User Account

All Pages

Explain how the system could be verified as operational

Assignment Help Management Information Sys
Reference no: EM131128797

Scenario:

An employee hacked into the human resource records system at the employee's place of business and changed the employee's base salary rate to obtain a pay raise. The employee did this by spoofing an IP address in order to eavesdrop on the network. Once the employee identified where the data was stored and how to modify it, the employee made the changes and received two paychecks with the new amount.

Fortunately, an auditor happened to discover the error. The auditor sent an e-mail to several individuals within the organization to let them know there was a potential problem with the employee's paycheck. However, the employee was able to intercept the message and craft fake responses from the individuals the original e-mail was sent to. The employee and the auditor exchanged e-mails back and forth until the employee was soon given access permissions for some other financial records. With this new information, the employee was able to lower the salaries of the president of the company and several other employees and then to include the salary difference in the employee's own paycheck.

The IT staff determined that the spoofing that occurred that allowed the employee to gain access to the human resources system was caused by a lack of authentication and encryption controls. As such, a local root certificate authority was installed to implement a public key infrastructure (PKI) in which all communication to the human resource system required a certificate. This would encrypt network traffic to and from the human resources system and prevent eavesdropping. It would also properly authenticate the host to prevent spoofing.

Task:

A. Perform a postevent evaluation of how the organization's IT staff responded to the attack described in the scenario by doing the following:

1. Describe the series of malicious events that led up to the incident.

2. Identify who needs to be notified based on the type and severity of the incident.

3. Outline how the incident could be contained.

4. Discuss how the factor that caused the incident could be eradicated.

5. Discuss how the system could be recovered to return to normal business practice.

a. Explain how the system could be verified as operational.

B. Perform a follow-up of the postevent evaluation by doing the following:

1. Identify areas that were not addressed by the IT staff's response to the incident.

2. Identify the other attacks mentioned in the scenario that were not noticed by the organization.

a. Describe the type and severity of the attacks not noticed by the organization.

b. Describe how these additional attacks can be prevented in the future.

3. Recommend a recovery procedure to restore the computer systems back to a fully operational state.

C. When you use sources, include all in-text citations and references in APA format.

Reference no: EM131128797

Questions Cloud

Rule of ordering production when projected on-hand inventory : Prepare a master schedule given this information: It is now the end of week 1; customer orders are 25 for week 2, 16 for week 3, 11 for week 4, 8 for week 5, and 3 for week 6. Use the MPS rule of ordering production when projected on-hand inventory w..
Find the resonant frequency and bandwidth of the circuit : Find the resonant frequency and bandwidth of the circuit.
Watch without bonnie knowing of the theft : Ann took Bonnie's watch without Bonnie knowing of the theft. Bonnie subsequently discovered her loss and was informed that Ann had taken the watch. Bonnie immediately pursued Ann. Ann pointed a loaded pistol at Bonnie, who, in fear of being shot, ..
You are a newly hired accountant with batista company : You are a newly hired accountant with Batista Company. On your first day, the controller asks you to identify the main internal control objectives related to payroll accounting. How would you respond?
Explain how the system could be verified as operational : Describe the series of malicious events that led up to the incident. Identify who needs to be notified based on the type and severity of the incident. Outline how the incident could be contained.
How to ace your finals without studying : Write an expository essay on the topic "How to ace your finals without studying"
Aligning information technology and organizational strategy : Primary Task Response: Within the Discussion Board area, write 400-600 words that respond to the following questions with your thoughts, ideas, and comments. This will be the foundation for future discussions by your classmates. Be substantive an..
Download the annual income statements-balance sheets : Download the annual income statements, balance sheets, and cash flow statements for the last three fiscal years for Ford Motor Company. Compute three different valuation ratios, three different profitability ratios, and three financial strength ratio..
Identify the three types of employer payroll taxes : How are tax liability accounts and payroll tax expense accounts classified in the financial statements?

Reviews

Write a Review

Management Information Sys Questions & Answers

  Prepare a paper describing the telecommunication systems

Workplace Telecommunications systems - Prepare a paper describing the telecommunication systems used at your workplace.

  Describe online analytical processing

Describe at least two methods that business owners could use in order to protect the privacy of both personal information and organizational data resources related to the Web and information technologies. Provide one example of the use of each met..

  Explain information architecture diagrams

Kudler Food Fine Foods: Recommendations for software design, hardware, networks - Physical model of the system: Illustrate the recommended decisions in information architecture diagrams.

  Compare and contrast these practices with other supply

compare and contrast these practices with other supply chain practices both domestic and global.a.identify the existing

  Explain offshore outsourcing for software development

Tablets Take Their Place in the PC Market - What will happen to offshore outsourcing for software development? Can outsourcing firms in India and China for example be expected to develop software systems for use in U.S. schools?

  Show what are the challenges now facing the firm

Is it possible to implement lean supply chain management under such conditions? What are the challenges now facing the firm?

  Structured wiringexplain the rationale for structured

structured wiringexplain the rationale for structured wiring.explain the differences and similarities between a loop

  Discuss the success of cloud-based applications

Mobile computing is becoming so popular that it will at some point render desktop pcs obsolete. Develop an argument either in agreement or disagreement with the statement.

  This addresses users developing computer applicationswhat

this addresses users developing computer applications.what are some of the reasons that business users want to develop

  Developing a new line of ovens

Developing a new line of ovens that uses controlled-laser technology. The research and testing costs associated with the new ovens is said to arise from

  Case for developing strategic information systemsstrategic

case for developing strategic information systemsstrategic information systems sis is critical in the progression of

  Question about final projecttopic adding a new product line

question about final projecttopic adding a new product line as my management situation1. the goalobjectives to

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd