Analysis of Security Risk and Recommendations for Information System
Added on 2023-01-19
7 Pages1453 Words23 Views
Professional Development
|
|
|
Running Head: INFORMATION SYSTEM 1
Information System
Student’s Name
Supervisor’s Name
Course Affiliated
Date
Information System
Student’s Name
Supervisor’s Name
Course Affiliated
Date
INFORMATION SYSTEM 2
Questions 1
(a) Analysis of security risk.
Accessing security protocols of the CFO system put the company assists at risk. The
competitors of the company can use these facts to improve their operation hence putting a
challenge to the market. Therefore exposing the company details will betray management
weakness which may lead to stakeholders to go away.
One can also plant some data in the system which could interfere with the system
operation. Deleting and inserting new data in the order may also cause misunderstanding in the
company that will eventually lead to company failure. The company system is also exposed to
the virus if another login from an insecure source; thus it may lead to the system operating
slowly. The bank is experiencing cybersecurity threats. Within a short time, one can syphon
capital from banks. Most clients always shun away from the company with a weak security
system. Accessing one's data is risky to one investment (Hayden, L. 2010).
(b) Recommendation
Sanitise all calls and emails in the company. All official documents must be cleansed of
any threats before it enters the network of the banks. It is a critical aspect that the management
needs to focus on its structure. Not all member of the bank should have access to the mainframe
server of the company. Restricting logins details to workers put few individuals in charge and
whenever anything happens, they will be answerable. Update the security protocols daily.
Hackers are always searching for any weakness in the system. The system should be able to
handle email spoofing and sandbox evasion malware.
Questions 1
(a) Analysis of security risk.
Accessing security protocols of the CFO system put the company assists at risk. The
competitors of the company can use these facts to improve their operation hence putting a
challenge to the market. Therefore exposing the company details will betray management
weakness which may lead to stakeholders to go away.
One can also plant some data in the system which could interfere with the system
operation. Deleting and inserting new data in the order may also cause misunderstanding in the
company that will eventually lead to company failure. The company system is also exposed to
the virus if another login from an insecure source; thus it may lead to the system operating
slowly. The bank is experiencing cybersecurity threats. Within a short time, one can syphon
capital from banks. Most clients always shun away from the company with a weak security
system. Accessing one's data is risky to one investment (Hayden, L. 2010).
(b) Recommendation
Sanitise all calls and emails in the company. All official documents must be cleansed of
any threats before it enters the network of the banks. It is a critical aspect that the management
needs to focus on its structure. Not all member of the bank should have access to the mainframe
server of the company. Restricting logins details to workers put few individuals in charge and
whenever anything happens, they will be answerable. Update the security protocols daily.
Hackers are always searching for any weakness in the system. The system should be able to
handle email spoofing and sandbox evasion malware.
INFORMATION SYSTEM 3
TIBO management should adequately train their employees on handling the company’s
security system. Most data breaches prevent employees from accessing the best service. Security
should help be at the forefront of everyone’s mind to do security practices to be part of the
company’s culture. IT should deploy the latest technology to defend against the latest threats by
ensuring that all the security solutions are updated to prevent hacking.
Question 2
General control audit: The TIBO management system constantly needs update and
maintenance to keep it in line with technological advancement. The basic operation of the system
must be known to the staffs that are important to the success of the company. All the policy and
producers need to be favorable to all staff regardless they have skills or not.
Application control audit, this type of information system mainly focuses on a particular
application. All the input data and output need is control according to the set standards. The
communication process has to be traced to manage the flow of data. Security and integrity issues
are essential for a healthy business. System development is essential to software development.
Before developing any system, all parts must be involved to have an inclusive policy that favors
both parties. Integrated audit deals with working with other stakeholders such as the financial
staffs in accessing the company procedures and objectives. Forensic examination deals with
detecting any malicious activity band take appropriate actions against them (Pomerantz, O.
2010).
TIBO management should adequately train their employees on handling the company’s
security system. Most data breaches prevent employees from accessing the best service. Security
should help be at the forefront of everyone’s mind to do security practices to be part of the
company’s culture. IT should deploy the latest technology to defend against the latest threats by
ensuring that all the security solutions are updated to prevent hacking.
Question 2
General control audit: The TIBO management system constantly needs update and
maintenance to keep it in line with technological advancement. The basic operation of the system
must be known to the staffs that are important to the success of the company. All the policy and
producers need to be favorable to all staff regardless they have skills or not.
Application control audit, this type of information system mainly focuses on a particular
application. All the input data and output need is control according to the set standards. The
communication process has to be traced to manage the flow of data. Security and integrity issues
are essential for a healthy business. System development is essential to software development.
Before developing any system, all parts must be involved to have an inclusive policy that favors
both parties. Integrated audit deals with working with other stakeholders such as the financial
staffs in accessing the company procedures and objectives. Forensic examination deals with
detecting any malicious activity band take appropriate actions against them (Pomerantz, O.
2010).
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Attack Surface Modellinglg...
|5
|1084
|51
Cyber-Attack at Target Corporation: Importance of Network Security Modellg...
|4
|802
|82
JP Morgan Data Breachlg...
|5
|722
|96
Security Threats to Organizationlg...
|5
|1156
|22
Security Review of Ubuntu Server for the Organizationlg...
|2
|358
|265
Article | SECURITY AWARENESS PROGRAM.lg...
|8
|1614
|9