M. Sarush Faruqi

  • Team,

    Great job on both the audit document and video. I liked how you clearly laid out the planning,execution, and reporting phases of how the audit will be conducted, I also agree with Scott on the notion of the stop lights being an effective way to control the audit. I thought you did a great validating that the different process owners who…[Read more]

  • M. Sarush Faruqi posted a new activity comment 1 month ago


    Great work on both the audit document as well as the video. I thought both were very well put together. The video was very detailed and provided me with a visual snapshot of what exactly the team was going to audit. It complemented the document very well.

    The document was also very detailed with appropriate controls to be…[Read more]

  • M. Sarush Faruqi posted a new activity comment 1 month ago


    I think you a good job on the audit plan and document. The document was easy to understand and I was able to visualize exactly what types of controls your team would be looking for during the audit. I like the idea of incorporating different controls during the evaluation process. It really made things clear for me as far as what you will…[Read more]

  • Team,

    Excellent job on both the audit plan document as well as the video. Everything flowed together very nicely and I was able to have a good idea of what the audit was going to be about through the video before viewing the document. I think you hit the major points of what an audit should look for an AUP policy. I like the idea of giving…[Read more]

  • M. Sarush Faruqi posted a new activity comment 1 month, 1 week ago


    You’re spot on in saying the both DR and BC should be balanced. From the definition Scott gave, it seems like both are complements of each other. I think the emphasis on either DR or BC would depend on the company. If a company is operating in particular conditions where there is larger threat of a natural disaster, it might be…[Read more]

  • M. Sarush Faruqi posted a new activity comment 1 month, 1 week ago


    Great post. agree with you on the notion that management must be involved in devising a plan to execute if a disaster were to occur, In my company, we have a business continuity manager who leads all exercises for DR and BC from developing a plan to getting the proper resources and executing a successful test. After the test is…[Read more]

  • M. Sarush Faruqi posted a new activity comment 1 month, 1 week ago


    Good points. I have a similar plan as you especially when it comes to saving documents in the cloud with tools such as Dropbox. Although storing things on the cloud might have their own risks, they provide the ease of being able to access your data and documents from anywhere. You mentioned you have another laptop if your primary…[Read more]

  • James,

    Great post. You are absolutely correct in saying that DR and BC require time, money, and resources. In my company, we try and involve our clients in any DR and BC exercises while we test our plans in the event an IT disaster was to occur. Some of the clients like to participate as they get to understand our plan better and be apart of it…[Read more]

  • M. Sarush Faruqi posted a new activity comment 1 month, 1 week ago

    Activity: Personal disaster recovery and business continuity plans

    In terms of backing up data, I typically have a copy of all of my documents saved locally to my machine. All of my sensitive data is housed in encrypted in the event that my machine runs into unwanted access. I have a copy of each document in Dropbox where I can access easily…[Read more]

  • M. Sarush Faruqi posted a new activity comment 1 month, 1 week ago

    What makes this so complicated and difficult for organizations?

    DR and BC are complicated and difficult for organizations because they are two concepts which most executives do not want to experience in their respective organizations There is so much time and money being spent on avoiding IT disasters that some people forget the fact that it…[Read more]

  • Vu,

    Great points. I think a security breach can be nipped in the butt early if employees are aware of the protocol when an attack does occur within their organization. This was obviously not the case in the iPremier case as everybody was trying to put the fire out using whatever tools they thought would work best. There were no standard…[Read more]

  • Scott,

    Very well said. I agree with you completely. Employees have access to so much information about an organization that they pose the most significant risk to an exploitation of company assets. As we discussed in class the other night, it’s really not a matter of if a security breach will occur but when it will occur. It is employees who…[Read more]

  • Marcus,

    Great post. I found it interesting how you said employees don’t think security is their responsibility. You’re absolutely correct. From my experience, employees have very little interest in learning about security let alone preventing attacks. Security has become a legitimate threat to any organization in the past few years so it isn’t…[Read more]

  • Ariana,

    Great post. I agree with you people are a significant risk to any organization. You are correct in saying that anyone can be fully trained and still make the mistake of opening a phishing email or responding to a message they shouldn’t be responding to in any way. The one thing I’ve seen is that hackers are searching for a new ways to…[Read more]

  • Security education is spoken of often. Why is it important?

    I think when we talk about security, we are talking about securing assets which either belong to a company or a company has the responsibility of securing. Customer information is one of the most sensitive assets which a company is entrusted with when a customer decides to do business…[Read more]

    • Sarush,

      I think you made many really good points, including ongoing education and securing customer information. Currently, because of the tools and information available, it is not if but rather when an attempted breach on your company will occur. Since it is a persistent threat, updates need to be made to the training on a regular basis.…[Read more]

  • Mengqi,

    Well thought out response. I agree with you as well that AWA should continue with its plan to outsource ALCS. You are correct in saying that outsourcing can actually avoid or mitigate some of the risks AWA is facing. It is a smart move for AWA to diversify or spread their risks out through leveraging outsourcing especially considering…[Read more]

  • Marcus,

    I’m on board with you as well that AWA should commence with their outsourcing efforts. As you mentioned, issues such as updating the COBOL systems and addressing the SOX and PCI compliance issues should be addressed before they decide to move any IT operations elsewhere. IT does not seem to be a core function in the entire industry so…[Read more]

  • Jimmy,

    Great response in describing the distinction between risk appetite and risk tolerance. Like Brock, I also found it interesting how you tied money into the risk a company will willing to take. Risk is intact a business concept. Although IT can provide solutions on how to become less vulnerable to threats whether they be implementing in…[Read more]

  • Great réponse everyone. To go off of Ben’s point, the risk of data breaches can most definitely cause risk tolerance levels to go down although many companies will maintain a high appetite. If such a threat does come into fruition, not only will there be financial losses, but the reputational loss can be even bigger. Customer trust can be…[Read more]

  • M. Sarush Faruqi posted a new activity comment 1 month, 3 weeks ago

    There are numerous risks that AWA could potentially have to deal with if they were to move forward with their outsouricng initiative of IT.

    IT Risks:

    -Although most of the internally developed applications can be outsourced easily, areas such as sensitivity analysis and crew scheduling are dependent on homegrown applications and could…[Read more]

  • Load More
Skip to toolbar