Blake D. Koen

  • Brou,

    I agree with your assessment that the biggest IT risk comes from inside the company (or their vendors). Companies should analyze the behaviors of their employees. If everyone normally leaves at 5, but then all of the sudden one employee decides to start staying late all of the time, that can be an indicator that the employee is committing…[Read more]

  • I believe that this is my third post in a row about fraud. I will look for something else next time.

    In the medical world, unused prescription drugs can be returned by the medical provider to the drug companies […]

  • I realize that many companies have bounty programs, but I always wonder if there has ever been a case where the hacker decided not to report what they found. Some of the people that are hacking them aren’t exactly the most ethical people, so I would not be shocked if this has happened.

  • Blake D. Koen posted a new activity comment 1 week ago

    Darin,

    With all of these smart tvs, cameras, thermostats, refrigerators, etc, I expect that we will be hearing more about these devices being attacked. Everyone wants the convenience, but few people take the time to think about the security of these devices. I think that at minimum, there should be a warning that pops up when consumers are…[Read more]

  • Blake D. Koen posted a new activity comment 1 week, 3 days ago

    James,

    That old policy is definitely an environment for fraud. I can’t believe that the company would have done things that way. I remember at my parents’ company, they would sometimes end up taking credit cards away from employees for charging personal expenses on the company card. The accounting department would see charges from bars on a…[Read more]

  • Blake D. Koen posted a new activity comment 1 week, 4 days ago

    James,

    I agree that common users don’t know a lot about the common vulnerabilities. I would recommend that people back up their data to both the cloud and a local backup to help mitigate the risks of ransom ware attacks.

    With businesses having so many devices connected to the internet, I feel like they have a lot vulnerabilities that…[Read more]

  • I found this to be a great example of what can go wrong without a proper segregation of duties, as well as a lack of controls.

    In this case, the employee saw that the company wasn’t properly securing their […]

  • Blake D. Koen posted a new activity comment 2 weeks, 2 days ago

    These are good suggestions, but I think the problem for most small businesses when it comes to analyzing data is that they just don’t have the resources to deal with big data. In really small businesses, a few people might be handling all of the business tasks, so analyzing data would probably fall through the cracks.

    I think that the advice…[Read more]

  • I found this article on how confident businesses are with their data analytics. I expected that most respondents wouldn’t know what to do with their data. About half of the respondents in the survey thought their […]

  • Blake D. Koen posted a new activity comment 2 weeks, 3 days ago

    I was wondering if someone would post about this. I find this to be pretty scary, but i’m not shocked.

    I believe that the best thing to do for customers that are concerned about this would be to not connect your smart TV to the internet. The car thing scares me the most. If they were able to take over a car, as your post states, they could do…[Read more]

  • Blake D. Koen posted a new activity comment 3 weeks, 2 days ago

    Dave,

    The article didn’t go into much detail, but since this person was able to do all of this, I assume that there was no segregation of duties. If there was, as you stated, they wouldn’t be able to get away with doing this for that long.

  • Blake D. Koen posted a new activity comment 3 weeks, 4 days ago

    Dave,
    I agree that people have become numb to credit card fraud. You make a few phone calls, fill out some paperwork, and it’s done.

    I found this article about chip cards preventing fraud. The chip card has made it harder for thieves to use the cards in person, so if this was 1987, the chip would have been effective in eliminating fraud.…[Read more]

  • Sonja McQuillar, who was the director of Health and Information Management at Northern Children’s Services, told a US district judge about her crimes. To carry out this fraud, McQuillar created fake invoices to […]

  • Blake D. Koen posted a new activity comment 1 month ago

    Dave,

    Thanks for your comment, I too was surprised about the card readers. I don’t think that there is an automated control to mitigate that, but I would have increased outside security to look for people that may be trying to read the access cards. If someone looks out of place, security can remove them from the property or call the…[Read more]

  •  

    I chose to post this because I think it is important that everyone review their data security. This article illustrates how easy it was for the speaker to get into numerous systems. I was not shocked by […]

  • I agree that companies need to regularly back up their data. However, I think that for a lot of small companies, backing up everyday may be too costly or too time consuming. These companies should preform an impact analysis to determine which data needs to be backup daily, and what can be done at less frequent intervals. This should help ease the…[Read more]

  • Getting the right people looking at the data is important. If you don’t have the right people looking at the data, what is the point of doing all of the work? You need decision makers and people that have a clear understanding of what the data says to be looking at it, so that it can be your base for making an informed decision.

  • Blake D. Koen posted a new activity comment 1 month, 1 week ago

    Khawlah,

    This post reminds of the Ed Gelbstein article, Perspectives From a Seasoned Practitioner, that we read for IT Audit Process (The article can be found at https://www.isaca.org/Journal/archives/2015/Volume-1/Pages/Perspectives-From-a-Seasoned-Practitioner.aspx.) He said that auditor should be:

    • A…..Analytical
    • U..…[Read more]

  • Dave,

    You are correct that they would be a big score for hackers and data thieves. I assume that companies would not be outsourcing anything that involves customer financial or health records. I think that they would be outsourcing things like their customer rewards program data, or similar data. That would be an issue if it got out, but not…[Read more]

  •  

    Big data is a problem for organizations, more specifically, how they should handle it. The article states that in the beginning, the tools to analyze it were not adequate. Eventually the blame was shifted […]

    • I don’t think anybody is surprised that there is a growing trend of data analytics being outsourced. Like many other functions, especially IT related, before this there are a number of reasons why to outsource; cut costs, focus on core competencies, lack of resources, etc.. I think many businesses are quick to consider outsourcing aspects of its business that it isn’t very knowledgeable in, and that includes a lot of IT functions for most businesses. Since “big data” is still in a stage of its life cycle that leaves a lot to still be learned it is probably a good business decision for most to make to outsource that facet of IT to those who are on the leading edge of honing the skills necessary to extract value from that technological capability.

      Your concerns are legitimate concerning data, and more accurately the confidentiality of the data. You mentioned vetting potential service providers, and there are other steps a business can take to protect its assets and mitigate the risks associated with outsourcing its data. A properly done risk assessment can determine what data to outsource and which data to keep in-house. Legal personnel can ensure adequate indemnity clauses are in service contracts to ensure the business is compensated appropriately in the event of any losses from data confidentiality. Those personnel can also ensure the clauses needed to protect the confidentiality of data are included in the service contracts, as well as right to audit clauses to ensure proper controls and policies to ensure that confidentiality is maintained appropriately. Like other instances of outsourcing there are steps a business should take to ensure proper risk assessment and mitigation techniques before moving forward with the decision to do so or not.

    • Blake: this article is right in line with one I posted last week, and I couldn’t agree more. Sean makes a great point, and I originally agreed, but after I thought about it further, I started wondering: these “data companies,” wouldn’t they be the equivalent to buried treasure vs a bank robbery for criminals? What I mean is, imagine that one of these companies handles this data extracting / reading service for 200 companies (I’ll figure conservatively), how much of “score” would that be if a criminal were to breach that data company? They would have access to all 200 companies’ sensitive data. So instead of breaching one company for its data (robbing the bank), they can breach one company for 200 companies’ data (buried treasure). In this case, I would say that the risk may very well out-weigh the reward. I know there are controls to help mitigate the risk (i.e. strong agreements, insurance, etc.), but how are these companies not more often the target of attacks?

      • Dave,

        You are correct that they would be a big score for hackers and data thieves. I assume that companies would not be outsourcing anything that involves customer financial or health records. I think that they would be outsourcing things like their customer rewards program data, or similar data. That would be an issue if it got out, but not nearly as big as financial or health records. I agree with Shahla said below, they should not be outsourcing critical data.

    • Blake,

      Very Interesting topic, and as Sean mentioned to a good point that the trend of data analytics that being outsourced is growing.
      I believe If the data is critical to the company’s business survival, it should be kept in-house. Other analytics can be outsourced.

      I found a related example about your topic online:

      Example is related to a start up company that plans to consolidate all the most interesting news around the word into a newspaper. Data would be scraped from news sources and social media as the company’s ” product”. This data need to be analyzed in a timely manner ( or real time) to create the news publication. This function is critical for business so it should be kept in-house..

      Such essential data must be close by, accessible and secure.

      The background IT that supports the website could be stored and analyzed in the cloud by an outsourced provider.

      http://www.futureofbusinessandtech.com/business-solutions/big-data-analytics-outsourcing-vs-in-house

    • Hey Blake,

      This was a good article that you posted about. As others have stated, I would be a little wary giving up data to a third party but I guess it depends on what information and what organization I belong too. For example, if metadata pertaining to the actions of a web user needed to be analyzed for marketing purposes then I suppose I would be fine with having a third part analyze the data and offer a recommendation. However, I would not be comfortable providing a third party data pertaining to employees’ salaries or compensation packages to analyze. As Sean has pointed out, a risk assessment is necessary to identify if the data should be provided to a third party or not. If it is appropriate, then the company should take all the necessary precautions, i.e. an SLA, to make sure that the data is not inappropriately used or accessed by unauthorized personnel.

  • Load More
Skip to toolbar