Question 3.

There are various information security risks faced by small-to-medium enterprises (SMEs) engaged in electronic business. Two of the key risks faced by business is phishing and ransomware attacks, in either case Rod knows that these acts would result in potentially ruining the Just Pastry business and their reputation.

a) Briefly describe what phishing is and explain why it is so difficult for society, business and individuals to manage this risk. Identify and discuss two (2) different measures that can help to manage the phishing risk for Just Pastry.

[10 Marks]

b) Briefly describe what ransomware is and explain why it is so difficult for society, business and individuals to manage this risk. Identify and briefly discuss three (3) different measures that can help to manage the ransomware risk for Just Pastry.

[10 Marks]

c) Rod is insistent that all staff access to all the new business systems, social media and mobile devices will require 2-factor authentication. For training purposes, write a brief plain language non-technical explanation of what 2-factor authentication is and how it works.

[10 Marks]