MGMT 107 | MoulikGroup Assignment #3
Group 24
31th August, 2022
Question 1:
Consider the categories of threat in Figure 10-3. Describe the three most serious threats to
each of the following businesses:
1. A neighborhood accounting firm
a. Phishing can result in organizational and customer data to be stolen and used for
malicious activity. Customer information can be stolen and taken advantage of,
disrupting the lives of many.
b. DoS attacks can lead to a compromised system. This can in turn disrupt normal
operations that an accounting firm needs to function properly.
c. Procedural mistakes in human error within an accounting firm can create errors in the
system. Because there are multiple employees working at a time, it would be difficult to
MGMT 107 | Moulik
constantly monitor suspicious activity. Working at an accounting firm can also mean that
they as a company may not feel the need to prioritize and update their computational
systems.
2. A Dentist’s office
a. Computer crimes such as hacking can lead to a threat to customer’s/patient’s healthcare
and personal data, leading to unauthorized loss of data.
b. Faulty service and procedural mistakes can ruin the reputation and cause loss of trust of
patients in this dentist.
c. Denial of Service by malware attacks or human error can lead to service interruption or
even denial of service to the patients. This leads to bad patient experience and
ultimately loss of business.
3. A Honda dealership
a. Human Error such as procedural mistakes can cause incorrect services or payments
which can lead to bad customer experience and harm the reputation of the Honda
dealership.
b. Computer Crimes such as hacking can compromise the personal and financial
information of the employees and customers, as well as important information of the
organization.
c. Natural Disasters can lead to property loss of the Honda dealership and also the loss of
customer data, both leading to delays to the services for its customers due to
recollection of data and physical assets.
Question 2:
Describe a potential technical safeguard for each of the threats you identified in your answer
to question 1.
A technical safeguard that can protect the threats we identified is ensuring that these
companies have malware protection. Malware systems can run frequent scans, make sure that
only secure email attachments can be received, and install updates to the software.
In the case of the accounting firm, having malware protection can ensure that emails
that are received are secure since there is frequent activity over computers. Having updated
softwares can secure the information of the firm’s customers, making sure that their personal
information cannot be hacked. Updating softwares also benefits the dentist’s office as well as
the Honda dealership because much of their customer and company information and services
are stored in software. Frequent scans for suspicious activity can allow these companies to
make informed decisions on what actions to take when the time comes.
Question 3:
Describe a potential data safeguard for each of the threats you identified in your answer to
question 1. If no data safeguard is appropriate to a business, explain why.
MGMT 107 | Moulik
Data Safeguarding would require defining the data policies, data rights and responsibilities
clearly and ethical handling of data and privacy. There must be rights enforced to different users
of the organizations to access different degrees of data and not everyone should have access to
all the data of the organization. This can be enforced by user accounts and passwords and
inbuilt restriction to every user’s account. Data encryption and decryption can help when the
data is being communicated from one place to another. In addition to all these, keeping data
backup and recovery procedures can help in case of data loss due to natural disasters or theft as
it will save the organization from losing it’s important data which otherwise can bring the
business to halt.
Neighborhood accounting firm: An accounting firm can enforce data usage rights safely to their
employees with the use of use accounts and passwords so as to not give everyone access to all the data
so as to not cause procedural error by employees.
A Dentist’s office: Data encryption and administering the data security from time to time can help
reduce the risk of unauthorized loss of data and computer crimes.
A Honda dealership: Data backup and recovery procedures can save the dealership from the hassle of
recollecting and processing the customer data in case of any natural disaster or data loss in anyway.
Enfrocing user rights might reduce procedural mistakes as certain users will have access to certain data
and thus would be in complete charge of it.
Question 4:
Describe a potential human safeguard for each of the threats you identified in your answer to
question 1.
A potential human safeguard for each of the threats identified in question 1 is to require
appropriate screening and security trainings as well as periodic training for employees to make
sure the employees know what they should be doing without causing an error in the system and
how to manage their time to appropriately monitor suspicious activity, the threat identified for
the neighborhood accounting firm, and how to better serve the customers, the threat identified
for the Dentist’s office and Honda dealership.
Question 5:
Describe how each of the businesses in question 1 should prepare for security incidents.
(ideas)
– Training (have new staff sign off on acknowledgement of security systems and training,
have yearly employee training for system updates )
– Hiring professional computer programmers to update software (performing screenings)
– Have employees authenticate before signing in to company computer systems
–
MGMT 107 | Moulik
Question 6:
How likely are the threats you identified in question 1? If you owned these businesses, which
of the items you described in questions 2 through 5 would you implement?
Question 7:
1. Explain why Moore’s Law makes it increasingly more important to create strong
passwords.
Moore’s Law explains how technology improves at an alarming rate, which can be
concerning to both large and small companies. Moore’s Law makes it increasingly more
important to create strong passwords in order to prevent the “bad guys” from seeking
vulnerabilities in a system and compromising it, gaining access to important data that can in
turn affect the company, their employees, and its users. The increasing knowledge from
technology provokes the “bad guys” to compromise companies that are seen as vulnerable.
Since technology is improving everyday, it is important to ensure that our security systems and
passwords are strong, and constantly being updated as technology advances, making it harder
for the “bad guys” to find vulnerabilities and break through the safeguards.
2. Do you agree that Moore’s Law is helping the “bad guys” more than the “good guys”?
Why or why not? Use evidence in this case, knowledge from this chapter, and your
own experience in your answer.
I agree that Moore’s Law is helping the “good guys” more than the “bad guys” as
spending up the CPU will help to warn the “good guys” to keep up to date with the newest data
safeguards. Some safeguards that can be utilized include; updating proper identification and
authentication, encryption, building firewalls or multiple firewalls, malware protection, other
designs of secure applications, and set secure passwords, making it harder for the “bad guys” to
break into the systems and obtain personal and organizational information. In this case, Moore’
Law is helping the “good guys” realize that in a fast improving technological world, it is essential
to keep up with and constantly updating the safeguards in order to keep their data safe. From
the lecture of this chapter, we know that you cannot prevent a professional hacker, who is
highly skilled, from breaking through, but with the fast rate of improving technology from
Moore’s Law, it is possible to improve data safeguards and slow the professional hackers down
as much as possible with the fast improving technology and make it increasingly difficult for
hackers to break through, giving the individual and organization more time to take appropriate
actions. A great tool mentioned in the lecture is Honeypots, a parallel network which looks and
feels like the authentic network to let the “good guys” know the behaviors of the “bad guys.”
With the fast technological improvements, Honeypots can potentially record the behaviors of
the “bad guys” trying to break through the safeguards and gather more information about the
behaviors which can help improve the safeguards to be aware and better prepare for similar
behaviors in the future. An experience of Moore’s Law is helping the “good guys” more than the
MGMT 107 | Moulik
“bad guys” is that I had a anti-virus application on my PC and after each update, it would always
detect some virus that it wasn’t able to detect before the update, which makes my PC more
secure.