-
Brou Marie Joelle Alexandra Adje commented on the post, Week 2 Questions, on the site 8 years, 1 month ago
Said, both parties are not responsible to develop actions plans. I mean the auditor do not work in collaboration with the customers in all three approaches. In fact, in the management-response approach, instead of developing a mutually agreed-upon solution, the auditors just say what they want and then allow the audit customers to say what they…[Read more]
-
Brou Marie Joelle Alexandra Adje posted a new activity comment 8 years, 1 month ago
Explain the key IT audit phases :
1) Planning: gather enough background information and determine the objectives and scope of the audit.
Audit manager share reasons for audit with the team, which can create preliminary survey and/or contact customer for more information. The audit team also does a risk assessment prior the audit and creates a…[Read more] -
Brou Marie Joelle Alexandra Adje posted a new activity comment 8 years, 1 month ago
Comparing ITIL and COBIT: list some key similarities and difference based on your understanding.
Similarities:
Both are used for it services
Both enable organizations to achieve their key objectives including insuring effective IT governance and controlsDifferences:
COBIT is an it governance model
ITIL is a service management…[Read more] -
Brou Marie Joelle Alexandra Adje posted a new activity comment 8 years, 1 month ago
the 3 types of risk mitigating controls are :
1- Preventive controls : they prevent a loss from occurring.
2-Detective controls : they monitor activities and identify issues. They can ameliorate preventive controls.
3-Corrective controls: they are used after a loss to restore the system to its original state.
In my opinion, the most…[Read more] -
Brou Marie Joelle Alexandra Adje commented on the post, Weekly Question #7: Complete by March 27, 2017, on the site 8 years, 1 month ago
I know in the company I worked for, we would put the checks in envelopes and put them in locked drawer if the man. We had cases when check disappear and it was a total hassle to explain it to customers who had to rewrite new checks. That definitely didn’t make the company look good.
-
Brou Marie Joelle Alexandra Adje commented on the post, Week 1 Questions, on the site 8 years, 1 month ago
I dont think that employees lack basic knowledge of IT, because if that was the case they would be working on a computer to begin with. I think it is more about negligence and lack of awareness about the important of information security.
-
Brou Marie Joelle Alexandra Adje commented on the post, Week 1 Questions, on the site 8 years, 1 month ago
Internet reliability is so dangerous. And I dont think there is a way to guarantee that it will always work. I’d think companies should have a “plan b” should the internet connection fail right?
-
Brou Marie Joelle Alexandra Adje commented on the post, Week 1 Questions, on the site 8 years, 1 month ago
What issues did you find out in the video?
This video shows employees’ lack of awareness about information security. For instance at the beginning, the girl, Rebecca mentioned that she doesn’t think they were at risk.
Additionally, there is the problem of physical security. A room that supposedly had important document/information was sup…[Read more] -
Brou Marie Joelle Alexandra Adje commented on the post, Week 1 Questions, on the site 8 years, 1 month ago
How does the control environment affect IT?
Control environment emphasizes on the security of an organization. Per definition it is the set of standards, processes, and structures that provide the basis for carrying out internal control across the organization. In other words, it sets the tone of an organization. Therefore, it “define” IT fun…[Read more] -
Brou Marie Joelle Alexandra Adje commented on the post, Week 1 Questions, on the site 8 years, 1 month ago
Indeed, without knowledge of technology I do not think auditors can be efficient in their job. Basic IT knowledge should even be mandatory because most organizations use technology for report, to share data, for benchmarking etc… For instance, if an auditor need a specific system in a company they need to be able to clearly convey their needs…[Read more]
-
Brou Marie Joelle Alexandra Adje posted a new activity comment 8 years, 1 month ago
What is the purpose of all auditors having some understanding of technology?
All auditors need to understand technology because it is the “center” of most organizations, nowadays. Rare are organizations that are not paperless. Businesses store data in computers and communicate using technology. Therefore, failing to have a basic knowledge of IT…[Read more]
-
Brou Marie Joelle Alexandra Adje posted a new activity comment 8 years, 1 month ago
What are some current system-related risks that you have experienced in your organization?
In the auto commercial insurance I used to work for, information security was crucial.
Dealers would send us daily a list of their drivers with their name, driver license number and social security number as well as their addresses to do process MVR…[Read more] -
Brou Marie Joelle Alexandra Adje posted a new activity comment 8 years, 1 month ago
The article I chose is about Dropbox and, the lessons learned from the data breach they suffered from, 4 years ago. For those of you who were not aware, in 2012, millions of stolen usernames and passwords were used to successfully access some Dropbox accounts that had crucial information on individuals and businesses.
Following that incident…[Read more]
-
Brou Marie Joelle Alexandra Adje posted a new activity comment 8 years, 1 month ago
Information security is not only a technical problem but also a business issue. It is true that for an organization to be very secure, some software and hardware may be needed to protect the assets of the company. However, as the book (VACCA) mentioned in chapter 1, thinking that information security is only a technical matter is a myth;…[Read more]
-
Brou Marie Joelle Alexandra Adje posted a new activity comment 8 years, 1 month ago
Yulun,
Indeed, gathering data is a crucial step because underwriters rely on this information to accurately price the account. I’m not sure I’m answering your question right but, should previous policy year data be lost, I believe, the insurance company would have to treat every business they had before as new business. However, I’d think that…[Read more]
-
Brou Marie Joelle Alexandra Adje commented on the post, Progress Report for Week Ending, March 22, on the site 8 years, 1 month ago
I absolutely agree with Mansi that SOX laws are in favor of bigger firm, which is very unfair. Small businesses shouldn’t be required a lot of internat control. The reason being that they have a simple organizational structure. In fact, they usually do not have as many business models and department as a big firms like Apple, for example, would…[Read more]
-
Brou Marie Joelle Alexandra Adje commented on the post, Progress Report for Week Ending, March 22, on the site 8 years, 1 month ago
True. I was only focusing on an organization specifically not the industry as a whole. Thanks for your comment.
-
Brou Marie Joelle Alexandra Adje commented on the post, Progress Report for Week Ending, March 22, on the site 8 years, 1 month ago
Reading Yu Ming’s example of Apple being compliant in the USA but not caring about the Foxconn labor commit-suicide rate in China, raised a good question : would you say that a profitability driven company can be unethical?
-
Brou Marie Joelle Alexandra Adje commented on the post, Progress Report for Week Ending, March 15, on the site 8 years, 1 month ago
Well explained Priya. Control environment is all about making an organization secure. I would add to this that control environment also relies on integrity, ethical values and also skills and employees competences. Another example of control mechanisms could be training session for employees. The control environment is other to be efficient should…[Read more]
-
Brou Marie Joelle Alexandra Adje posted a new activity comment 8 years, 1 month ago
Said made a good point here. Temple university system doesn’t seem to be well protected and i’m not sure not all students are aware of the importance of information security. I personally went couple of times to the computer lab and witnessed students watching movies on third party website, shopping or networking on social media. Logically , one…[Read more]
- Load More