Answered step by step
Verified Expert Solution
Link Copied!

Question

1 Approved Answer

Need this asap please :( YG Entertainment (YGE) is a company dedicated to producing and distributing video clips specializing in hip-hop music. Born in the

image text in transcribedNeed this asap please :(

YG Entertainment (YGE) is a company dedicated to producing and distributing video clips specializing in hip-hop music. Born in the internet era, the company has actively supported laptops and tablets, so staff can easily work remotely. They can access the company databases through the internet and provide online information to customers. This decision to support remote work has increased productivity and high morale among employees who were allowed to work up to two (2) days a week from home. Based on written procedures and a training course, employees learn security procedures to avoid the risk of unauthorized access to company data. Employees' access to the company data includes using log-on IDs and passwords to the application server through a virtual private network (VPN). Initial passwords are assigned by the security administrator. When the employee logs on for the first time, the system forces a password change to improve confidentiality. Management is currently considering ways to improve security protection for remote access by employees. YGE ask its information system (IS) auditor to review its new VPN implementation to accommodate the increase in remote work. The auditor discovers that the organization needed to enable remote access to one of its servers for remote maintenance purposes. The firewall policy did not allow any external access to the internal systems. Therefore, it was decided to install a modem on that server and activate the remote access service to permit dial-up access. To mitigate any vulnerabilities associated with dial-up modems, a policy has been implemented to manually power the modem only when the third party requests access to the server and is powered off by the company's system administrator when the access is no longer needed. Because more and more systems are being maintained remotely, the company asks an IS auditor to evaluate the current risk of the existing solution and propose the best strategy for addressing future connectivity requirements. Required: a. When an employee notifies the company that he/she has forgotten his/her password, what should be done FIRST by the security administrator? b. What is the MOST significant risk that the IS auditor should evaluate regarding the existing remote access practice? C. What control may be implemented to prevent an attack on the internal network initiated through an internet VPN connection? d. What test is MOST important for the IS auditor to perform as part of the review of dial-up access controls

Step by Step Solution

There are 3 Steps involved in it

Step: 1

blur-text-image

Get Instant Access to Expert-Tailored Solutions

See step-by-step solutions with expert insights and AI powered tools for academic success

Step: 2

blur-text-image

Step: 3

blur-text-image

Ace Your Homework with AI

Get the answers you need in no time with our AI-driven, step-by-step assistance

Get Started

Recommended Textbook for

Risky Business Principles Of Auditing Property And Casualty Insurance

Authors: Seth A. Davis, CIA, CPA, CPCU, CFA, CISA

1st Edition

0894139711, 978-0894139710

More Books

Students also viewed these Accounting questions

Question

2. DO change any clerical or calculation errors.

Answered: 1 week ago

Question

Organizing Your Speech Points

Answered: 1 week ago