2. An information system (IS) auditor has been asked to represent the internal audit department of her

organization on a task force to define the requirements for a new branch automation project for Brown Bank, a community bank with 16 branches. This new system would handle deposit and loan information

and other confidential customer information.

The branches are located within the same geographic area, so the director of branch operations has

suggested the use of a microwave radio system to provide connectivity due to its low cost of operation

and the fact that it is a private network. The director has also strongly suggested that it would be

preferable to provide each branch with a direct coaxial connection to the internet (using the local cable

television provider) as a backup if the microwave system develops a fault.

The direct internet connection would also be connected to a wireless access point at each branch to

provide free wireless access to customers. The director also asked that each branch be provided with

mail and application servers that the administrative manager of each branch would administer. The IS

auditor was informed by the IT manager for the bank that the cable service provider will encrypt all

traffic sent over the direct coaxial connection to the internet.

Questions:

a. In reviewing the information for the project, what would be the MOST important concern about the

use of microwave radio systems of Bank Brown? Justify your answer in no more than five (5)

sentences.

b. Give at least one (1) best possible way to reduce the likelihood of business systems being

successfully attacked from the public internet through the wireless network. Discuss your answer

in no more than five (5) sentences.