Comway Corporation is a medium-sized shoe wholesaler whose sales territory includes Illinois, Michigan, and Indiana. Every day, the sales managers for these states collect orders from retail stores. They then use local Internet service providers to connect to the Internet and enter the order information. In each case, the sales manager uses a Web browser client to enter the information into a Web server dedicated to collecting orders. A problem has arisen recently with deliveries to some of Comwayâ€™s retail customers. For example, one customer, Brown Shoe Store, complained that it never received delivery of a $6,000 order that it had recently made. In order to investigate the matter, Sandra Hill, Comwayâ€™s controller, looked at the order files and concluded that the shoes were in fact shipped to a warehouse, several blocks from Brown Shoe Store. Brown, however, said that it had never authorized a shipment to anywhere but directly to its store. Puzzled, Sandra Hill checked with Brownâ€™s sales manager, who immediately produced a printed copy of the order. The sales manager had printed out the contents of the computer screen at the time he had entered the order, and sure enough, he had set the shipment up for normal delivery right at Brownâ€™s store. To further investigate, Sandra Hill checks the logs of the Web server used to collect orders from the sales managers. However, everything seemed in order, and it appeared the sales manager had used his proper password to access the Web server.
Analyze the problem and make suggestions as to its possible cause. What additional information would you need to complete Sandra Hillâ€™s investigation? What additional security measure should be taken, if any?