Abhay V Kshirsagar

Wenlin,

Good job categorizing the layers further. And you are right about the reliability provided by the Data Link layer. I think it is important to have an extra layer of assurance that the data is transmitted correctly, in the right order and according to the protocol requirements. If there is an error in any of the other layers, Data Link…[Read more]

What is OSI model? What’s the main function of each OSI layer?

OSI models can be used not just to understand how computer networks work but also how two computers communicate with each other. OSI model explains from user experience to all the way down to the electrical signals travelling in wires, and it does this in form of different l…[Read more]

NEWS: “Leaked NSA Hacking Tools Were ‘Mistakenly’ Left By An Agent On A Remote Server”

The Shadow Brokers, a hacking group published leaked data including hacking tools that were made to inject malware into various servers and also leaked “best files” of some sophisticated “cyber weapons” and put them on sale for 1 million bitcoins. The Shadow…[Read more]

Work Cited

https://www.cognizant.com/InsightsWhitepapers/Mobile-Banking-Security-Challenges-Solutions-codex898.pdf

Bose, Indranil, HDFC BANK: SECURING ONLINE BANKING

What are the issues of security that are unique to online banking in India?

I think Neil did a great job in explaining the issues pertaining to e-banking in India. Let me turn the focus a little bit towards the issues faced specifically by the mobile banking in India.

The chief information security officer, Salvi’s mandate was to ensure that…[Read more]

Yang,

I meant in the context of an user, a hardware will be useless if there is no medium to communicate with the machine. And that’s where the importance of OS and the UI comes into the picture.

Thanks!

Hi Yang,

From my experience, user account passwords have to be requested from the help-desk. And I think the group that performs user access management duties has to create/reset/delete user profiles.

Sean,

I think you raise a good point about how it is very important for organizations to have relationships with their key operating system and application vendors to facilitate release and distribution of product security patches on time.

Yu Ming,

I agree with your patch management point. Just to add on that, I think timing is important too. Especially, for the security updates, they should be done in a timely manner and must be made in a controlled and predictable way. If the patch application process is organized and controlled, the system may drift from the compliance with…[Read more]

Annamarie,

Great post! I was wondering if you have a password policy asking users to have upper * lower case characters, etc. As the passwords become more complex for the users, don’t you think it will increase the number of calls to the help desk for “I forgot my password” requests?

This was one of the challenges for the password policy…[Read more]

List common control issues associated with operating systems and remediation strategy/plan.
The security controls depend on the configuration of the system and the sensitivity of data that is processed in the system.
The control issues are:

> Improper user access permissions
Remedy: Creating different user groups to define user privileges…[Read more]

Binu,

I agree with your point of open ports. It essential to close those ports since unused services are usually left with default configurations that are using default passwords and can be exploited to distribute unwanted content.

Why is so important to protect operating systems?

Importance of operating systems:

The operating system is more important than the hardware. The OS not only manages a computer’s tasks but also optimizes the performance. When several tasks are running at the same time and trying to access the CPU, memory and storage, OS then organizes the…[Read more]

Deepali,

In addition to what you mentioned, I think ship-to-address and bill-to-address are also very important. I have had incidents in the past, when the item was shipped on to bill-to-address.

Mansi,

I strongly agree that understanding of life-cycle of a sales process is something a person responsible for O2C must know. In addition to the goals that you mentioned I think the person should also be focused on achieving wide goals by improving process to bring best possible business solutions for the company.

I meant fraud* and not theft.

Binu,

In between quotation and provision of goods processes, I think there lies a process of Credit Management, which is also vulnerable to theft. Credit Management is ensuring customer is credit worthy and credit can be extended to the customer. The credit approval process must be multilayered, so that no one personnel should be able to…[Read more]

As customers we experience various company’s order to cash process (OTC) whenever we buy something. Which company do you believe has a ‘great’ OTC process? Why?

The only company after Amazon that has a great OTC process that I can think of is Flip Kart, which is a direct competitor of Amazon in India.

The process is as follo…[Read more]

Thank you for providing the example. It does appear that preventive controls weren’t at place at that organization that led to waste of company resources.

Did you ever bring it up to the concerned personnel?