ABSTRACT
This chapter illustrates how a hypothetical organization deals with computer security issues in its enterprise operating environment. It highlights the importance of management's acceptance of a particular level of risk; this will, of course, vary from organization to organization. A Typical Organization has information systems that comprise and are intertwined with several different kinds of assets valuable enough to merit protection. Since A Typical Organization lets employees access information via Bring Your Own Device, the local area network also provides a connection to the Internet via a router. The risk assessment concurred with the general approach taken by A Typical Organization, but identified several vulnerabilities. To remove the vulnerabilities related to unauthorized access to data, the risk assessment team recommended the use of stronger authentication mechanisms based on smart tokens to generate one-time passwords that cannot be used by an interloper for subsequent sessions.
