-
Abhay V Kshirsagar posted a new activity comment 8 years, 1 month ago
COBIT vs ITIL
COBIT is for IT GRC and Management, whereas ITIL is a framework for IT Service Delivery.
COBIT offers control objectives at a broad level guiding enterprises on the implementation, operation and improvement of their arrangements that are related to enterprise IT governance. ITIL framework should be seen as a way to manage the…[Read more]
-
Abhay V Kshirsagar posted a new activity comment 8 years, 1 month ago
Explain the key IT audit phases.
What are the key activities within each phase?Following are the stages of an Audit with their key activities:
1) Planning
– Determine what you plan to review
– Set up an audit team
– Determine objectives and scope of the audit
– Audit manager provides the audit team with key contacts for the…[Read more] -
Abhay V Kshirsagar posted a new activity comment 8 years, 1 month ago
“Can your device survive a USB power surge attack? 95% of all devices with USB ports can’t” usbkill.com.
The Hong Kong based company developed USB Kill 2.0 for the companies to test their systems against devastating USB power surge attacks that are capable of killing its host almost instantly. There are strict data security policies follow…[Read more]
-
Abhay V Kshirsagar posted a new activity comment 8 years, 1 month ago
Rightly pointed out, Amanda. I too believe that it all comes down to human behavior. Even though an organization implements the highest security standards, if the employees are ignorant and are putting passwords on sticky notes, then there is very little standards and policies can do.
In my internship experience, even a top level executive had…[Read more]
-
Abhay V Kshirsagar posted a new activity comment 8 years, 1 month ago
Yu Ming,
Yes, and in addition to training and workshops, I firmly believe that there has to be a mechanism in place that checks if they training is updated and in order to keep the employees updated, there should be half yearly or even quarterly security workshop setup by the IT team.
-
Abhay V Kshirsagar posted a new activity comment 8 years, 1 month ago
Haozhu,
I strongly agree with you. There is a need of managers to proactively include information security in their risk management plan and make sure it is aligned with the organization’s objectives.
-
Abhay V Kshirsagar posted a new activity comment 8 years, 1 month ago
Yulun,
Great post! It reminded me about an incident that happened in one of the dorms at the Temple University. As you know that students living in dorms have access to use “TURESNET,” which is Temple’s own network for its dorm students. One of the students had connected his Xbox or Playstation onto the network and he got into an argument with…[Read more]
-
Abhay V Kshirsagar posted a new activity comment 8 years, 1 month ago
Amanda,
This sound like a POS Malware that also affected Hutton Hotel on September 4th. After Kutton Hotel, Noble Hotel and now Kimpton, it looks like POS has gained popularity.
As I mentioned in my post, I believe that one of the reasons could also be that the risk associated for the attacker is low and rewards are more. Even back in 2014,…[Read more]
-
Abhay V Kshirsagar posted a new activity comment 8 years, 1 month ago
INCIDENT: It is required by all businesses that handle cardholder information to comply with PCI-DSS, which is Payment Card Industry Data Security Standard. Despite implementing PCI-DSS, Hutton Hotel’s payment processor notified a possible breach compromising their customer’s credit card information.
According to the breach notification,…[Read more]
-
Abhay V Kshirsagar posted a new activity comment 8 years, 1 month ago
Deepali,
The last risk of using unknown thumb drives occurred during my bachelors. It is so easy for an attacker to place a malicious flash drive on a table and possibility of someone picking it up and using it is more because who doesn’t like free storage? Issue is that the attackers are very smart and computer users are not sophisticated users.
-
Abhay V Kshirsagar commented on the post, Progress Report for Week Ending, March 22, on the site 8 years, 1 month ago
Thank you for clearing it out for us.
-
Abhay V Kshirsagar posted a new activity comment 8 years, 1 month ago
Binu,
That’s a good point that you have raised about understanding the technology in order to not get duped. I was thinking this in a different scenario where there is an insider threat, an employee, in an organization who is purposefully showing resistance to an auditor for gains. Thus, understanding of technology does help here as well.
-
Abhay V Kshirsagar posted a new activity comment 8 years, 1 month ago
Information security primarily being just a technical problem is indeed a myth. It all dials down to human behavior. The core security issue is that the computers were created without a thought to security and the computer users are unsophisticated but the people breaching security are very smart.
The role of IT from being in the basement as an…[Read more]
-
Abhay V Kshirsagar commented on the post, Progress Report for Week Ending, March 22, on the site 8 years, 1 month ago
Mansi,
I addition to the higher costs incurred by the smaller companies, I think it also demoralizes the risk taking attitude among the public companies in America. But having said that, I believe that since the repercussions related to Enron, Worldcom, etc. were significantly large and protecting the investors became a task of utmost…[Read more]
-
Abhay V Kshirsagar posted a new activity comment 8 years, 1 month ago
Paul,
You correctly said that executives need to set a “tone” in an organization. Since you have already got some internship experience as an IT Auditor, I was wondering if you ever experienced any resistance from any level management employee(s) for the newer control policies? If yes, how did you bring change in their attitudes?
-
Abhay V Kshirsagar posted a new activity comment 8 years, 1 month ago
Binu,
I was just wondering, was this laptop change a part of a control policy to make sure all the users always have
updated hardware? Because a vendor lease can always be extended. So, I was just wondering the reason behind this process unless there are any hardware issues with the machine. -
Abhay V Kshirsagar commented on the post, Progress Report for Week Ending, March 15, on the site 8 years, 1 month ago
Yu Ming,
Although, SOX has been found to improve market liquidity but for smaller public entities, there is a high cost of compliance associated that burdens them. It also demoralizes risk taking in the US’s public entities, which reduces the competitiveness in the market.
-
Abhay V Kshirsagar posted a new activity comment 8 years, 1 month ago
Annamarie,
My firm had the same issue that you raised in your post of the employees opening unsecured emails. That is how one of the employees in the Brazil branch had infected his machine with ransomware. Our solution was to implement strict rules onto the Outlook server and additionally implement an anti-spam software solution; it was…[Read more]
-
Abhay V Kshirsagar posted a new activity comment 8 years, 1 month ago
Week One You-Tube Video:
This video was an eye opener for employees who are not properly trained in basic information technology controls and are unaware of the consequences associated with mistakes that can expose an organization to numerable risks.
The firm shown in the video was exposed to machine theft (not locking the door of the…[Read more]
-
Abhay V Kshirsagar posted a new activity comment 8 years, 1 month ago
What is the purpose of all auditors having some understanding of technology?
I believe that understanding the purpose of the existence of a particular technology in an organization and its effects on different business processes that go through different business functions is important. This knowledge can then help auditors deploy appropriate…[Read more]
- Load More