BureauQuery Inc (BQI) is a credit bureau It maintains and updates online credit history and information on all Canadian consumers with a credit rating To manage credit risk in the lending process, government registered financial institutions pay BQI a monthly fee to access and search its online databases, or pay BQI a fee on a search by search basis BQI has the following security measures in place Only pre screened, bonded, authorized IT staff have access to the online credit history and information Government registered financial institutions submit a request for a BQI user account on the BQI website After providing a business number, business name, address, and telephone number, the website immediately generates a username and indicates that a secure random password generating device will be mailed within three business days While the device is being shipped, a temporary password is provided for the institution to complete any required credit searches until its secure random password generating device is received and activated i) Which of the following is the most critical risk that BQI is exposed to because of its specific e commerce setup a) A random password generating device is mailed to a potential user b) There is inadequate screening on initial registration to determine whether a financial institution is legitimate c) A temporary password issued on a clients password screen can be hacked and viewed by anyone if the client has inadequate internet security d) The industry in which BQI operates is a target for hackers ii) Which of the following is the best specific security measure to help ensure that unauthorized individuals are unable to access the site a) Keep a log of all the users who have accessed the site and compare it to a list of authorized individuals b) Issue separate usernames and secure random password generating devices for every management approved individual operating under a user account, rather than issuing them on an organization wide basis c) Require all clients to pass an internet security test prior to accepting them as clients, and monitor their systems on an ongoing basis d) Require management to sign an annual representation letter attesting to the quality of their information system security

The Answer is in the image, click to view ...

Answered step by step

Verified Expert Solution

Link Copied!

Question

1 Approved Answer

Posted on Sep 14, 2024

BureauQuery Inc. (BQI) is a credit bureau. It maintains and updates online credit history and information on all Canadian consumers with a credit rating. To manage credit risk in the lending process, government-registered financial institutions pay BQI a monthly fee to access and search its online databases, or pay BQI a fee on a search-by-search basis.

BQI has the following security measures in place:

Only pre-screened, bonded, authorized IT staff have access to the online credit history and information.
Government-registered financial institutions submit a request for a BQI user account on the BQI website.
After providing a business number, business name, address, and telephone number, the website immediately generates a username and indicates that a secure random password generating device will be mailed within three business days.
While the device is being shipped, a temporary password is provided for the institution to complete any required credit searches until its secure random password generating device is received and activated.

i) Which of the following is the most critical risk that BQI is exposed to because of its specific e-commerce setup?

a)	A random password generating device is mailed to a potential user.
b)	There is inadequate screening on initial registration to determine whether a financial institution is legitimate.
c)	A temporary password issued on a clients password screen can be hacked and viewed by anyone if the client has inadequate internet security.
d)	The industry in which BQI operates is a target for hackers.

ii) Which of the following is the best specific security measure to help ensure that unauthorized individuals are unable to access the site?

a)	Keep a log of all the users who have accessed the site and compare it to a list of authorized individuals.
b)	Issue separate usernames and secure random password generating devices for every management-approved individual operating under a user account, rather than issuing them on an organization-wide basis.
c)	Require all clients to pass an internet security test prior to accepting them as clients, and monitor their systems on an ongoing basis.
d)	Require management to sign an annual representation letter attesting to the quality of their information system security.