PricingBlogAbout Us

University of Jeddah CPIS 606 IS Auditing Assignment

Verified

Added on  2022/09/16

|5
|900
|16
Homework Assignment
AI Summary
This assignment, completed for CPIS 606 at the University of Jeddah, delves into information systems auditing, focusing on security vulnerabilities and IT asset management. Part 1 examines credit/debit card hacking, exploring the vulnerability exploited (skimming), the information gained, the methods used, and mitigation strategies. The student highlights the specific interest in skimming, referencing TEDxMidwest. Part 2 centers on auditing a router, emphasizing network encryption, firmware, wireless signal range, MAC address filtering, and password settings. It also covers IT asset inventory, including hardware, software, and classification schema. The inventory includes servers, PCs, laptops, printers, and network devices, alongside software and telecommunications assets, categorized by impact level and confidentiality. The assignment underscores the importance of a comprehensive IT asset inventory for effective security and management.
Document Page
CPIS 606 – IS Auditing
Student’s name
Institution Affiliation(s)
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
Part 1: Step 2
What is the vulnerability being exploited?
Credit/debit card hacking
What information or data can be gained by a hacker exploiting this vulnerability?
Credit/Debit card hacking or theft can be done with the intent of using the card details for
fraudulent activities of stealing money. Unfortunately, most credit/debit card victims do not
realize it until it’s too late. In most cases, false card charges will show the first signs that your
card has been compromised
How is the hack performed?
Credit/debit card hacking can be achieved through the use of various techniques such as
hacking into other businesses to obtain your details, installing malware and viruses, dumpster
diving, phishing scams, and skimming.
What about this particular hack that interested you specifically?
Credit/debit card hacking through skimming got me interested. According to
TEDxMidwest (2012), credit card skimming using a small machine that intercepts a legit
transaction and captures your credit/debit card information. Hackers will position credit/debit
card skimmers over swipe machines at unsuspecting sales points and ATMs and will then collect
all the information captured during transactions.
How do you think this particular hack could be mitigated?
While using your credit/debit card anywhere, you expose yourself to cyber-attacks by
hackers. However, several methods or practices can keep your credit/debit card info safe. For
instance, making use of secure websites only, never store your credit/debit card info in your
browser, using strong passwords with combinations of symbols and alphanumeric, and being
careful on the stations where you use your cards (Eich, 2018). It is also advisable to have your
credit/debit cards, and bank accounts alerts enabled on your phone.
Document Page
Part 2: Auditing a router
When auditing a router, you need to focus on the following information:
a) Network encryption certificates
b) The router’s firmware
c) The rage of the wireless signal
d) The filtered MAC addresses
e) The password settings
To ensure the security of a router, the router should have a strong password that is regularly
changed, an updated firmware, a reduced range of a wireless signal, the router should allow for
network encryption and finally, ensure that the network’s SSID name is changed periodically
(Agarwal, 2014).
Inventory of IT assets
The purpose of developing an inventory for IT assets is so that we have an accurate, a
complete and an updated assessment of the whole network (Brien, 2016). All the network
components such as routers, switches, servers, PCs, software and everything else that make up
the IT infrastructure should be included in the asset inventory. At any given moment in time, the
IT asset inventory should provide the real and current status of the IT infrastructure, that is, it
should tell what IT asset we have and where it’s located across the organization (Kostadinov,
2019).
Identify and create an inventory of IT assets for your organization.
Types of Hardware e.g. PCs, laptop, printer, routers, server, hub, switch, network adaptors, RAM,
CPU count and disk space
Hardware manufacture
information
e.g. model number, serial number, model name
Software Operating system and specific version, all installed software like drivers,
applications, utilities and plugins with their specific versions, installed
patches
Processes info Services, running processes, registry keys
Virtual environment
info
Images of both inside and outside the environment, asset name and IP
address.
Other main info Open ports, IT policy compliance settings, existing system vulnerabilities,
approved user accounts and logins record, last time to start boot the system,
geo-location and time zone,

This is a preview!

Do you want full access?

icon

Trusted by 1+ million students worldwide

Document Page
Create assets classification schema for the identified assets.
IT Assets Asset Classification Impact level
Hardware
Server Public Critical
PCs Public High
Laptop Private Medium
Printer Public Low
Switch Public High
Router Public High
Open ports Private High
Software
Operating system Public Critical
Drivers Public Medium
Office applications Public Low
Plugins Private Low
Telecommunications
VoIP device Public Low
Smartphone Private Medium
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
References
Agarwal, A. (2014, June 1). How to Secure Your Wireless (Wi-Fi) Home Network. Retrieved
from Digital Inspiration website: https://www.labnol.org/internet/secure-your-wireless-
wifi-network/10549/ (Accessed 11.04.2020)
Brien, N. (2016, August 10). IT asset management: How to be efficient. Retrieved from CIO
website: https://www.cio.com/article/3095256/it-asset-management-how-to-be-
efficient.html (Accessed 11.04.2020)
Eich, M. (2018, February 3). Prevent, Detect, Mitigate, and Recover from Cyberhacking.
Retrieved from https://www.claconnect.com/resources/articles/2018/prevent-detect-
mitigate-and-recover-from-cyberhacking (Accessed 11.04.2020)
Kostadinov, D. (2019, June 19). Information and Asset Classification. Retrieved from Infosec
Resources website: https://resources.infosecinstitute.com/information-and-asset-
classification/ (Accessed 11.04.2020)
TEDxMidwest. (2012). Top hacker shows us how it’s done | Pablos Holman | TEDxMidwest.
Retrieved from https://www.youtube.com/watch?v=hqKafI7Amd8&feature=youtu.be
(Accessed 11.04.2020)
chevron_up_icon
1 out of 5
circle_padding
hide_on_mobile
zoom_out_icon
logo.png

Your All-in-One AI-Powered Toolkit for Academic Success.

  +13062052269
info@desklib.com

Available 24*7 on WhatsApp / Email

[object Object]
Unlock your academic potential

Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.