Gracella Irwana Chapter 11 SIA 2

Tugas Mandiri
Sistem Informasi Akuntansi 2

Sabtu 07:30 – 10:00
Kelas E
NIM: 202050419
Nama: Gracella Irwana
Jurusan Akuntansi
Trisakti School of Management
Jakarta
2022
This study source was downloaded by 100000864634417 from CourseHero.com on 05-07-2023 02:31:30 GMT -05:00
https://www.coursehero.com/file/143229618/202050419-Gracella-Irwana-Chapter-11-SIA-2docx/
QUESTIONS
Problem 11.3
The following table lists the tasks that an employee is required to perform:
Employee Tasks
Gerald Check network logs of employee logins to determine who
logged in remotely over the weekend
Malusi Maintain supplier information
Wande  Update regulatory tax changes
 Add new employees
Olwethu Check supplier payment terms
Samjay Update reorder levels when new products are added to
the stock list
REQUIRED
Use the following codes to complete the access control matrix so that each employee will
have the appropriate rights and privileges to perform their tasks:
0 = no access
1 = read only access
2 = read and modify records
3 = read, modify, create, and delete records.
Problem 11.4
Which preventive, detective, and/or corrective controls would best mitigate the following
threats?
a) An employee’s laptop was stolen at the airport. The laptop contained personal
information about the company’s customers that could potentially be used to commit
identity theft.
b) A salesperson successfully logged into the payroll system by guessing the payroll
supervisor’s password
c) A criminal remotely accessed a sensitive database using the authentication credentials
(user ID and strong password) of an IT manager. At the time the attack occurred, the
IT manager was logged into the system at his workstation at company headquarters.
d) An employee received an e-mail purporting to be from her boss informing her of an
important new attendance policy. When she clicked on a link embedded in the e-mail
to view the new policy, she infected her laptop with a keystroke logger.
e) A company’s programming staff wrote custom code for the shopping cart feature on
its website. The code contained a buffer overflow vulnerability that could be exploited
when the customer typed in the ship-to address.
f) A company purchased the leading “off-the-shelf” e-commerce software for linking its
electronic storefront to its inventory database. A customer discovered a way to
directly access the back-end database by entering appropriate SQL code.
g) Attackers broke into the company’s information system through a wireless access
point located in one of its retail stores. The wireless access point had been purchased
and installed by the store manager without informing central IT or security.
h) An employee picked up a USB drive in the parking lot and plugged it into his laptop
to “see what was on it.” As a result, a keystroke logger was installed on that laptop.
i) Once an attack on the company’s website was discovered, it took more than 30
minutes to determine who to contact to initiate response actions.
j) To facilitate working from home, an employee installed a modem on his office
workstation. An attacker successfully penetrated the company’s system by dialing into
that modem.
k) An attacker gained access to the company’s internal network by installing a wireless
access point in a wiring closet located next to the elevators on the fourth floor of a
high-rise office building that the company shared with seven other companies.
PROBLEM 11.3
Inventory Supplier Administration
Employee
Master Master and Taxes
Employee Master file
File File Master File
Em on Reason
Gerald
e 1 0 0 0
Ger ald diharuskan untuk mengecek Riwayat login karyawan, maka harus ada
Malusi membaca0020
informasi itu, namun tidak boleh memodifikasi sehingga data
lihat.
Ma Wande
s menjaga3003
info mengenai supplier sehingga tentu Malusi harus punya
memodifikasi record.
Wa Olwethu s meng-update
0010 perubahan pajak dan harus menambahkan karyawan baru
inya ia perlu akses untuk membaca, memodifikasi, membuat dan
Samjay
enghapus record. 0 3 0 0
Olwethu Olwethu hanya bertugas memeriksa syarat pembayaran supplier sehingga tidak perlu
akses untuk memodifikasi file apapun, Olwenthu hanya memiliki akses “read only”.
Samjay Samjay harus mengupdate setiap produk baru jika ada (ke stock list), maka dari itu
Samjay harus memiliki akses untuk membaca, memodifikasi, membuat dan
menghapus record.
PROBLEM 11.4
No Threats Controls
.
a. An employee’s laptop was stolen at the airport. Preventive berupa kebijakan
The laptop contained personally identifying yang melarang penyimpanan
information about the company’s customers that informasi sensitif di laptop dan
could potentially be used to commit identity theft. jika informasi semacam itu
harus ada di laptop, informasi itu
harus dienkripsi. Perusahaan
juga perlu melatih karyawan
tentang cara melindungi laptop
saat bepergian untuk
meminimalkan risiko pencurian.
Corrective berupa pemasangan

perangkat lunak "phone home"
sehingga dapat membantu
organisasi memulihkan laptop
atau menghapus informasi yang
dimiliki dari jarak jauh.
b. A salesperson successfully logged into the payroll Preventive berupa persyaratan
system by guessing the payroll supervisor’s kata sandi yang kuat seperti
password. setidaknya sepanjang 8 karakter,
penggunaan beberapa jenis
karakter, karakter acak, dan kata
sandi harus sering diubah.
Detective berupa penguncian

akun jika terdapat 3-5 upaya
login yang gagal; karena ini
termasuk kedalam “guessing
attack” sehingga mungkin
diperlukan lebih dari beberapa
upaya untuk masuk.
c. A criminal remotely accessed a sensitive database Preventive berupa
using the authentication credentials (user ID and mengintegrasikan keamanan
strong password) of an IT manager. At the time fisik dan logis. Sistem harus
the attack occurred, the IT manager was logged menolak setiap upaya masuk ke
into the system at his workstation at company sistem dari pengguna jarak jauh
headquarters jika pengguna yang sama sudah
masuk dari stasiun kerja fisik.
Detective berupa mengatur

sistem perusahaan sehingga
dapat langsung memberi tahu
(notifty) staf keamanan jika
terdapat insiden semacam itu.
d. An employee received an e-mail purporting to be Preventive berupa memberikan
from her boss informing her of an important new pelatihan kesadaran keamanan
attendance policy. When she clicked on a link pada karyawan, karyawan harus
embedded in the e-mail to view the new policy, diajari bahwa ini adalah contoh
she infected her laptop with a keystroke logger umum dari penipuan phishing
yang canggih.
Detective and Corrective

berupa perangkat lunak anti-
spyware yang secara otomatis
dapat memeriksa dan
membersihkan semua spyware
yang terdeteksi di komputer
karyawan sebagai bagian dari
proses untuk masuk dan
mengakses sistem informasi
perusahaan.
e. A company’s programming staff wrote custom Preventive berupa mengajarkan
code for the shopping cart feature on its website. programmer tentang praktik
The code contained a buffer overflow pemrograman yang aman,
vulnerability that could be exploited when the termasuk kebutuhan untuk
customer typed in the ship-to address memeriksa semua input
pengguna dengan cermat.
Manajemen harus mendukung

segala kebijakan untuk
mengamankan praktik
pengkodean, meskipun itu
beresiko untuk menunda
penyelesaian, pengujian, dan
penerapan program baru
perusahaan.
Detective berupa memastikan

setiap program diuji secara
menyeluruh sebelum digunakan,
serta meminta auditor internal
untuk menguji perangkat lunak
yang dikembangkan sendiri
secara secara rutin. Preventive
f. A company purchased the leading “off-the-shelf” berupa perusahaan
e-commerce software for linking its electronic harus terus menekankan bahwa
storefront to its inventory database. A customer “security code” sangat penting
discovered a way to directly access the back-end sebagai bagian dari spesifikasi
database by entering appropriate SQL code untuk membeli perangkat lunak
dari pihak ketiga. Selain itu,
perusahaan juga harus menguji
perangkat lunak secara
menyeluruh sebelum digunakan.
Perusahaan juga dapat
menggunakan patch
management program sehingga
setiap perbaikan dan tambalan
yang disediakan vendor dapat
diimplementasikan.
g. Attackers broke into the company’s information Preventive berupa penerapan
system through a wireless access point located in kebijakan yang melarang
one of its retail stores. The wireless access point pemasangan titik akses nirkabel
had been purchased and installed by the store yang tidak sah.
manager without informing central IT or security
Detective berupa
diberlakukannya audit rutin
untuk titik akses nirkabel yang
tidak sah.
Corrective berupa perusahaan

memberi sanksi kepada
karyawan yang melanggar
kebijakan dan memasang titik
akses nirkabel yang tidak sah
h. An employee picked up a USB drive in the Preventive berupa perusahaan
parking lot and plugged it into his laptop to “see memberikan pelatihan kesadaran
what was on it.” As a result, a keystroke logger keamanan kepada karyawan, dan
was installed on that laptop mengajari karyawan untuk tidak
pernah memasukkan drive USB
kecuali mereka benar-benar
yakin dengan sumbernya.
Perangkat lunak anti-spyware
juga dapat digunakan sehingga
dapat secara otomatis
memeriksa dan membersihkan
semua spyware yang terdeteksi
di komputer karyawan.
i. Once an attack on the company’s website was Preventive yaitu perusahaan
discovered, it took more than 30 minutes to harus mendokumentasikan
determine who to contact to initiate response semua anggota CIRT (Cyber
actions Incident Response Team) yang
ada dan informasi kontak
mereka, serta melatih mereka
tentang bagaimana cara
merespon suatu insiden sehingga
dikemudian hari respon dan
tindakan bisa lebih cepat
dilakukan.
j. To facilitate working from home, an employee Preventive dimana perusahaan
installed a modem on his office workstation. An harus secara rutin memeriksa
attacker successfully penetrated the company’s modem yang tidak sah atau
system by dialing into that modem nakal serta menelepon semua
nomor telepon yang ditetapkan
untuk perusahaan dan
mengidentifikasi nomor telepon
mana yang terhubung ke
modem.
k. An attacker gained access to the company’s Preventive yaitu perusahaan
internal network by installing a wireless access harus mengamankan dan
point in a wiring closet located next to the mengunci semua wiring closet.
elevators on the fourth floor of a high-rise office Perusahaan juga harus meng-
building that the company shared with seven setting sistem sehingga
other companies. diperlukan otentikasi yang kuat
untuk masuk ke sistem.
Perusahaan juga dapat
menggunakan sistem deteksi
intrusi.

Gracella Irwana Chapter 11 SIA 2

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Gracella Irwana Chapter 11 SIA 2

Uploaded by

Copyright:

Available Formats

Tugas Mandiri

Sistem Informasi Akuntansi 2

1 = read only access

2 = read and modify records

3 = read, modify, create, and delete records.

Corrective berupa pemasangan

Detective berupa penguncian

Detective berupa mengatur

Detective and Corrective

Manajemen harus mendukung

Detective berupa memastikan

Corrective berupa perusahaan

You might also like