NAME: HASNIAH A.

AKMAD
COURSE AND YEAR: BSA 3
STUDENT ID NUMBER: 18100075
SUBJECT: AUDIT IN A CIS ENVIRONMENT
CLASS SCHEDULE: TTH 7:30AM TO 9:00AM
SEMESTER/A.Y.: 2021-2022

CLASSWORK: ACCTG. 324N: 3T_AS1

General Instruction: Given the tasks below, you are to work with each requirement. Write
the task and your answer in word document and save as a pdf copy, name the files as
SURNAMEACCTG. 324N: 3T_AS1.

On submission, for file document, attach/add as attachment to file submission and for online
text, add the file to your own Google Drive, share the link to anyone and add the link to the
online text.

TASK 1:Give what is required in each of the statements below.

1. Categorize each of the following as either an equipment failure control or an unauthorized
access control. (1 POINT)
A. Message authentication
B. Parity check
C. Call-back device
D. Echo check
E. Line error
F. Data encryption
Answer:

a. unauthorized access control

b. equipment failure control
c. unauthorized access control
d. equipment failure control
e. equipment failure control
f. unauthorized access control

2. Distinguish between a network-level firewall and an application-level firewall. (5 POINT)

Answer: In a technical sense, the difference between application-level firewalls and network-
level firewalls is the layers of security they operate on. While web application firewalls operate
on layer 7 (applications), network firewalls operate on layers 3 and 4 (data transfer and
network). WAFs are focused on protecting applications, while network firewalls are more
concerned with traffic into and out of your broader network. Network firewalls were traditionally
the main digital protection for businesses. They excel at protecting against network-wide attacks
that can attack connected devices and infiltrate systems via LAN. If you provide an internet
connection at any business location, a network firewall is still a must-have.
TASK 2: Discussion. Read and understand the situation in each independent scenario.
Listed here are five scenarios relating to Preventive Controls. For each scenario, discuss the
possible damages that can occur. Suggest preventive control. (3 POINT)

A. An intruder taps into a telecommunications device and retrieves the identifying codes and
personal identification numbers for ATM cardholders. (The user subsequently codes this
information onto a magnetic coding device and places this strip on a piece of cardboard.)

Answer: The possible damage is that, he/she may use this data to withdraw money from the
cardholder account using codes and PINs but through encryption, data can store in a solid
encryption format with digital signatures and a different combination of encryption algorithms.

B. Because of occasional noise on a transmission line, electronic messages received are

extremely garbled.

Answer: Whenever data is transmitted through secure communication channels, there may be
a line distortion caused by signal noise. It can be due to weather conditions, faulty cables, and
electrical components. If the audio level is too high, it will lead to data garbling, leading to more
data retrieval. Through equity check, it finds errors in a secure communication line. A measure
bit is an additional component added to the end of a binary coin unit to make it unique or
identical before being transferred to a secure network. On the recipient side, the balance
checker will check the additional bits attached to the character's unit to check the message's
authenticity.
C. Because of occasional noise on a transmission line, data being transferred is lost or garbled.

Answer: Transmission data via communication cables may be distorted or lost due to audio.
Through Message Verification, it verifies a message that comes from unauthorized access to
data and ensures data integrity and security. In the encryption process and remove encryption,
the message authorizes to ensure that the transmission is not interrupted and comes from a
trusted source.

D. An intruder is temporarily delaying important strategic messages over the

telecommunications lines.

Answer: Delay of strategic messages on social media can lead to an organization in not
receiving all the sensitive messages it needs simultaneously, and it could lead to system-wide
delays, thus leading to system failure but using request response method, it prevents
unnecessary delays of data over communication lines by a hacker because this is the process
of periodically sending control messages to both sender and recipient with a specific pattern
until the message reaches your destination. It prevents hackers from accessing the message.

E. An intruder is altering electronic messages before the user receives them.

Answer: Unauthorized or illegal access to confidential data while communicating through

communication lines leads to various security and integrity risks such as an internet hacker can
disrupt the original data leading to data corruption. It can be prevented by many controls which
can protect the integrity of the data, thus not allowing a criminal or a criminal to distort the actual
message by using solid data encryption with digital signature
TASK 3: Discussion. Read and understand the situation in each independent scenario.
Listed here are five scenarios relating to Operating System Exposures and Controls. For each
scenario, discuss the potential consequences and give a prevention technique. (3 POINT)

A. The systems operator opened a bag of burned microwave popcorn directly under a smoke
detector in the computing room where two mainframes, three high-speed printers, and
approximately 40 tapes are housed. The extremely sensitive smoke detector triggered the
sprinkler system. Three minutes passed before the sprinklers could be turned off.

Answer: There are two potential consequences of what the system operator has done.
First, the data file may have been lost. Second, the sprinklers that were triggered
by the burning bag of popcorn may have caused damage to mainframes and
High-speed printers. The recommended prevention technique that the system
operators do must use necessary precautions to avoid accidents in their
operations. Additionally, maintain a strict no-food policy in the computer room.

B. A system programmer intentionally placed an error into a program that causes the operating
system to fail and dump certain confidential information to disks and printers.

Answer: Based on the scenario, the potential consequences of the system programmer done
are, if the operating system continues to fail, a denial of service will happen which is the
shutdown of the network. The fundamental goals of information may be lost such as
confidentiality, availability, and integrity. Additionally theft of personal
information will occur The recommend prevention technique will be the
programmers should no longer be able to access the software or the system and
they need to improve their access control management.

C. Jane’s employer told her she would be laid off in 3 weeks. After 2 weeks, Jane realized that
finding another secretarial job was going to be very tough. She became bitter. Her son told her
about a virus that had infected his school’s computers and that one of his disks had been
infected. Jane took the infected disk to work and copied it onto the network server, which is
connected to the company’s mainframe. One month later, the company realized that some data
and application programs had been destroyed.

Answer: there is possible damage which is the spread of virus that results to disruption of
normal processing of the company’s network server and mainframe, probable loss of data files,
employee betrayal will exist, sabotage occurs, destruction of data and application programs. It
can be prevented by strengthening their access control management and must impose an
effective and efficient Operating System Security.
TASK 4: Encryption.(5 POINTS)
The coded message that follows is an encrypted message from Brutus to the Roman Senate. It
was produced using the Caesar cipher method, in which each letter is shifted by a fixed number
of places (determined by the key-value).

OHWV GR MXOLXV RQ PRQGDB PDUFK 48 GUHVV: WRJD FDVXDO (EBRG)

Required: Determine the key used to produce the coded message and decode it.
Answer: