Unlock document.
This document is partially blurred.
Unlock all pages and 1 million more documents.
Get Access
Managing the Digital Firm, Seventh Canadian Edition
4. What are the most important tools and technologies for safeguarding
information resources?
Name and describe three authentication methods.
Authentication refers to the ability to know that a person is who he or she claims to
be. Some methods are described below:
• What you know: Passwords known only to the authorized users.
• What you have:
o Token is a physical device that is designed to provide the identity of a single
user.
Describe the roles of firewalls, intrusion detection systems, and antivirus
software in promoting security.
A firewall is a combination of hardware and software that controls the flow of
incoming and outgoing network traffic. Firewalls prevent unauthorized users from
accessing internal networks. They protect internal systems by monitoring packets for
the wrong source or destination, or by offering a proxy server with no access to the
internal documents and systems, or by restricting the types of messages that get
through, for example, email. Further, many authentication controls have been added
for Web pages as part of firewalls.
Managing the Digital Firm, Seventh Canadian Edition
Explain how encryption protects information.
Encryption, the coding and scrambling of messages, is a widely used technology for
Describe the role of encryption and digital certificates in a public key
infrastructure.
Digital certificates combined with public key encryption provide further protection of
Distinguish between fault-tolerant and high-availability computing, and between
disaster recovery planning and business continuity planning.
Fault-tolerant computer systems contain redundant hardware, software, and power
supply components that can back the system up and keep it running to prevent system
failure. Some systems simply cannot be allowed to stop, such as stock market systems
High-availability computing, though also designed to maximize application and
system availability, helps firms recover quickly from a crash. Fault tolerance
Disaster recovery planning devises plans for the restoration of computing and
communications services after they have been disrupted by an event such as an
Managing the Digital Firm, Seventh Canadian Edition
Identify and describe the security problems posed by cloud computing.
Accountability and responsibility for protection of sensitive data reside with the
company owning that data even though it’s stored offsite. The company needs to
make sure its data are protected at a level that meets corporate requirements. The
Describe measures for improving software quality and reliability.
Using software metrics and rigorous software testing are two measure for improving
software quality and reliability.
Software metrics are objective assessments of the system in the form of quantified
measurements. Metrics allow an information systems department and end users to
Early, regular, and thorough testing will contribute significantly to system quality.
Testing can prove the correctness of work but also uncover errors that always exist in
software. Testing can be accomplished through the use of:
• Walkthroughs: A review of a specification or design document by a small group of
Managing the Digital Firm, Seventh Canadian Edition
Discussion Questions
1. Security isn’t simply a technology issue, it’s a business issue. Discuss.
Computer systems, of course, are composed of a number of technological marvels. As
with any asset in an organization, they need to be kept secure. A company’s core
capabilities and business processes are vital in today’s digital world. Technology
2. If you were developing a business continuity plan for your company, where
would you start? What aspects of the business would the plan address?
Business managers and information technology specialists need to work together to
determine which systems and business processes are most critical to the company.
3. Suppose your business had an e-commerce Web site where it sold goods and
accepted credit card payments. Discuss the major security threats to this Web
site and their potential impact. What can be done to minimize these threats?
The first major threat to an e-commerce Web site is hackers who could infiltrate the
Managing the Digital Firm, Seventh Canadian Edition
The second major threat to an e-commerce Web site comes from worms, viruses, and
Trojan horse infections. A hacker could plant one of these in the software coding for
Hands-On MIS Projects
1. K2 Network: Operates online game sites that accommodate millions of players at
once and are played simultaneously by people all over the world. Prepare a
security analysis for this Internet-based business. What kinds of threats should it
anticipate? What would be their impact on the business? What steps can it take
to prevent damage to its Web sites and continuing operations?
Threats include:
Hackers and crackers
File sharing over peer-to-peer networks
Managing the Digital Firm, Seventh Canadian Edition
• Intrusion detection systems: Full-time monitoring tools placed at the most
vulnerable points or “hot spots” to detect and deter intruders.
2. Security analysis statistics: analyze high risk, medium risk, and low risk
vulnerabilities by type of computing platform.
Security Vulnerabilities by Type of Computing Platform
Platform
Number of
computers
High
risk
Medium
risk
Low
risk
Total
vulnerabilitie
s
Windows Server (corporate applications)
1
11
37
19
7
Windows Vista Ultimate (high-level
3
5
242
87
1155
1. Calculate the total number of vulnerabilities for each platform. What is the potential
impact of the security problems for each computing platform on the organization?
The total number of vulnerabilities for each platform is indicated in the far right
column of the table.
Potential impact of the security problems for each computing platform
Managing the Digital Firm, Seventh Canadian Edition
• Medium risk vulnerabilities: Obviously it’s not a good thing for users to be able
to shut down systems – that should be restricted to high-level administrators;
2. If you only have one information systems specialist in charge of security, which
platforms should you address first in trying to eliminate these vulnerabilities?
Second? Third? Last? Why?
First platform to protect: Windows Vista Ultimate (high-level administrators) –
administrators usually have access to areas that no other users have. The tasks that
administrators perform affect the core operations of a system.
3. Identify the types of control problems illustrated by these vulnerabilities and explain
the measures that should be taken to solve them.
• General controls: govern the design, security, and use of computer programs and
the security of data files in general throughout the organization’s information
technology infrastructure. General controls apply to all computerized applications
Managing the Digital Firm, Seventh Canadian Edition
• Application controls: specific controls unique to each computerized application,
such as payroll or order processing. They include both automated and manual
procedures that ensure that only authorized data are completely and accurately
processed by that application. Application controls can be classified as input
• Measures that should be taken to solve them include
o Create a security policy and an acceptable use policy
o Use authorization management systems
4. What does your firm risk by ignoring the security vulnerabilities identified?
Information systems are vulnerable to technical, organizational, and environmental
threats from internal and external sources. Managers at all levels must make system
security and reliability their number one priority. They must also impress upon all
Improving Decision Making: Using Spreadsheet Software to Perform a Security
Risk Assessment
Software skills: Spreadsheet formulas and charts
Business skills: Risk assessment
Remind students that setting security policies and procedures really means developing a
plan for how to deal with computer security. One way to approach this task is:
Managing the Digital Firm, Seventh Canadian Edition
• Determine how likely the threats are
Improving Decision Making: Evaluating Security Outsourcing Services
Software skills: Web browser and presentation software
Business skills: Evaluating business outsourcing services
Present a brief summary of the arguments for and against outsourcing computer security
for your company.
Managing the Digital Firm, Seventh Canadian Edition
CASE STUDY: SONY: THE WORLD’S LARGEST DATA BREACH
1. List and describe the security and control weaknesses at Sony that are discussed
in this case.
Hackers corrupted Sony’s servers, causing them to mysteriously reboot. The program
2. What management, organizational, and technology factors contributed to these
problems?
Management: The Sony data breach was apparently the result of a “revenge
hacking,” the use of the Internet to destroy or disrupt political opponents, or to punish
Technology: Sony’s PlayStation Network was using an older version of Apache Web
3. What was the business impact of the Sony data losses on Sony and its
customers?
Data encryption of the sort needed for an operation like Sony’s could easily require a
doubling of computing capacity at Sony. That would significantly impact the
4. What solutions would you suggest to prevent these problems?
As data breaches rise in significance and frequency, the Obama administration and
Congress are proposing new legislation that would require firms to report data
breaches within specific time frames, and sets standards for data security. The Data
Accountability and Trust Act of 2011 being considered by Congress requires firms to
