Webos is a software company that offers custom web-based IT solutions for banks and financial institutions. They are focused on developing personalized and flexible banking software. Hence, their services include processing sensitive data.

Recently, one of their main partners required an update of the software they got from Webos because their current version was vulnerable to external attacks. Webos provided an updated version that included migrating to the Windows Azure SQL database to solve the encryption, authentication, and high availability problems. However, the solution did not work and Webos’s partner terminated their contract.

The project failed due to problems with the segregation of duties in Webos. Their only software development team leader, Julia Robinson, was on maternity leave and her duties and responsibilities were assigned to an inexperienced team member.

To increase the security of their services and regain customer confidence, Webos decided to initiate major changes, including the implementation of an ISMS. They decided to improve their existing maintenance and support services and conduct technical investigations for any security incident reported by their partners. In addition, they decided to segregate the duties of the software development team in order to avoid similar situations in the future.

Based on the scenario above, answer the following questions:

Which option below presents a vulnerability in Webos’s client system?

Webos’s client was vulnerable to external attacks due to serious flaws in the system and encryption, authentication, and other database problems, which are classified as vulnerabilities of a system.

Webos’s project failed due to the lack of segregation of duties during the maternity leave of the software development team leader. Which of the following is a threat that can impact Webos in this situation?

The first two options reflect weaknesses in the company’s procedures. As such, they represent vulnerabilities. Unauthorized use of the system, on the other hand, is a threat that the company can face in such situations.

Webos conducted technical investigations after its partners reported security incidents. What is the aim of implementing this security control?

Technical investigations following a security incident are corrective controls that aim to correct the problems and prevent their recurrence.

By segregating the duties of the software development team, Webos implemented:

Segregation of duties is a control related to the organizational structure, so it is classified as administrative control.

Migration to the Windows Azure SQL database would solve the availability problems by reducing the _____________.

Migration to the Windows Azure SQL database helps in solving database availability problems that can cause disruption of operations.  The first option is an example of an impact on availability, while the other two are impacts to the confidentiality.