M. Sarush Faruqi

  • M. Sarush Faruqi posted a new activity comment 6 hours, 31 minutes ago

    Andres,

    Very insightful points. In regards to the RBI regulations, it seems to me that they have to be somewhat rigid and focused on cybersecurity considering how new the concept of internet banking is in India. The brick and mortar model of banks was a trusted source of doing banking for the majority of people in India. There was an…[Read more]

  • M. Sarush Faruqi posted a new activity comment 6 hours, 57 minutes ago

    Stella,

    This is a great example of the vulnerabilities online banking can potentially expose. As far as dormant accounts, why can’t Salvi give the same level of protection to dormant accounts as he does to active accounts? The case talks about how dormant accounts could be used by attackers to get into the system which I agree with but…[Read more]

  • M. Sarush Faruqi posted a new activity comment 7 hours, 14 minutes ago

    Salvi is facing a slew of issues as the Chief Information Security Officer of HDFC Bank. Although these issues vary in type and degree, they pose a challenge to how HDFC is going to attract and retain customers in the banking industry of India in the present and future.
    One of the biggest challenges Salvi faces is establishing a secure online…[Read more]

  • M. Sarush Faruqi posted a new activity comment 6 days, 4 hours ago

    Great points especially on the idea of reputational damage. Often times, an organization can recover from the financial costs of a data breach but is not able to recover from the reputational image it establishes and the loss of trust from its customers. This is a reason why its important to classify data so that proper controls can be put in…[Read more]

  • M. Sarush Faruqi posted a new activity comment 6 days, 6 hours ago

    Great insight everyone. From a responsibility standpoint, different levels of management may view and interpret risk in different ways. Executive management will look at risk from a high level perspective and focus on the overall organization and its long term business objectives This is in contrast to management departments who may approach risk…[Read more]

  • M. Sarush Faruqi posted a new activity comment 1 week ago

    Sean,

    Excellent point. I agree with you on the notion that the risk profile should be revisited on regular intervals. Risk is a phenomenon that may seem to have threats and vulnerabilities for an organization at one point in time but may not be a threat at all during other time intervals. It comes down to the mitigation controls the…[Read more]

  • M. Sarush Faruqi posted a new activity comment 1 week ago

    Amanda,

    Good explanation of acceptable information security risk. You touch on some very important points. I like your comparison of an organization’s need for security vs the cost it will take to implement measures to protect its information systems. To me, the business environment in which an organization operates in has influence on how…[Read more]

  • M. Sarush Faruqi posted a new activity comment 1 week, 1 day ago

    I found an interesting article this week around database attacks on state voter registration systems. The FBI warned state electoral boards to safeguard their voter registration records after two states were targeted as part of cyber attacks. The state systems of Illinois and Arizona were targeted using SQL injection, a script kiddie method for…[Read more]

  • M. Sarush Faruqi posted a new activity comment 1 week, 1 day ago

    What is an information risk profile? How is it used? Why is it critical to the success of an organization’s risk management strategies and activities?

    An information risk profile is an evaluation or analysis of an organization’s risks, it’s prioritization of risks (low, medium, high), it’s willingness to takes those risks, and the threats a…[Read more]

  • M. Sarush Faruqi posted a new activity comment 1 week, 6 days ago

    Kevin,

    You make some valid points in your post. While FGDC safeguards would help maintain the validity of the data, ultimately people need to use it to perform some type of action. While I agree that data can be sensitive at times and safeguarding it might be the best option, there is a risk of efficiency being decreased assuming we are…[Read more]

  • Daniel,

    You make some very valid points in your argument. I agree with you on the notion that preventive controls are the most important of the three as they reduce the risk of a breach from occurring at all. As you said, the financial and reputable damages a company would potentially have to go through can set them back significantly. Once a…[Read more]

  • M. Sarush Faruqi posted a new activity comment 2 weeks ago

    Although this article is from last month, it is an interesting read from a data perspective. I found an article about Uber’s plan to invest in customized mapping initiatives. Although Vice President of Uber, Brian Mcclendon won’t give specific amounts in terms of investment, there are reports that it could be about US$5o0 million. The idea behind…[Read more]

  • M. Sarush Faruqi posted a new activity comment 2 weeks ago

    Sean and David,

    I think both of you bring up very valid points in your assessments. I agree that ‘Integrity’ and ‘Availability’ are the two security objectives at risk here. In terms of David’s points regarding ‘guidelines for guidelines’, it seems like there is a lot trust being put into the organizations who originate the data. The assumption…[Read more]

  • M. Sarush Faruqi posted a new activity comment 2 weeks ago

    Anthony,

    I think you made several good points in your post. I agree with your assessment on the notion that some people will either incur some type of loss if the data is disseminated while other people will gain something by having access to the data. As Amanda stated in her comment, the classification of risk when it comes to data is a…[Read more]

  • M. Sarush Faruqi posted a new activity comment 2 weeks, 1 day ago

    What are the 3 types of risk mitigating controls? Which is the most important? Why is it the most important?

    The 3 types of risk mitigating controls are:

    Preventive Controls: Actions or steps taken BEFORE to help mitigate or lessen the risk of an exploitation or error of some type from occurring
    Example of preventive controls would…[Read more]

  • M. Sarush Faruqi posted a new activity comment 2 weeks, 6 days ago

    As cybersecurity continues to be a hot topic in the realms of the business environment, I found an article which highlights how the ‘hidden costs’ of a cyber attack can amount to 90 percent of the total business impact to an organization. The article talks about 14 business impacts categorized as either ‘above the surface’ which are well known…[Read more]

  • M. Sarush Faruqi posted a new activity comment 2 weeks, 6 days ago

    Great points Jaspreet. To add to your analysis, I will say that information security is also the responsibility of the employees who use IT systems extensively on a daily basis. Many times, we think of the business as management and IT as the technical guys. While both sides utilize IT systems, it is the employees who take risks when it comes to…[Read more]

  • M. Sarush Faruqi posted a new activity comment 2 weeks, 6 days ago

    Brock,

    Great point on the acceptance of risk. USB is an essential part of every college student’s life. While options such as the cloud are available, USB is a physical mode of transportation of files which many students prefer. As you said, we are a risk to each other since so many files are passed around at Temple from people of all…[Read more]

  • M. Sarush Faruqi posted a new activity comment 2 weeks, 6 days ago

    I agree with the both of you. In terms of information security being a business problem, I agree that the business decides what level of security they are willing to invest in to make sure their systems are secure. It is up to IT on how to implement information security within the organization. I think the one thing to consider here is that…[Read more]

  • M. Sarush Faruqi posted a new activity comment 3 weeks, 1 day ago

    Is information security a technical problem, a business problem that the entire organization must frame and solve, or both? Explain the nature of the problem in the context(s) you chose.

    In my point of view, information technology is a technical and business problem. In the past, information security was given very little planning, priority,…[Read more]

  • Load More
Skip to toolbar