When securing the modern enterprise, consider that IT systems do not operate alo

Question

When securing the modern enterprise, consider that IT systems do not operate alone. Securing them involves securing their interfaces with other systems as well. It is important to know the different interconnections each system may have.

Fill out the following table for four different IT systems.

         Note two enterprise systems they connect with and their connection type.

         Note two security vulnerabilities the connection may have and 2 to 4 ways each vulnerability could be potentially exploited.

Some Comments:

An example row has been entered into the table. This is only an example and should not limit what you do.

Keep in mind that enterprise systems cover a certain task in the enterprise (HR, CRM, Identity Management, etc.). They are not the components of a system (such as servers).

Connections can often be a direct connection/pipe, a file, a common database or something else.

The vulnerability is what would make the connection vulnerable to an attack.

The related risk is an attack that could target the weakness.

Student Name: ________________________

IT System

Target System

Connection Type

Possible Security Vulnerability

Related Risk

EXAMPLE

HR System

Identity Management System

Feeder File

File could be modified.

User rights might not be correctly updated.

1.

2.

1.

2.

1.

2.

1.

2.

3.

4.

IT System

Target System

Connection Type

Possible Security Vulnerability

Related Risk

EXAMPLE

HR System

Identity Management System

Feeder File

File could be modified.

User rights might not be correctly updated.

1.

2.

1.

2.

1.

2.

1.

2.

3.

4.

Explanation / Answer

Target System

EXAMPLE

HR System

1. Supply management chain

2. enterprise resource planning

1. File

2. Common networks

1. theft

2. Hacking

1. Distrust

2. unable to perform operation reviews

1.enterprise resource planning

2.supply chain management

1. integrated network

2. files

1. Attacks from other enterprise

1. Accounts fraud can occur

2 mismanagement

3. supply chain performance

1. supply chain information Management systems

2. information resource
planning systems

1. Common Customer Database

1. Improper management change

1. may lead to wrong decisions

2. disruptions due to man-made disaster

enterprise
information systems

1. systems information module

2. Management information system

1. information module

1. unauthorized data access

2. management theft

1. Loss in information

2. cycle risks

IT System

Target System

Connection Type Possible Security Vulnerability Related Risk

EXAMPLE

HR System

Identity Management System Feeder File File could be modified. User rights might not be correctly updated. Suppy chain Systems

1. Supply management chain

2. enterprise resource planning

1. File

2. Common networks

1. theft

2. Hacking

1. Distrust

2. unable to perform operation reviews

Accounting system

1.enterprise resource planning

2.supply chain management

1. integrated network

2. files

1. Attacks from other enterprise

1. Accounts fraud can occur

2 mismanagement

3. supply chain performance

Administration and Management

1. supply chain information Management systems

2. information resource
planning systems

1. Common Customer Database

1. Improper management change

1. may lead to wrong decisions

2. disruptions due to man-made disaster

enterprise
information systems

1. systems information module

2. Management information system

1. information module

1. unauthorized data access

2. management theft

1. Loss in information

2. cycle risks

Related Questions

Navigate

• Browse (All)
• Browse W
• Subjects

---

---

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.