Which of the following should be of greatest concern to an IS auditor conducting an audit of incident response procedures?

Recommended textbook solutions

The Language of Composition: Reading, Writing, Rhetoric

2nd EditionLawrence Scanlon, Renee H. Shea, Robin Dissin Aufses

661 solutions

Technical Writing for Success

3rd EditionDarlene Smith-Worthington, Sue Jefferson

468 solutions

Technical Writing for Success

3rd EditionDarlene Smith-Worthington, Sue Jefferson

468 solutions

Edge Reading, Writing and Language: Level C

David W. Moore, Deborah Short, Michael W. Smith

304 solutions

You are correct, the answer is A.

A. Physically securing access points such as wireless routers, as well as preventing theft, addresses the risk of malicious parties tampering with device settings. If access points can be physically reached, it is often a simple matter to restore weak default passwords and encryption keys, or to totally remove authentication and encryption from the network.

B. Service set identifiers (SSIDs) should not be used to identify the organization because hackers can associate the wireless local area network (WLAN) with a known organization and this increases both their motivation to attack and, potentially, the information available to do so.

C. The original Wired Equivalent Privacy (WEP) security mechanism has been demonstrated to have a number of exploitable weaknesses. The more recently developed Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access 2 (WPA2) standards represent considerably more secure means of authentication and encryption.

D. Installing Simple Network Management Protocol (SNMP) on wireless access points can actually open up security vulnerabilities. If SNMP is required at all, then SNMP v3, which has stronger authentication mechanisms than earlier versions, should be deployed.

You are correct, the answer is C.

A. Requiring application users to maintain another password may not be popular. A more fundamental reason is that many cloud service providers expose their services via application programming interfaces (APIs). These APIs are designed to accept tokens, not passwords. Ideally, they use an open standard such as Security Assertion Markup Language (SAML) or WS-Federation for exchanging authentication and authorization information. An authentication scheme needs to take into account the type of application users—organization employees, employees of partner organizations, customers or a combination of user types. Additionally, the increasing trend is for web applications to be accessible by multiple device types. Therefore, the organization may need to employ a "bring your own identity" scheme of authentication. An appropriate mechanism (such as a security token, smart card, one-time password via short message service [SMS] or telephone) based on assessed risk should be used to confirm user identity.

B. In a platform as a service (PaaS) cloud computing model, network security remains the responsibility of the cloud service provider. Because multiple tenants use the cloud service provider's infrastructure, insisting on a specific firewall configuration is not practical, although it may be possible to agree to some arrangements when negotiating the service contract. The "deperimeterized" nature of cloud computing enhances the need for strong application security controls to be designed, tested and implemented.

C. With cloud computing, an application does not run on an organization's trusted environment. Instead, it runs on infrastructure shared by other tenants and administered by people not employed by the organization. Therefore, depending on the nature of the data, there may be a greater need to rely on encryption to protect privacy. This may apply not just to data when they are stored in the cloud but also during transmission. However, careful consideration must be given to the nature of the data to understand what degree of protection is needed. Using encryption can increase complexity and have performance implications. The possibility of using compensating controls (e.g., protecting stored data through database access controls, should also be considered).

D. In a PaaS cloud computing model, the service provider supplies the computing infrastructure and development frameworks. While requirements for basic infrastructure security can be discussed and possibly included as contract terms, responsibility for building a secure application rests with the customer organization. Given that cloud computing enhances some threats present with traditional in-house hosted systems as well as introducing some new threats, it is particularly important that application security controls be given strong focus during application development.

You answered A. The correct answer is D.

A. If web browser cookies are not automatically deleted, it might be possible to determine the web sites that a user has accessed. However, if sessions do not time out, it is easier for identity theft to occur.

B. If the PC is not configured properly and does not have antivirus software installed, there could be a risk of virus or malware infection. This could cause identity theft. However, if sessions do not time out, it is easier for identity theft to occur.

C. If system updates have not been applied, there could be a greater risk of virus or malware infection. This could cause identity theft. However, if sessions do not time out, it is easier for identity theft to occur.

D. If an authenticated session is inactive and unattended, it can be hijacked and used for illegal purposes. It might then be difficult to establish the intruder because a legitimate session was used.

You are correct, the answer is D.

A. Incident response plans generally deal with a wide range of possible issues, but are not a replacement for a DRP or business continuity plan (BCP). The primary focus of a DRP, not the incident response plan, is to restore IT systems to a working state.

B. An effective incident response plan could minimize damage to the organization, which minimizes costs, but the main purpose of the incident response plan is to minimize damage. Possible damage could include nonfinancial metrics, such as damage to a company's reputation.

C. While an incident response plan includes elements such as when and how to contact customers about a significant incident, the primary purpose of the plan is to minimize the impact.

D. An incident response plan helps minimize the impact of an incident because it provides a controlled response to incidents. The phases of the plan include planning, detection, evaluation, containment, eradication, escalation, response, recovery, reporting, postincident review and a review of lessons learned.

You are correct, the answer is B.

A. Impact is the measure of the consequence (including financial loss, reputational damage, loss of customer confidence) that a threat event may have.

B. The lack of adequate controls represents a vulnerability, exposing sensitive information and data to the risk of malicious damage, attack or unauthorized access by hackers, employee error, environmental threat or equipment failure. This could result in a loss of sensitive information, financial loss, legal penalties or other losses.

C. An asset is something of either tangible or intangible value worth protecting, including people, systems, infrastructure, finances and reputation.

D. A threat is a potential cause of an unwanted incident.

You answered C. The correct answer is A.

A. Disk-to-disk backup, also called disk-to-disk-to-tape backup or tape cache, is when the primary backup is written to disk instead of tape. That backup can then be copied, cloned or migrated to tape at a later time (hence the term "disk-to-disk-to-tape"). This technology allows the backup of data to be performed without impacting system performance and allows a large quantity of data to be backed up in a very short backup window. In case of a failure, the fault-tolerant system can transfer immediately to the other disk set.

B. While a backup strategy involving tape drives is valid, because many computer systems must be taken offline so that backups can be performed, there is the need to create a backup window, typically during each night. For a system that must remain online at all times, the only feasible way to back up the data is to either duplicate the data to a server that gets backed up to tape, or deploy a disk-to-disk solution, which is effectively the same thing.

C. While creating a duplicate storage area network (SAN) and replicating the data to a second SAN provides some redundancy and data protection, this is not really a backup solution. If the two systems are at the same site, there is a risk that an incident such as a fire or flood in the data center could lead to data loss.

D. While creating an identical server and storage infrastructure at a hot site provides a great deal of redundancy, there is still the need to create a backup of the data, and typically there is the need to archive certain data for long-term storage. A cutover to a hot site cannot usually be performed in a short enough time for a continuous availability system. Therefore, this is not the best strategy.