-
Fangzhou Hou created the site Fangzhou Hou 8 years ago
-
Fangzhou Hou's profile was updated 8 years ago
-
Fangzhou Hou commented on the post, Week 3 Questions, on the site 8 years ago
Thanks for sharing the experience Yang Li. When I worked in the China Construction Bank, the customer service system was required update check once a week to make sure the system was the newest version. And just like what you mentioned, most of new employees would informed not to update the system.
-
Fangzhou Hou commented on the post, Week 3 Questions, on the site 8 years ago
Good point in creating the white list and black list. The white list is an effective method in mitigate the risk of attacking, and of cause, the black list can stop the harmful commands before they occur. So in this case, I think the white list and black list can be considered as preventive control.
-
Fangzhou Hou commented on the post, Week 3 Questions, on the site 8 years ago
Yes, I also think it’s important to mention the disadvantage of the DBMS. The cost-benefit analysis is a useful tool for the decision maker of an organization. Indeed, the relational databases can organize the structure of obtained data, however, just like what Said mentioned, the relational databases are usually costly. Therefore, the m…[Read more]
-
Fangzhou Hou commented on the post, Week 3 Questions, on the site 8 years ago
Question: List risks associated with database management systems (DBMS)
Indeed, the database management systems (DBMS) is an organized structure to store data. However, it also stores huge amounts of sensitive information like the employees’ personal identity information (PII), customers’ personal information, and other business data like…[Read more]
-
Fangzhou Hou posted a new activity comment 8 years ago
Question: Key benefits of relational databases vs traditional file system?
Different from traditional file system, the relational databases can collect and store related data with effective structure, which allows database users easier access and research the data. Moreover, following the development of information technology, the amount of…[Read more]
-
Fangzhou Hou posted a new activity comment 8 years ago
Question: What are key characters of relational database management systems?
– Tables: each table includes one or more data categories in columns.
– Row: each row includes a unique instance of data for the categories defined by the columns.
– View: a user of the database could obtain a view of the database that fitted the user’s nee…[Read more] -
Fangzhou Hou posted a new activity comment 8 years ago
Question: What is meant by the term “acceptable information system security risk”? Who within the organization determines what is the acceptable level of information system risk? How does an organization determine what is an acceptable level of risk?
Generally, the acceptable information system security risk includes two situations:
1…[Read more] -
Fangzhou Hou posted a new activity comment 8 years ago
News: “Data-Stealing Malicious Apps Found in Google Play Store.”
According to this article, people today usually underestimate the impact of malicious Apps on smart phone, which has potential risk to steal users’ personal information include some sensitive data like the passwords and credit card numbers. Researchers from Lookout’s Securit…[Read more]
-
Fangzhou Hou commented on the post, Week 3 Questions, on the site 8 years, 1 month ago
Good example of the “kickback scheme”. I agree with what you said that the start of the procurement process is the most vulnerable. Indeed, if the employee has relationship with a vendor, he or she might get benefit from it and has potential risk in damaging the interest of the company. However, I was thinking that the decision maker in a com…[Read more]
-
Fangzhou Hou commented on the post, Week 3 Questions, on the site 8 years, 1 month ago
Itotally agree with your opinion Sean. Assertions are very important to creditors and investors in the business. I think a clear and accurate management assertion can really help creditors and investors better understand the industry in real. Moreover, I believe that the assertions are also important to the auditors. For example, if the m…[Read more]
-
Fangzhou Hou posted a new activity comment 8 years, 1 month ago
Question: The concept of ‘Assertions’ is important to accountants. Who else is it important to? Why?
Indeed, the concept of Assertions is important to accountants, but it also important to auditors and Investors. From auditors’ perspective, when they audit the financial statements of a company, it’s important to find out what managemen…[Read more]
-
Fangzhou Hou posted a new activity comment 8 years, 1 month ago
Indeed, identity theft is a serious problem. The article mentioned the bank allowed the employees to access customer’s personal information, which is a potential risk to cause data leak. Actually, my best friend lost over 6K USD couple months ago because someone steal his personal information and use his credit card purchase in different w…[Read more]
-
Fangzhou Hou posted a new activity comment 8 years, 1 month ago
Paul,
I agree with your opinion that which type of control is important really depends on the specific situation. Generally, the preventive control can stop loss before risks actually occurred, however, the preventive control related devices are usually costly. As for a main public corporation with millions of information assets, the preventive…[Read more]
-
Fangzhou Hou posted a new activity comment 8 years, 1 month ago
Alexandra,
Good example about a store manager install security cameras. I do agree with your opinion that the preventive control is most important. However, when management make a decision of controlling, the cost also should be considered. For example, the firewall and other security devices for core servers maybe costly, only use preventive…[Read more]
-
Fangzhou Hou posted a new activity comment 8 years, 1 month ago
“The Ransomware Dilemma: Is Paying Up a Good Idea?”
With the booming development in smart phone industry, personal smart phone is becoming a new approach for attackers to earn money through the ransomware. Different from PC users, smart phone users usually underestimate the importance of protecting themselves from ransomware, some of them don…[Read more]
-
Fangzhou Hou commented on the post, Week 2 Questions, on the site 8 years, 1 month ago
I agree with your point that control framework can minimize the risks and add business value to an organization by establishing effective practices and procedures. According to the expanded COSO cube, objective setting and event identification are effective in enterprise risk management. By setting proper objectives, the entity’s mission can be s…[Read more]
-
Fangzhou Hou commented on the post, Week 2 Questions, on the site 8 years, 1 month ago
Yes Magaly, I agree with what you said about monitoring. Indeed, monitoring can enhance the effectiveness of internal controls and mitigate the possibility of risks occur and damage the organization’s assets. But on the other hand, monitoring sometimes are costly and time concerning. Therefore, in my opinion, the management needs to balance the e…[Read more]
-
Fangzhou Hou commented on the post, Week 2 Questions, on the site 8 years, 1 month ago
Hi, Yu Ming, thanks for bring it back about what IT auditors should report, and they are not suppose to answering how to achieve the objectives. Professor Yao also mentioned why IT auditors should not take the responsibility for answering how, it’s because if the suggestions from IT auditors failed or even make it worse, the auditors may lose t…[Read more]
- Load More