Scribd
Upload
173 views2 pages

SIPI - Week 6 Group Discussion (SOLUTION)

Preventive, detective, and corrective controls could help mitigate various information security threats: 1) Preventive controls like encryption policies and laptop theft training could reduce risks from stolen laptops containing customer data. Corrective controls like remote wiping software could help recover stolen laptops. 2) Strong password policies and account lockouts after failed logins could prevent password guessing attacks. 3) Integrating physical and logical access controls could block remote logins if the user is already logged in locally, mitigating credential theft risks. Notifying security of such incidents could help detection. 4) Software testing, secure coding standards, and patch management are preventive controls for vulnerabilities in purchased software.

Uploaded by

Luthfia_Sarasvati
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
173 views2 pages

SIPI - Week 6 Group Discussion (SOLUTION)

Preventive, detective, and corrective controls could help mitigate various information security threats: 1) Preventive controls like encryption policies and laptop theft training could reduce risks from stolen laptops containing customer data. Corrective controls like remote wiping software could help recover stolen laptops. 2) Strong password policies and account lockouts after failed logins could prevent password guessing attacks. 3) Integrating physical and logical access controls could block remote logins if the user is already logged in locally, mitigating credential theft risks. Notifying security of such incidents could help detection. 4) Software testing, secure coding standards, and patch management are preventive controls for vulnerabilities in purchased software.

Uploaded by

Luthfia_Sarasvati
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 2

SIPI – Week 6

Group Discussion (SOLUTION)


Topic : Control for information security (PDC)

8.4. Which preventive, detective, and/or corrective controls would best mitigate the
following threats?

a. An employee’s laptop was stolen at the airport. The laptop contained personally
identifying information about the company’s customers that could potentially be
used to commit identity theft.

Preventive: Policies against storing sensitive information on laptops and requiring


that if any such information must exist on the laptop that it be encrypted.

Training on how to protect laptops while traveling to minimize the risk of theft.

Corrective: Installation of “phone home” software might help the organization either
recover the laptop or remotely erase the information it contains.

b. A salesperson successfully logged into the payroll system by guessing the payroll
supervisor’s password.

Preventive: Strong password requirements such as at least an 8-character length, use


of multiple character types, random characters, and require that passwords be changed
frequently.

Detective: Locking out accounts after 3-5 unsuccessful login attempts; since this was
a “guessing” attack, it may have taken more than a few attempts to login.

c. A criminal remotely accessed a sensitive database using the authentication


credentials (user ID and strong password) of an IT manager. At the time the
attack occurred, the IT manager was logged into the system at his workstation at
company headquarters.

Preventive: Integrate physical and logical security. In this case, the system should
reject any user attempts remotely log into the system if that same user is already
logged in from a physical workstation.

Detective: Having the system notify appropriate security staff about such an incident.

d. A company purchased the leading “off-the-shelf” e-commerce software for


linking its electronic storefront to its inventory database. A customer discovered
a way to directly access the back-end database by entering appropriate SQL
code.

1
Preventive: Insist on secure code as part of the specifications for purchasing any 3rd
party software.

Thoroughly test the software prior to use.

Employ a patch management program so that any vendor provided fixes and patches
are immediately implemented.

e. Attackers broke into the company’s information system through a wireless


access point located in one of its retail stores. The wireless access point had been
purchased and installed by the store manager without informing central IT or
security.

Preventive: Enact a policy that forbids installation of unauthorized wireless access


points.

Detective: Conduct routine audits for unauthorized or rogue wireless access points.

Corrective: Sanction employees who violate policy and install rogue wireless access
points.

f. Once an attack on the company’s website was discovered, it took more than 30
minutes to determine who to contact to initiate response actions.

Preventive: Document all members of the CIRT and their contact information.

Practice the incident response plan.

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy