"I am general manager of the recently established British division of a small Canadian wholesale company. My task is to set up t

admin2010-08-21  26

问题    "I am general manager of the recently established British division of a small Canadian wholesale company. My task is to set up the infrastructure for the British operation, including finance. Our bankers have offered an internet-based e-banking service that saves me a lot of administration time but I am worried about how secure it will be".
   "Is online banking reliable for a small business and what extra controls would you recommend to ensure the risk to the company’s funds are minimized?"
   Keith Falconer, Director of Forensic Services, says: Internet banking can offer many benefits, but unless controls are properly considered it can provide an easy mechanism for unscrupulous people, both within and outside an organization, to divert company funds.
   It is important to ensure that controls on access to the e-banking system am put in place, with appropriate transaction limits.
   Everyone who is using the system should have their own log, in de, tails. Having too few log-in details can often lead to staff using each other’s. Not only does this destroy any audit trail (审计跟踪), it also leads to the loss of the individual information in a company.
   Password selection is also important. Each user must choose an appropriate password, and one which is not vulnerable to attack by a hacker. One method is to choose a memorable word but replace certain letters with numbers and punctuation marks. For example, "password" could become "p@55w0rd".
   There have been reports of "key-logging" software being used by criminals record the keystrokes on a terminal in order to discover the password. Network security, therefore, is essential before implementing e-banking; a strong firewall should be in place to protect your system from external attacks; security updates should be applied promptly; and the system should be swept for viruses and spy-ware regularly
   One final area to be aware of is the "phishing" scam (网络钓鱼), whereby an account holder receives an e-mail claiming to be from the bank asking them to confirm or update details. The account holder is redirected to a fake site and the details entered are subsequently used to rob the account.
   All individuals with access privileges to your e-banking system should be made aware of this. Your bank will never send you an e-mail asking you to confirm your details, and you should never respond to an e-mail purporting to be from your bank. Normal e-mail is an unsecured system; your bank will establish a secure method of communicating with you from behind the protection of your log-in.
According to paragraph 5, to share access to the internet is ______ for people in a company.

选项

答案insecure

解析 本题问“根据底五段内容,对于公司里的人来说,共用进入网络银行的口令会怎样”。第五段提到“Everyone who is using the system should have their own log-in details. Having too few log-in details can often lead to staff using each other’s. not only does this destroy any audit trail (审计跟踪), it also leads to the loss of the individual information in a company.”(使用网络银行的任何人都应该有自己的登陆信息。如果登陆信息太简单会造成公司员工互用彼此信息的现象。这样不仅会毁坏审计跟踪,而且会使公司员工的个人信息丢失)。由此可见,共用进入网络系统的信息会带来不安全的因素。因此,答案为insecure。
转载请注明原文地址:https://jikaoti.com/ti/jVFMFFFM
0

最新回复(0)