Shahla Raei

  • This article is talking about audit management solutions and how the security and risk management leaders can improve productivity and manage the internal auditor’s role by facilitating audit management s […]

  • Shahla Raei posted a new activity comment 2 months, 1 week ago

    Blake,

    Very Interesting topic, and as Sean mentioned to a good point that the trend of data analytics that being outsourced is growing.
    I believe If the data is critical to the company’s business survival, it should be kept in-house. Other analytics can be outsourced.

    I found a related example about your topic online:

    Example is r…[Read more]

  • Shahla Raei posted a new activity comment 2 months, 2 weeks ago

    Nice topic, Unethical behavioral!
    Based on my research, Financial regulation cannot prevent this kind of scandal. Finally it is human nature at the root of this problem. In this case I’ve found out that Wells Fargo had a two-day ethics workshop in 2014 explicitly telling their employees not to create fake customer accounts. However, the…[Read more]

  • Shahla Raei posted a new activity comment 2 months, 3 weeks ago

    Wenlin,

    Interesting topic, Use of AI is not a new concept. AI solutions can be used to improve security across a number of business in financial industries. Organizations rely on AI to trace steps by analyzing the behaviors of transactions and devices. Based on my research I found an article released on December 2016, stating that master card…[Read more]

  • Based on our last week topic I found this website interesting.

    The ACFE (Association of certified fraud examiners). The ACEF is the world’s largest anti-Fraud organization. And providing anti-fraud training t […]

    • Very interesting site for sure. Some of the items listed under the ‘initial detection of occupational fraud’ tab reminds me of a situation my wife encountered. My wife worked for a large credit union; she was the regional manager for the state of New Jersey. One of her branches had an issue which required an immediate audit of the branch. From what I remember, the initial error was not major infraction, however the management was bound by policy and procedures to conduct an internal audit of the branch. Well, during the audit, the regional manager (my wife) discovered that controls were being ignored and procedures were being bypassed. And as luck would have it, the audit uncovered a major act of fraud (attempted on the very day of the impromptu audit!). A teller falsified a ledger from the cash vault and attempted to steal $5000 in $20 bills. In all likelihood, the theft would have been discovered at a later time. However, due to violations in procedures, finding out who committed the fraud and how the theft occurred would have been more challenging then it had to be. Ultimately, surveillance cameras revealed one suspicious movement of the guilty teller which led to the stashed $5,000.

      So, as indicated on the ‘detection’ tab of the website you posted, internal audits can and do lead to exposing fraud.

  • My name is Shahla Raei and I am currently an Internal IT Auditor Intern at Chubb. I am part time student, and will be graduating on June 2017. I am originally from Tehran, Iran. I majored in Computer Software […]

  • Shahla Raei posted a new activity comment 5 months, 2 weeks ago

    This week topic was related to web application security, I found this news related to our topic.

    The websites of seven of India’s embassies were hacked some data pertaining to Indian citizens leaked online by the attackers claiming responsibility. The hackers say they wanted to call attention to the sites’ vulnerabilities.

    Indian embassies…[Read more]

  • Shahla Raei posted a new activity comment 5 months, 2 weeks ago

    Nice! thanks for sharing wells fargo example. and yes I believe that managing identities are common problems.

  • Shahla Raei posted a new activity comment 5 months, 2 weeks ago

    Priya,

    very comprehensive comment on this question, I just wanted to point out the maintenance. keep stand alone application, uptodate is one of the main concerns. Maintenance of web application is much easier than desktop based application, you have to update it on each single computer or platform that its installed.

  • Shahla Raei posted a new activity comment 5 months, 3 weeks ago

    Web application security is much more challenging than desktop based application. With infrastructure you can usually identify the problem.
    – More risks associated with web application than desktop applications. On desktop based and standalone applications you can put more control to protect it from various vulnerabilities. In web application…[Read more]

  • Shahla Raei posted a new activity comment 5 months, 3 weeks ago

    Online Ad Industry Threatened by Security Issues

    In this article mentioned nowadays Cybercriminals are looking for powerful alternatives and now targeting ad industries.
    The online advertising industry is at an inflection point, also ad blockers and potential regulation are considering a risk. It’s facing a big security problem, and associated…[Read more]

  • Shahla Raei posted a new activity comment 5 months, 3 weeks ago

    Yang,

    Correct, I wanted to mention to this week assignment and submitting our presentation. our team come up a solution to help company identify their sensitive information. one of the document we ask them to prepare it for the future meeting was organizational chart. I think this chart is an important chart in an organization and help auditor…[Read more]

  • Shahla Raei posted a new activity comment 5 months, 3 weeks ago

    Neil,

    Its is really an interesting point , and privacy is an important concept, specifically in 21st century, Now a days has become the century of Big Data and Information Technology allows for the storage and processing of big data. so testing the Privacy effectiveness is always matter.

  • Shahla Raei posted a new activity comment 5 months, 3 weeks ago

    Priya,

    Nice categorization, I really learn a lot from your comments, you explained it very well! I think Decision making is the most significant difference between IDM and AM and you covered this point very well.

    Access management system is making decision that if the user currently logged on have right authentication and authorization.

  • Shahla Raei posted a new activity comment 5 months, 3 weeks ago

    Right, Access management dealing with authorization and authentication. I liked your example. as you mentioned knowing the distinction between these two helps the stakeholders in understanding how their interests are protected and implemented by Identity and Access Management technologies

  • Shahla Raei posted a new activity comment 5 months, 3 weeks ago

    Identity management and access management are related to each other, however, they have many differences and distinction between these two are important.
    Identity management deals with the creation and removal of accounts in application and managing access to corporate systems. Such as registration system, when you put your personal information,…[Read more]

  • Shahla Raei posted a new activity comment 6 months ago

    Binu,

    Thank you!
    Yes, people are the weakest link in security chain, employees are the major area of risk for corporate data security due to a lack of knowledge or a lack of strong security policies.

  • Shahla Raei posted a new activity comment 6 months ago

    Mansi,

    Good point, I agree with you it totally depends on nature of business, However outbound traffic is more important in my view, I remember in advisory session we had couple weeks ago, we analyze the case that the problem was in outbound traffic wasn’t protected so there was a main problem on that case.

  • Shahla Raei commented on the post, Week 9 – In The News, on the site ITACS 5206 6 months ago

    I should have read your post before posting my article! it seems this week most of us noticed the DDos attack no east coast and lots of web sites shut down! According to the article we are getting in to serious level of DDOS attack and the internet becomes more vulnerable.

  • Shahla Raei posted a new activity comment 6 months ago

    Fred,

    I think it might be depends on nature of business, if the organization doesn’t want to communicate in industry so blocking all income network is good practice, However, I think in terms of confidentiality we should block or be sensitive about outbound information.

  • Load More
Skip to toolbar