Business Case 1$1$: One of the local university$$s Student records databases was hacked. A graduate student in the computer engineering department decided to show his skills to his friends to impress them. The student successfully enters the system by calling the help desk and pretending to be the new director of the student records department. During the phone call, $$I could not remember the password and do not want to call my supervisor. Would please do me a favor and remind me of my password?.$.$ The IT Help desk person believed him and gave the password without following the University Security policy. Then the student simply logs in to the database and updated the final grade exam of one of his friends who was failing the class.

Business Case 2$2$: Hospital Patient Database: A hospital patient$$s allergy information ($($a doctor should be able to trust that the info is correct and current)$)$ was altered without authorization. A nurse before leaving the hospital deliberately falsifies the patient$$s allergy data in the database to inflict damage to Hospital$$s reputation. That happened on the last day of her employment at the Hospital. Some doctors gave the wrong medication to the patients who later suffered from a complication of allergies and medications. This widespread incident was on the local news as well. Then, the nurse was hired by a new ($($competitor local hospital)$)$ the following week.

For each case answer the following questions

Question 1$1$: What was the reason for this successful attack? What was the vulnerability ($($Flaw or weakness that allows a threat agent to bypass security)?$)?$

Question 2$2$: Attack surfaces type?

Question 3$3$: Who are the threat actors?

Question 4$4$: What can be done to defend against this particular attack ($($So,$,$ it will not happen again)?$)?$

Answer rating: 100% (QA)

Business Case 1 Question 1 Reason for the successful attack The reason for this successful attack was social engineering The student exploited the tru... View the full answer