Question 1 For each of the following mini-cases, you are required to recommend one control plan and explain how your recommended control plan mitigates or solves the mini-case problems. Write your answer in the table provided. Required: a) Sylvain Sdn Bhd is a large retail company that has various stores in South East Asia. Sylvain has invested heavily into different AIS systems. Last year Sylvain spent about $10 million on dashboard system and business intelligence system alone. Sylvain had no idea how effective or efficient their IT governance was. Sylvain is unsure how well their IT investments are performing or how well they are linked with strategy. (7 marks) Answer Mark Control Plan Explanation of how the control plan mitigates this mini-case problem b) There was ransomware that infected and auto-encrypted Gaslight Bhd's files. Gaslight is an oil and gas company in Malaysia. The ransomware uses the strongest encryption technology known as AES-256 that has a key length of 256 bits. This encryption is practically unbreakable by the current state of the art computing power. It is unclear how Gaslight Als got infected in the first place. Gaslight staff had to recover from the system backup. However, the system backup was done a week ago. Unfortunately, the backup file also contains the ransomware. What should Gaslight have previously done to prevent these problems from happening in the first place? (7 marks) Page 3 of 11 Mark Answer Control Plan Explanation of how the control plan mitigates this mini-case problem c) A hacker bypassed Archie company's firewall and copied the company industrial design of its microchip technology. The hacker then sold off the industrial design to Archie's competitors. (7 marks) Answer Mark Control Plan Explanation of how the control plan mitigates this mini-case problem d) ABC is a long time customer of XYZ company. A hacker creates a digital purchase order from ABC. The digital purchase order has been tampered with, and the address was changed to the hacker's address. (7 marks) Answer Mark Control Plan Explanation of how the control plan mitigates this mini-case problem Question 1 For each of the following mini-cases, you are required to recommend one control plan and explain how your recommended control plan mitigates or solves the mini-case problems. Write your answer in the table provided. Required: a) Sylvain Sdn Bhd is a large retail company that has various stores in South East Asia. Sylvain has invested heavily into different AIS systems. Last year Sylvain spent about $10 million on dashboard system and business intelligence system alone. Sylvain had no idea how effective or efficient their IT governance was. Sylvain is unsure how well their IT investments are performing or how well they are linked with strategy. (7 marks) Answer Mark Control Plan Explanation of how the control plan mitigates this mini-case problem b) There was ransomware that infected and auto-encrypted Gaslight Bhd's files. Gaslight is an oil and gas company in Malaysia. The ransomware uses the strongest encryption technology known as AES-256 that has a key length of 256 bits. This encryption is practically unbreakable by the current state of the art computing power. It is unclear how Gaslight Als got infected in the first place. Gaslight staff had to recover from the system backup. However, the system backup was done a week ago. Unfortunately, the backup file also contains the ransomware. What should Gaslight have previously done to prevent these problems from happening in the first place? (7 marks) Page 3 of 11 Mark Answer Control Plan Explanation of how the control plan mitigates this mini-case problem c) A hacker bypassed Archie company's firewall and copied the company industrial design of its microchip technology. The hacker then sold off the industrial design to Archie's competitors. (7 marks) Answer Mark Control Plan Explanation of how the control plan mitigates this mini-case problem d) ABC is a long time customer of XYZ company. A hacker creates a digital purchase order from ABC. The digital purchase order has been tampered with, and the address was changed to the hacker's address. (7 marks) Answer Mark Control Plan Explanation of how the control plan mitigates this mini-case