| A
survey of your firm's information technology infrastructure has
produced the following security analysis statistics:
Security Vulnerabilities by Type of Computing Platform
| Platform |
Number of Computers |
High Risk |
Medium Risk |
Low Risk |
TotalVulnerabilities |
| Windows Server 2003 (corporate applications) |
1 |
11 |
37 |
19 |
|
| Windows XP Professional (high-level
administrators) |
3 |
56 |
242 |
87 |
|
| Linux (e-mail and printing services) |
1 |
3 |
154 |
98 |
|
| Sun Solaris (Unix) (E-commerce and Web servers) |
2 |
12 |
299 |
78 |
|
| Windows XP Professional User desktops and laptops with
office productivity tools that can also be linked to the
corporate network running corporate applications and
intranet |
195 |
14 |
16 |
1237 |
|
High risk vulnerabilities include non-authorized users
accessing applications, guessable passwords, user name matching the
password, active user accounts with missing passwords, and the
existence of unauthorized programs in application systems.
Medium risk vulnerabilities include the ability of users to shut
down the system without being logged on, passwords and screen saver
settings that were not established for PCs, and outdated versions of
software still being stored on hard drives.
Low risk vulnerabilities include the inability of users to change
their passwords, user passwords that have not been changed
periodically, and passwords that were smaller than the minimum size
specified by the company.
- Calculate the total number of vulnerabilities for each
platform. What is the potential impact of the security problems
for each computing platform on the organization?
- If you only have one information systems specialist in charge
of security, which platforms should you address first in trying to
eliminate these vulnerabilities? Second? Third? Last? Why?
- Identify the types of control problems illustrated by these
vulnerabilities and explain the measures that should be taken to
solve them.
- What does your firm risk by ignoring the security
vulnerabilities identified?
| 