Courses and Certificates Information-Technology-Management Book

A firewall is a critical part of network security that monitors and controls incoming and outgoing network traffic based on predetermined security rules. Its function is to block unauthorized access while permitting legitimate communication, thereby serving as a barrier between trusted internal networks and untrusted external networks.

Option A: Incorrect—phishing is handled by user awareness and email filters, not firewalls alone.

Option B: Incorrect—malware detection is performed by antivirus/antimalware tools, not firewalls.

Option D: Incorrect—encryption keys are managed by cryptographic systems, not firewalls.

Thus, the function of a firewall is to control unauthorized access.

Understanding ITILITIL (Information Technology Infrastructure Library) is a framework designed to standardize IT service management (ITSM) and ensure efficient and quality delivery of IT services. It helps organizations align IT services with the needs of the business and supports continuous improvement.

Scenario Analysis: Hospital's New Software Systems

The hospital has implemented several new software systems, indicating a shift towards a more technology-driven approach.

Hospitals rely heavily on technology for patient care, administrative management, and operational efficiency. Examples include electronic health records (EHRs), patient monitoring systems, and diagnostic tools, which are technology-intensive.

ITIL's Relevance in Hospitals

ITIL enables systematic management of IT services, ensuring reliability, efficiency, and continuous improvement.

ITIL addresses the challenges of technology dependence by offering best practices for managing service delivery, minimizing downtime, and ensuring compliance with regulatory standards (e.g., HIPAA).

Why Option C is Correct (Increased Dependence on Technology)

As the hospital integrates more software systems, it becomes increasingly reliant on technology to support critical operations.

ITIL provides the hospital with a structured approach to manage this dependence effectively, ensuring robust IT service management processes and reducing the risk of service disruption.

Why Other Options Are Incorrect

Option A (Increased dependence on human interaction): Hospitals aim to reduce manual processes with technology; ITIL supports this automation rather than increasing human dependency.

Option B (Increased access to global consumers): While ITIL improves service quality, its primary focus is not expanding global consumer access.

Option D (Increased access to global vendors): ITIL does not specifically address vendor relationships but focuses on internal IT service processes.

Definition of Elevation of Privilege Attack:

This attack occurs when an attacker exploits vulnerabilities in systems to escalate their permissions beyond what they are authorized for, gaining access to sensitive data or control over the system.

Example in the Scenario:

The attacker uses a guest account, a low-privilege account, to exploit a system weakness and escalate their privileges, altering user account information.

Incorrect Options Analysis:

A. Packet tampering: Involves altering data packets, not access rights.

B. Spoofing: Involves impersonation, not privilege escalation.

D. Hoaxing: Refers to deceptive scams, unrelated to access rights.

References and Documents of Information Technology Management:

"Cybersecurity Vulnerabilities and Exploits" (CIS Controls).

ITIL Risk Management Framework (Axelos).

The Analysis phase of the SDLC involves gathering and documenting business, user, and system requirements. This ensures the project team fully understands what the system must achieve before moving into design and development.

Option A: Validation occurs during testing.

Option C: Structuring component interaction is part of design.

Option D: Optimization for performance is a later concern during development and testing.

Thus, the primary purpose is to define the business, user, and system requirements.