-
Blake D. Koen wrote a new post on the site MIS5208 Spring 2017 7 years, 9 months ago
I found this article on how confident businesses are with their data analytics. I expected that most respondents wouldn’t know what to do with their data. About half of the respondents in the survey thought their […]
-
Blake D. Koen posted a new activity comment 7 years, 9 months ago
I was wondering if someone would post about this. I find this to be pretty scary, but i’m not shocked.
I believe that the best thing to do for customers that are concerned about this would be to not connect your smart TV to the internet. The car thing scares me the most. If they were able to take over a car, as your post states, they could do…[Read more]
-
Blake D. Koen posted a new activity comment 7 years, 9 months ago
Dave,
The article didn’t go into much detail, but since this person was able to do all of this, I assume that there was no segregation of duties. If there was, as you stated, they wouldn’t be able to get away with doing this for that long.
-
Blake D. Koen posted a new activity comment 7 years, 9 months ago
Dave,
I agree that people have become numb to credit card fraud. You make a few phone calls, fill out some paperwork, and it’s done.I found this article about chip cards preventing fraud. The chip card has made it harder for thieves to use the cards in person, so if this was 1987, the chip would have been effective in eliminating fraud.…[Read more]
-
Blake D. Koen wrote a new post on the site MIS5208 Spring 2017 7 years, 9 months ago
Sonja McQuillar, who was the director of Health and Information Management at Northern Children’s Services, told a US district judge about her crimes. To carry out this fraud, McQuillar created fake invoices to […]
-
Blake D. Koen posted a new activity comment 7 years, 9 months ago
Dave,
Thanks for your comment, I too was surprised about the card readers. I don’t think that there is an automated control to mitigate that, but I would have increased outside security to look for people that may be trying to read the access cards. If someone looks out of place, security can remove them from the property or call the…[Read more]
-
Blake D. Koen wrote a new post on the site MIS5208 Spring 2017 7 years, 9 months ago
I chose to post this because I think it is important that everyone review their data security. This article illustrates how easy it was for the speaker to get into numerous systems. I was not shocked by […]
-
Blake D. Koen commented on the post, Happy Birthday SNL // the typists from the Carol Burnett show, on the site 7 years, 9 months ago
I agree that companies need to regularly back up their data. However, I think that for a lot of small companies, backing up everyday may be too costly or too time consuming. These companies should preform an impact analysis to determine which data needs to be backup daily, and what can be done at less frequent intervals. This should help ease the…[Read more]
-
Blake D. Koen commented on the post, Happy Birthday SNL // the typists from the Carol Burnett show, on the site 7 years, 9 months ago
Getting the right people looking at the data is important. If you don’t have the right people looking at the data, what is the point of doing all of the work? You need decision makers and people that have a clear understanding of what the data says to be looking at it, so that it can be your base for making an informed decision.
-
Blake D. Koen posted a new activity comment 7 years, 9 months ago
Khawlah,
This post reminds of the Ed Gelbstein article, Perspectives From a Seasoned Practitioner, that we read for IT Audit Process (The article can be found at https://www.isaca.org/Journal/archives/2015/Volume-1/Pages/Perspectives-From-a-Seasoned-Practitioner.aspx.) He said that auditor should be:
• A…..Analytical
• U..…[Read more] -
Blake D. Koen commented on the post, Is Outsourcing The Key To Data Analytics Success?, on the site 7 years, 9 months ago
Dave,
You are correct that they would be a big score for hackers and data thieves. I assume that companies would not be outsourcing anything that involves customer financial or health records. I think that they would be outsourcing things like their customer rewards program data, or similar data. That would be an issue if it got out, but not…[Read more]
-
Blake D. Koen wrote a new post on the site MIS5208 Spring 2017 7 years, 9 months ago
Big data is a problem for organizations, more specifically, how they should handle it. The article states that in the beginning, the tools to analyze it were not adequate. Eventually the blame was shifted […]
-
I don’t think anybody is surprised that there is a growing trend of data analytics being outsourced. Like many other functions, especially IT related, before this there are a number of reasons why to outsource; cut costs, focus on core competencies, lack of resources, etc.. I think many businesses are quick to consider outsourcing aspects of its business that it isn’t very knowledgeable in, and that includes a lot of IT functions for most businesses. Since “big data” is still in a stage of its life cycle that leaves a lot to still be learned it is probably a good business decision for most to make to outsource that facet of IT to those who are on the leading edge of honing the skills necessary to extract value from that technological capability.
Your concerns are legitimate concerning data, and more accurately the confidentiality of the data. You mentioned vetting potential service providers, and there are other steps a business can take to protect its assets and mitigate the risks associated with outsourcing its data. A properly done risk assessment can determine what data to outsource and which data to keep in-house. Legal personnel can ensure adequate indemnity clauses are in service contracts to ensure the business is compensated appropriately in the event of any losses from data confidentiality. Those personnel can also ensure the clauses needed to protect the confidentiality of data are included in the service contracts, as well as right to audit clauses to ensure proper controls and policies to ensure that confidentiality is maintained appropriately. Like other instances of outsourcing there are steps a business should take to ensure proper risk assessment and mitigation techniques before moving forward with the decision to do so or not.
-
Blake: this article is right in line with one I posted last week, and I couldn’t agree more. Sean makes a great point, and I originally agreed, but after I thought about it further, I started wondering: these “data companies,” wouldn’t they be the equivalent to buried treasure vs a bank robbery for criminals? What I mean is, imagine that one of these companies handles this data extracting / reading service for 200 companies (I’ll figure conservatively), how much of “score” would that be if a criminal were to breach that data company? They would have access to all 200 companies’ sensitive data. So instead of breaching one company for its data (robbing the bank), they can breach one company for 200 companies’ data (buried treasure). In this case, I would say that the risk may very well out-weigh the reward. I know there are controls to help mitigate the risk (i.e. strong agreements, insurance, etc.), but how are these companies not more often the target of attacks?
-
Dave,
You are correct that they would be a big score for hackers and data thieves. I assume that companies would not be outsourcing anything that involves customer financial or health records. I think that they would be outsourcing things like their customer rewards program data, or similar data. That would be an issue if it got out, but not nearly as big as financial or health records. I agree with Shahla said below, they should not be outsourcing critical data.
-
-
Blake,
Very Interesting topic, and as Sean mentioned to a good point that the trend of data analytics that being outsourced is growing.
I believe If the data is critical to the company’s business survival, it should be kept in-house. Other analytics can be outsourced.I found a related example about your topic online:
Example is related to a start up company that plans to consolidate all the most interesting news around the word into a newspaper. Data would be scraped from news sources and social media as the company’s ” product”. This data need to be analyzed in a timely manner ( or real time) to create the news publication. This function is critical for business so it should be kept in-house..
Such essential data must be close by, accessible and secure.
The background IT that supports the website could be stored and analyzed in the cloud by an outsourced provider.
http://www.futureofbusinessandtech.com/business-solutions/big-data-analytics-outsourcing-vs-in-house
-
Hey Blake,
This was a good article that you posted about. As others have stated, I would be a little wary giving up data to a third party but I guess it depends on what information and what organization I belong too. For example, if metadata pertaining to the actions of a web user needed to be analyzed for marketing purposes then I suppose I would be fine with having a third part analyze the data and offer a recommendation. However, I would not be comfortable providing a third party data pertaining to employees’ salaries or compensation packages to analyze. As Sean has pointed out, a risk assessment is necessary to identify if the data should be provided to a third party or not. If it is appropriate, then the company should take all the necessary precautions, i.e. an SLA, to make sure that the data is not inappropriately used or accessed by unauthorized personnel.
-
-
Blake D. Koen posted a new activity comment 7 years, 9 months ago
I too think that the well connected is a bad type of auditor. Initially I thought that it may not be that bad, but when I thought more about it, I changed my mind. How could someone be independent when they may have been given the job as a favor to an executive? I think that would be very hard, especially if they don’t have previous audit…[Read more]
-
Blake D. Koen posted a new activity comment 7 years, 9 months ago
Sean,
I agree that you could make the argument the other way. I was thinking that when they are considering a new system or app, they would have the knowledge of the product being considered. I believe that if you don’t have a good handle on the impact, you may not have a business to worry about for much longer. That is why I have rated the…[Read more]
-
Blake D. Koen posted a new activity comment 7 years, 9 months ago
One of the best ways that millennials will impact the audit and assurance profession is with their knowledge of IT. Younger generations have an advantage that older generations did not have- they grew up with technology. They have seen technology change rapidly from when they were young to where they are now. When new programs, apps or platforms…[Read more]
-
Blake D. Koen commented on the post, Creating a strong password leads less fraud, on the site 7 years, 9 months ago
What I find amazing about this is that even though we all know that not creating strong passwords is a huge risk, everyone continues to use weak practices. People seem to use the same email and password for everything, including their bank and social media accounts. Once someone gets the email/ password combination, they can easily try it out at…[Read more]
-
Blake D. Koen wrote a new post on the site MIS5208 Spring 2017 7 years, 9 months ago
While I was reading this article, all I could think about was how this could lead to an opportunity for giant mistakes to be made. At one point, the company had over 800 projects going on. How can anyone […]
-
Blake D. Koen posted a new activity comment 7 years, 10 months ago
Dave,
Great point on the fraud culture. Maybe people feel that since the charge shows up on the credit card listing a transaction and the cost, that they don’t need a receipt. A hotel charge could appear on the card, but that would not include any money that was spent at the hotel bar, and therefore employees may try to hide spending that is…[Read more]
-
Blake D. Koen posted a new activity comment 7 years, 10 months ago
Technology has advanced a lot over the years, and it is continuing to advanced. From the room sized computers of the 50’s to the cloud based options of today. IT professionals have to be up to date as technology changes. Newer technologies can help the business increase productivity, efficiency and ultimately the profits of the business. In a…[Read more]
-
Blake D. Koen commented on the post, Progress Report for Week Ending, September 22, on the site 7 years, 10 months ago
Said,
I like your suggestion about checking to see if something is legit, but in order for your suggestion to work, the CEO has to create an environment where employees feel comfortable calling them. Also, it not be feasible for a large company, as you need the CEO to focus on their job responsibility. I would recommend setting up a system…[Read more]
- Load More