Ellen 84 Which preventive, detective, and/or corrective controls would best mitigate the follow- ing threats? a. An employee's laptop was stolen at the airport. The laptop contained personal in- formation about the company's customers that could potentially be used to commit identity theft. b. A salesperson successfully logged into the payroll system by guessing the payroll supervisor's password. c. A criminal remotely accessed a sensitive database using the authentication credentials (user ID and strong password) of an IT manager. At the time the attack occurred, the IT manager was logged into the system at his workstation at company headquarters. TROL AND AUDIT OF ACCOUNTING INFORMATION SYSTEMS boss informing her og kembedded in the end d. An employee received an e-mail purporting to be from her boss informing important new attendance policy. When she clicked on a link embedded in to view the new policy, she infected her laptop with a keystroke logger. e. A company's programming staff wrote custom code for the shopping cart on its website. The code contained a buffer overflow vulnerability that could be ploited when the customer typed in the ship-to address. f. A company purchased the leading "off-the-shelf" e-commerce software for linking its electronic storefront to its inventory database. A customer discovered a way directly access the back-end database by entering appropriate SQL code. g. Attackers broke into the company's information system through a wireless acces point located in one of its retail stores. The wireless access point had been purchased and installed by the store manager without informing central IT or security. h. An employee picked up a USB drive in the parking lot and plugged it into his lapu to see what was on it." As a result, a keystroke logger was installed on that laptop i. Once an attack on the company's website was discovered, it took more than 30 m utes to determine who to contact to initiate response actions. j. To facilitate working from home, an employee installed a modem on his on that modem. 8.8 station. An attacker successfully penetrated the company's system by system by dialing in k. An attacker gained access to the company's internal network by installing access point in a wiring closet located next to the elevators on the fourth high-rise office building that the company shared with seven other com What are the advantages and disadyang installing a wireles the fourth floor of mer companies lance 8.5