Binu Anna Eapen

1. Assume you’re an outside organization with goal to cause negative things to happen to an organization’s Order to Cash (OTC) process. Where would you attack it? Explain Why and How?

If I was an outsider and was to attack the order to cash process of an organization I would attack the payment process.
Today the payment options are mor…[Read more]

Yes Ming. It will not tell us if a part was stolen or missed when it is a small number. But by checking the inventory we can know the trend. That is if it is happening regularly, what parts are missing and who was responsible or present at the time when the parts were missing.

Nice way of defining the advantages in terms of CIA concept.

Transport layer: Segments
Network Layer: Packets
Data Link Layer: Frames
Physical Layers: Bits

Ian, rightly said that employees need to have right understanding about the VPN.

One member firm that I worked with used Global protect as VPN for first level of authentication and then needed to connect to remote access using EMUE code which was pretty complicated for most of the non tech savy users because EMUE was to be generated on their…[Read more]

Abhay, As far as I understand transport layer deals with segment and does not determine the size of packet. The packet headers and footers are added in Network layer. Transport layer deals with secure/unsecure transmission.

Yes, rightly said Abhay. The transport layer has the error detection and correction capabilities.

Also the speed related to VPN depends on the network provider the employee is using. VPN is suggested to be used when the office network is not available like if the user is working from home or onsite.

For users working remotely needs to be connected to VPN to update the patches or updates that are pending.

To add to that as VPN hides the location details of the person accessing the network, it is easily used to access the sites which are banned by the government posing as a user from a different country.

The second control you mentioned here helps us in detecting if a fraud happened. It does not really prevent it from happening. If you find that there were only 99 parts and 1 was missing, how will this control to check or stop this from happening.

Yes I agree with Yulun. This type of control will not work in this case as it will create animosity between people and thus creating a very hostile environment. What if a person complains about another person but upon finding out it was found that this person was really not responsible for the theft. This would mean a loss of reputation and lack…[Read more]

Brazilian Hackers are using RDP to spread Xpan Ransomware:

Brazilian cybercriminals are using ransomware as a new means to attack local companies and hospitals. Xpan is a ransomware developed by the organized gang that uses targeted attacks via Remote Desktop Protocol(RDP) to infect systems.
This ransomware checks the systems default…[Read more]

Well said. In the second control, I guess it is better to have at least 50$ in possession rather than having a total 100$ loss. And the chances of it happening also are rare. So can this not be ignored? I mean would you want to increase it to 100$ which might be too costly for most customers.

I agree with you that international shipping is exposed to more risks than domestic shipping because more than one vendor can be involved here. And also it will be time consuming to track the lost packages. The chances of theft is also more. It also involves various costs like international shipping costs, And might have import/export custom…[Read more]

What are the advantages of VPN?
VPN (virtual private network) creates secure connection to another network over the internet. It keeps the connection private, encrypted and anonymous.
1. VPN provides internet anonymity for all the users connected to it by encrypting the data from the computers or other mobile devices before connecting to the…[Read more]

What is OSI model? What’s the main function of each OSI layer?
The Open System Interconnection(OSI) reference model created by International Organization for Standardization(ISO) describes how a data is transmitted across the network. It defines how the network processes function, what the components are in the network and also how the data is t…[Read more]

I agree. One place I worked they gave mobile phone to their employees and the asset management was responsible for issuing and taking back the returned phone once the user left or once they were due for an upgrade. The returned phones were not really tracked or counted as management assumed that it didn’t cost the much to the firm. One of the…[Read more]

2. Assume the ‘One Piece at a Time’ video scenario could happen. If you are the operations manager responsible for the assembly line, what 1-2 key controls would you implement? Explain how the control addresses the risk.’

Firstly I would have a control that would have all parts properly accounted for and the inventories are maintained wel…[Read more]

1. Using the Fraud Triangle analyze the ‘One Piece at a Time’ video scenario and explain how the environment was favorable to Fraud.

Ans: Fraud Triangle also know as Cressey’s hypothesis explains the factors that result in someone committing occupational frauds as pressure, perceived opportunity and rationalization Intersect.

Johnny was w…[Read more]

I like your point about risking the organization’s data. Not only does exposing the OS to vulnerabilities effect the user’s data but also keeps the data of the organization (confidential/ client related/ business) in the hotspot.