In an anonymous call to the CFO, someone claims to have access to customer infor

Question

In an anonymous call to the CFO, someone claims to have access to customer information

leaked from the enterprise systems, and substantiates it with a fax containing sensitive information

(names, account managers, etc.). • Analyse the security risks. • Recommend some good practices to

better mitigate the risks. 2. You are informed that the breach occurred at the third party and are given a

copy of the current (short and inadequate) SLA. The data leaked because the third party used live

customer data during acceptance tests of the second phase on an insecure web server installation. •

Define what management should have put into the SLA relative to security. • What do you think actually

happened to allow these data to get into the public domain?

Explanation / Answer

Ans::

-->Since the 'reason' behind the -leaked as been discovred and points to the third_party provider and their testing on unsecure-web_server., management would allow the 'provider' to create 'fake' accounts to test on & will send an audit yet as a security_representative to confiirm that 'live_accounts' aren't being utilize throughout testing of every_phases.

-->This in all probability_occurred because of the lack of proper shut_down of system & audit_observation of the employees.

Related Questions

Navigate

• Browse (All)
• Browse I
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.