You join Mountain Water Co – an expanding bottled water company as an information security officer. The company wants to do a lot of advertising of its bottled water products through its website. The CEO asks you to review the company website and report if it is secure. After talking to the webmaster you find out the following:
The Web server accepts all connections
No authentication is required
Self-registration is allowed
The web server is connected to the Internet
Is the situation secure? Select all that apply.
a.
Yes. There is no threat to a bottled water company so it is secure.
b.
There is insufficient information available to answer this question.
c.
No. Anything that is connected to the Internet is insecure.
d.
No. The system is allowing everyone to register. Only individuals who are associated with the company should be able to register.
e.
No. If there is no authentication, then anyone with access to the website online can access it. For good security only individuals with certain authorized roles should access a website.