User Account

All Pages

Explain how the system could be verified as operational

Assignment Help Management Information Sys
Reference no: EM131128797

Scenario:

An employee hacked into the human resource records system at the employee's place of business and changed the employee's base salary rate to obtain a pay raise. The employee did this by spoofing an IP address in order to eavesdrop on the network. Once the employee identified where the data was stored and how to modify it, the employee made the changes and received two paychecks with the new amount.

Fortunately, an auditor happened to discover the error. The auditor sent an e-mail to several individuals within the organization to let them know there was a potential problem with the employee's paycheck. However, the employee was able to intercept the message and craft fake responses from the individuals the original e-mail was sent to. The employee and the auditor exchanged e-mails back and forth until the employee was soon given access permissions for some other financial records. With this new information, the employee was able to lower the salaries of the president of the company and several other employees and then to include the salary difference in the employee's own paycheck.

The IT staff determined that the spoofing that occurred that allowed the employee to gain access to the human resources system was caused by a lack of authentication and encryption controls. As such, a local root certificate authority was installed to implement a public key infrastructure (PKI) in which all communication to the human resource system required a certificate. This would encrypt network traffic to and from the human resources system and prevent eavesdropping. It would also properly authenticate the host to prevent spoofing.

Task:

A. Perform a postevent evaluation of how the organization's IT staff responded to the attack described in the scenario by doing the following:

1. Describe the series of malicious events that led up to the incident.

2. Identify who needs to be notified based on the type and severity of the incident.

3. Outline how the incident could be contained.

4. Discuss how the factor that caused the incident could be eradicated.

5. Discuss how the system could be recovered to return to normal business practice.

a. Explain how the system could be verified as operational.

B. Perform a follow-up of the postevent evaluation by doing the following:

1. Identify areas that were not addressed by the IT staff's response to the incident.

2. Identify the other attacks mentioned in the scenario that were not noticed by the organization.

a. Describe the type and severity of the attacks not noticed by the organization.

b. Describe how these additional attacks can be prevented in the future.

3. Recommend a recovery procedure to restore the computer systems back to a fully operational state.

C. When you use sources, include all in-text citations and references in APA format.

Reference no: EM131128797

Questions Cloud

Rule of ordering production when projected on-hand inventory : Prepare a master schedule given this information: It is now the end of week 1; customer orders are 25 for week 2, 16 for week 3, 11 for week 4, 8 for week 5, and 3 for week 6. Use the MPS rule of ordering production when projected on-hand inventory w..
Find the resonant frequency and bandwidth of the circuit : Find the resonant frequency and bandwidth of the circuit.
Watch without bonnie knowing of the theft : Ann took Bonnie's watch without Bonnie knowing of the theft. Bonnie subsequently discovered her loss and was informed that Ann had taken the watch. Bonnie immediately pursued Ann. Ann pointed a loaded pistol at Bonnie, who, in fear of being shot, ..
You are a newly hired accountant with batista company : You are a newly hired accountant with Batista Company. On your first day, the controller asks you to identify the main internal control objectives related to payroll accounting. How would you respond?
Explain how the system could be verified as operational : Describe the series of malicious events that led up to the incident. Identify who needs to be notified based on the type and severity of the incident. Outline how the incident could be contained.
How to ace your finals without studying : Write an expository essay on the topic "How to ace your finals without studying"
Aligning information technology and organizational strategy : Primary Task Response: Within the Discussion Board area, write 400-600 words that respond to the following questions with your thoughts, ideas, and comments. This will be the foundation for future discussions by your classmates. Be substantive an..
Download the annual income statements-balance sheets : Download the annual income statements, balance sheets, and cash flow statements for the last three fiscal years for Ford Motor Company. Compute three different valuation ratios, three different profitability ratios, and three financial strength ratio..
Identify the three types of employer payroll taxes : How are tax liability accounts and payroll tax expense accounts classified in the financial statements?

Reviews

Write a Review

Management Information Sys Questions & Answers

  What are the qualities of an enterprise cloud

The paper must be written in APA format and include at least one direct quote with proper citation and reference. What are the qualities of an enterprise cloud

  Show the supply chain integration

If you were the new CEO of the second largest supermarket chain, how could you use supply chain integration to be more efficient and profitable

  Hyper-social organization and erp systemsi need help in

hyper-social organization and erp systemsi need help in answering these questions about hyper-social organization and

  Why is it important to use it in information technology

Based on your experience, describe what research is, why we do it, and why we read it? Why is it important to use it in Information Technology (IT) research

  Conduct brief research on the departments within an is

in this presentation assignment you will define the components departments of an is functional area.conduct brief

  Data captureidentify two ways that healthcare organizations

data captureidentify two ways that healthcare organizations perform marketing related data capture that do not violate

  Trends of edischarge in relation to patient care management

Define eDischarge and its impact on patient care management by conducting a costs benefit analysis and a trend analysis to discuss and compare the costs, benefits and trends of eDischarge in relation to patient care management.

  What make the world flat - technology drivers

What make the world flat - technology drivers, business drivers

  Compare and contrast the uml class diagram relationships

Compare and contrast the UML class diagram relationships that can exist between classes and explain when you would use each type of relationship to model a software project

  What are the advantages of the technology discussed

Watch the vedio in the link then answer the questions: https://www.youtube.com/watch?v=E2ht0dEQGIw&feature=youtu.be, What are the advantages of the technology discussed

  Describe the key elements of an information system for mco

Describe the key elements of an information system for an MCO. What elements are different than for a physician office or group

  Response should be no less than 2-3 pages not counting the

what is ecommerce and ebusiness? what are the most significant differences between a brick and mortar business and

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd