Anthony Lucas

  • Anthony Lucas posted a new activity comment 4 weeks, 1 day ago

    While each type of auditor has its own flaws, I believe that the lazy auditor is the worst type and would have the biggest impact on the auditee. The lazy auditor does not have the desire or motivation to perform due diligence on the organization being audited and would, as mentioned by Dr. Gelbstein, focus on the low-risk topics and poor or…[Read more]

  • Anthony Lucas posted a new activity comment 4 weeks, 1 day ago

    The millennial generation is without a doubt the most technologically savvy group to date, and are connected in ways only dreamt of by the Nintendo generation. It is also believed that they are somewhat disconnected on the verbal communication front often preferring to text or post status’ on social media, straying from the experiences and e…[Read more]

  • Anthony Lucas posted a new activity comment 4 weeks, 1 day ago

    In order to adjust and apply the rapidly changing dynamic and applications of technology there has to be a base knowledge in order to understand the implications and impact changing tech may in a particular industry. While technologies impact on an enterprise in ultimately the final result of its development and application, I believe that…[Read more]

  • Anthony Lucas‘s profile was updated 3 months, 1 week ago

  • Anthony Lucas posted a new activity comment 3 months, 2 weeks ago

    Edward
    You have broken down the issues of TJX very thoroughly, with all of the vulnerabilities that were exposed after the breach some initial security could have helped prevent them. The most important that you mention is a buy in from management, I believe this item is the catalyst for what occurred to TJX. Management support for IT is crucial…[Read more]

  • Anthony Lucas posted a new activity comment 3 months, 2 weeks ago

    Kevin
    Nice analysis of the events leading to the breach. The lack of proper audits and managements failure to remedy any findings that the limited audit did reveal are key factors . There was a breakdown on all areas of the business in this case, Their reporting of the amount of cards compromised was off by almost double, which shows an…[Read more]

  • Anthony Lucas posted a new activity comment 3 months, 2 weeks ago

    Ruslan
    Your summary of the auditors responsibilities is well explained. It emphasizes a back to basics view of security as a starting point for the auditor which can be modified if needed. This list of the role of the auditor mirrors the violations and vulnerabilities faced by TJX, and suggest that they not only did not put mitigating controls in…[Read more]

  • Anthony Lucas posted a new activity comment 3 months, 3 weeks ago

    In 2005 and 2006, TJX one of the largest clothing and home furnishing retailers in the United States and abroad is consists of brands such as TJ MAXX, Marshalls and Home goods, was the victim of the largest data breach in history. The breach at TJX was considered the largest cyber-breach ever to take place due to almost a hundred million credit…[Read more]

  • Anthony Lucas posted a new activity comment 3 months, 4 weeks ago

    This was an interesting article on the way world governments respond to cyber-attacks. The attacks by Hacker seem to focus on European government for now, and some were actually thankful to learn of the attack. Embarrassment in their failure to act seems to be the only explanation I can think of for the silence around Italy’s response after the a…[Read more]

  • Anthony Lucas posted a new activity comment 4 months ago

    A new threat for the upcoming holidays has targeted the POS systems of retailers through use of malware. This new attack is known as FastPOS, which is an updated version of the malware attack that was used during the Target breach a couple years ago. FastPos compromises credit card information directly from the retailers system and send the data…[Read more]

  • Anthony Lucas posted a new activity comment 4 months ago

    Ruslan,

    You clearly explained differences between block and stream cyphers, Since stream is based on binary, it seems that block is the protection of the stream in a way. With streaming video necessary for areas of government it would make sense that streaming cypher is employed but should have a shroud of block integrated for higher…[Read more]

  • Anthony Lucas posted a new activity comment 4 months ago

    Menqi
    I think this article is most appropriate to the changing view of cybersecurity and hacking after the election. I think more people took an interest in the subject after all the talk about election hacking and so on. Its long overdue that the lawmakers take a serious look into stronger encryption and what needs to be done to avoid any…[Read more]

  • Anthony Lucas posted a new activity comment 4 months, 1 week ago

    Mushima
    Thank you for clarifying so well. I answered this question as well but it is easier to understand when you add an example as you did. I like your sense of history, its shows that encrypion is not a modern concept but has been used since ancient times, we just digitized it.

  • Anthony Lucas posted a new activity comment 4 months, 1 week ago

    Your explanation on the differances between symetric and asymetric are well done. The use of the symetric for high volume organizations makes sense to employee because they would have the resources and capacity to handle such data flows and would most likely have more sensitive data. It does seem that both types of encryption need to have a…[Read more]

  • Anthony Lucas posted a new activity comment 4 months, 1 week ago

    This article defines a vulnerability or blind in the SSL that is allowing cyber attackers to gain access to data and to insert malware or breach an organizations system through their communication devices. Secure Socket layer encryption has been used to provide security and privacy to organizations that are connected to the web, now it is being…[Read more]

  • Anthony Lucas posted a new activity comment 4 months, 1 week ago

    Diffusion means the order of the plain text should be dispersed in the cipher text. Basically changing a single character of the plain will change many characters of the encrypted text, which will in turn affect every part of the output and will apply to the opposite as well . This method requires more use of the ciphertext to be effective by…[Read more]

  • Anthony Lucas posted a new activity comment 4 months, 2 weeks ago

    Seunghyun

    This was an interesting article and most applicable because of the election. Cyber-attacks haven’t been discussed in depth other than to put the candidates down, which I think was a watering down of the importance of the subject. The questions you have listed are going to have to be addressed at some point and sooner rather than…[Read more]

  • Anthony Lucas posted a new activity comment 4 months, 2 weeks ago

    Hackers are taking an almost military approach to gaining access to protected data by using the strategy of “pivoting”. Pivoting is when hackers use a flanking approach to find the least protected routes to gain access to the more protected data they are looking for. They take advantage of the complexities of design by applying the logic that an…[Read more]

  • Anthony Lucas posted a new activity comment 4 months, 2 weeks ago

    Mushima
    I think you have detailed this process perfectly, documentation is key to tracing the history of the coding. A systematic approach with documentation of the expected metrics provides a baseline to follow in case of a change to the SDLC and could make detection of a possible vulnerability easier to find and correct without a significant…[Read more]

  • Anthony Lucas posted a new activity comment 4 months, 2 weeks ago

    Stella
    You bring up a very important fact about coding practices, the possibility of theft. Theft is a major concern that coders are constantly trying to prevent and your example of a defense in depth approach is necessary for coders to secure the data. Unsecured coding can be just as much as a risk that the hackers and needs to be addressed at…[Read more]

  • Load More
Skip to toolbar