remember to reduce the risks of using information technology. After reading the information presented in this module and other sources, write a one-page paper about three high-profile companies that faced security breaches in the last two years. Identify two vulnerabilities that enabled hackers to break into these companies’ systems. Denial of service (DoS) is among the security threats that have been on the rise in recent years. After reading the information presented in this module and other sources, write a one-page paper that outlines four recommendations for dealing with this security threat. Cite three U.S. companies that have been among the victims of this security…
Q(2) Hi there, Please answer all the five multiple choice questions. No written explanation needed for all the questions. Thank you in advance. [6] Which of the following risk mitigation strategies will allow Ann, a security analyst, to enforce least privilege principles? A User rights reviews B. Incident management C. Risk based controls D. Annual loss expectancy [7] A forensic analyst is reviewing electronic evidence after a robbery. Security cameras installed at the site were facing the wrong direction to capture the incident. The analyst ensures the cameras are turned to face the proper direction. Which of the following types of controls is being used? A. Detective B. Deterrent C. Corrective D. Preventive [8] A company that purchased an HVAC system for the datacenter is MOST concerned with which of the following? A. Availability B. Integrity C. Confidentiality D. Fire…
An example of a current security lapse involving access control or authentication might be instructive. Do you think it has changed the way the corporation does business? Are you able to provide me specific information on whether or not the business has suffered losses?
A recent incident involving a security weakness in authentication or access control may make for a fascinating topic for a case study if it was written up. Is there going to be a change in the way that the company functions as a consequence of this? I was wondering if you would mind if I inquired about the loss history of the firm and, if so, what those losses consisted of.
Assuming that we had to place our current Yoga application into production, with the addition of the firewall we installed identity three(3) significant and distinct areas for which our application and its environment is still vulnerable, and list some possible ways we would need to protect those vulnerabilities? Be sure to be specific, thorough, and use critical thinking. Imagine this is for your boos, and your job depends on it, but keep it limited to just three paragraphs. Each paragraph should clearly list a vulnerability and at least one mitigation for each. Expected length: 3 well-formed but concise paragraphs.
Human error or failure can be described as acts performed without intent ormalicious purpose or ignorance by an authorised user.Considering the statement above, discuss how social engineering is one of the actsthat necessitate the need for information security for any finance industryorgansiation. In your answer, you must state what social engineering is and use anytwo types or forms of social engineering in the context of information security asexamples.
"The Department of Justice (DoJ) suffered a ransomware attack in September 2021 that resultedin its systems being encrypted and going offline, and the exposure of at least 1,200 files".Describe the mitigation strategy that the DoJ can use for controlling risk. In your discussion,outline the three planning approaches that the DoJ can use to mitigate risk.