Q 1
Mary had not accessed the Payroll application in the last month. This is because her accessing the system after a long while gives room for suspicion as to why she would chose to access the payroll system after a long period of not ever using it.
Q 2
The files and directories are accessible only for user who created them. This is because the option in the directory allows for one to only write information onto another file within the system.
Q 3
Password shall be echoed on the screen when a user logs in to the system and Password shall be no more than 10 characters made of only alphabets and not case sensitive. These are of great concern since passwords should be secret and memorized instead of being echoed since one can hear and memorize some else’s password. Additionally, passwords should be heavily encrypted with case sensitive characters and including special characters and numbers.
Q 4
The use of Certificates for web server security is applicable. The use of secured sockets that use certificates to identify individual hosts or nodes within the network aid in enhancing appropriate security for example sing the SSL encryption services for data protection in online transit.
Q 5
The interpretation to be made by John is that the company does not practice a viable way of protecting vital information and data regarded for their clients and various users within the organization. The data is very much susceptible to attacks from malicious hacker and it is highly recommended for file transmission services to be implemented and executes, e.g. SSL for FTP.
Q 6
System should be classified for the update command on the database since there is the need for system consistency and accuracy in data privileged permission assignment for each user within the system.
Q 7
Maintaining databases is not a very much significant responsibility for the system administrator since they are mainly responsible with the core necessities of the database management. Maintaining databases, data storage, saving and backing up are responsibilities assignable to other employees who use the system virtually.
Q 8
Q 9
Dual control principle is the violation made on the system by the individual. This is because they are performing a repeat of commands that had already been configured, saved and installed on the system by John.
Q 10
It is true that CoBIT represents a generally applicable and internationally accepted standard of good practice for IT controls. It provides major frameworks, standards and resources for business for the governance and management of enterprise IT.
Q 11
The Enterprise risk management is procedure or action plan implemented by the business to includes the approaches and procedures utilized by administrations to accomplish risks and grab opportunities linked to the accomplishment of their goals. ERM provides a framework for risk management, which characteristically contains classifying specific happenings or conditions pertinent to the administration's goals, opportunities and risks, evaluating them in terms of probability and extent of influence, defining a comeback plan, and observing development. This is achieved through the process of planning, organizing, leading, and controlling the activities of an organization.
