Scenario Based Lead Auditor Day#1

Webos’s client was vulnerable to external attacks due to serious flaws in the system and encryption, authentication, and other database problems, which are classified as vulnerabilities of a system.

The first two options reflect weaknesses in the company’s procedures. As such, they represent vulnerabilities. Unauthorized use of the system, on the other hand, is a threat that the company can face in such situations.

Technical investigations following a security incident are corrective controls that aim to correct the problems and prevent their recurrence.

Segregation of duties is a control related to the organizational structure, so it is classified as administrative control.

Migration to the Windows Azure SQL database helps in solving database availability problems that can cause disruption of operations.  The first option is an example of an impact on availability, while the other two are impacts to the confidentiality.