Micron is an online electronic retail store with over 50,000 loyal customer base and revenue of $20,000 per hour. Up to 35,000 transactions per day are completed. Micron has 100 continuing and 20 casual employees as well as 30 contractors, who have authorised access to Micron's system and networks. Micron uses a web server, an email server and a database server in its business operations. The web server is used for hosting the transaction processing system. The database server is used for maintaining customer details, orders, inventory and shipment information. The application server implements the actual business logic. Micron has four major divisions: IT, customer service, sales and marketing. Micron uses state‐of‐art security controls (Transport Layer Security, firewalls, antivirus products, intrusion detection systems, multi‐factor authentication, etc.), encryption algorithmsfor protecting sensitive records both in storage and in transmission. QUESTIONS (3+4+4+6+3=20 MARKS) 1. Micron management are convinced that their state‐of‐art security products protect their system and information assets very well. Argue convincingly that Micron managements lull themselves into a false sense of security. You must use a practical attack scenario to illustrate and support your argument. 2. Suppose that an external attacker deliberately sought and gained accessto Micron systems. The attacker vandalized Micron's Website and stolen some files that contained sensitive customer data, employee data and some of Micron's intellectual property such as draft internal policies, meeting minutes, unpublished financial data, and proprietary process documentation. a. For each attack on Micron, list and briefly explain at least two possible threat categories. You must justify and argue convincingly your choice of the threat categories. b. For the attacks on Micron, list and briefly explain two possible and credible vulnerabilities that the attacker might have exploited to perpetrate the attacks. You must justify and argue convincingly why the vulnerabilities you choose are possible and credible. If you give more than two vulnerabilities, only the first two vulnerabilities will be marked. c. For each vulnerability you identified in 2b, suggest one managerial control, one operational control and one technical control. You must justify your choice and argue convincingly that the controls can and will safeguard Micron against the possible attack (s). 3. List and briefly explain two specific benefits that an incident response plan offers Micron in regards to the above attacks. If you give more than two attacks, only the first two attacks will be marked.