-
Fangzhou Hou posted a new activity comment 7 years, 5 months ago
First 50 questions for Quiz 1: 68%
-
Fangzhou Hou wrote a new post on the site MIS5208 Spring 2017 7 years, 6 months ago
Mastercard announced on Thursday the launch of a biometric card that combines chip technology with fingerprints in order to allow consumers to easily authorize financial transactions and verify their identity when […]
-
Fangzhou Hou wrote a new post on the site MIS5208 Spring 2017 7 years, 6 months ago
Many organizations apply cyber threat intelligence (CTI) solely in limited ways that serve the functionality of its namesake — that is, they appropriate all CTI-related operations solely to cybersecurity and IT […]
-
Fangzhou Hou wrote a new post on the site MIS5208 Spring 2017 7 years, 6 months ago
Shadow IT and sanctioned cloud apps are gaining ground in the enterprise. At last count, employees at enterprise-class organizations were using 841 different apps on average, according to Blue Coat Elastica C […]
-
Fangzhou Hou wrote a new post on the site MIS5208 Spring 2017 7 years, 7 months ago
Sixty-one percent of organizations polled in a new survey responded that they’d been hit by a ransomware demand. But, perhaps more troubling was the finding that of those, a third paid the ransom demand. This was […]
-
Fangzhou Hou wrote a new post on the site MIS5208 Spring 2017 7 years, 7 months ago
AudioNet deployed a business intelligence solution that enables it to access data points and visualizations and gain insight into pattern trends in real time.
AudioNet is a National Provider Network that […]
-
Fangzhou Hou wrote a new post on the site MIS5208 Spring 2017 7 years, 7 months ago
A Nuix study of DEFCON pen testers shows that the usual security controls are of little use against a determined intruder. If the methods used by penetration testers to break into a network are any indication, a […]
-
Fangzhou Hou posted a new activity comment 7 years, 8 months ago
Dr. Ed Glebstein, Ph.D. lists and describes in his article “Is There Such a Thing as a Bad Auditor” a number of “Auditor Types” with the intent of helping readers recognize possible weaknesses in themselves.
Which one of these do you consider the worst type from the standpoint of the auditee? Why?
The auditee is the person or group respons…[Read more] -
Fangzhou Hou wrote a new post on the site MIS5208 Spring 2017 7 years, 8 months ago
APT28 is also tracked as Fancy Bear, Pawn Storm, Sofacy, Tsar Team, Strontium and Sednit. The threat actor has been linked to several high-profile attacks aimed at government and other types of organizations […]
-
APT28 is considered to be one of the most sophisticated and successful cyberespionage groups in the world and it frequently uses zero-day exploits—exploits for previously unknown vulnerabilities. The group has been blamed for many hacking operations around the world over the years, and its selection of targets has frequently reflected Russia’s geopolitical interests. Security researchers believe that the group is likely tied to the Russian Military Intelligence Service (GRU).
X-Agent variants for Windows, Linux, Android, and iOS have been found in the wild in the past, but researchers from Bitdefender have now come across what appears to be the first macOS version of the Trojan.It’s not entirely clear how the malware is being distributed because the Bitdefender researchers only obtained the malware sample, not the full attack chain. However, it’s possible a macOS malware downloader dubbed Komplex, found in September, might be involved.
-
-
Fangzhou Hou wrote a new post on the site MIS5208 Spring 2017 7 years, 8 months ago
Cybercrime was big business for fraudsters in 2016 with cybercriminals racking up an estimated £1 billion in damages to companies across the UK. But more than the ever increasing financial and reputational r […]
-
Last year I watched a segment on television, not sure if it was on the news or a nightly show, about ransomware and its prevalence in the healthcare industry. Various hospitals have been the targets of increased ransomware attacks in the past few years. The attackers are focusing their attacks on the hospitals’ records and data with the ransomware. When the attacks take place the hospitals contact the FBI and are often told their only course of action if they want their files decrypted is to pay the entity(s) responsible for the attack and hope they honor the agreement. Since the data and records are so critical to the ability of the hospitals to carry out their functions, the hospitals usually agree to pay the ransom to decrypt their information. Thus far the attackers have honored the exchange, but who knows if that will continue in future attacks; although it would be counter intuitive to not do so and hope future targets pay up as well. The segment closed with the concern that in the future attackers may take over life saving and sustaining hospital equipment hooked up to patients and potentially risk lives in exchange for ransom payments. It will be interesting to see the increase in cyber risk assessment and response due to the changing landscape of attacks and vulnerabilities in the industry.
-
-
Fangzhou Hou wrote a new post on the site MIS5208 Spring 2017 7 years, 8 months ago
Some of the latest cyber attacks seek to steal information using man-in-the-browser (MITB) attacks. These represent a dangerous trend because they circumvent even the strongest authentication techniques by […]
-
Fangzhou Hou posted a new activity comment 7 years, 10 months ago
I totally agree with you that the automatic controls can reduce the human error especially in some basic functions. On the other hand, the automatic controls usually cost less than human controls and also more available. However, since the automatic control do not involve human beings in controlling processes, therefore, it may skip some human…[Read more]
-
Fangzhou Hou posted a new activity comment 7 years, 10 months ago
3. A person’s character is very crucial in the audit industry. How would you build your reputation and maintain a good ethical character in this industry?
1. Earn Respect Before a Special Request. Life sometimes gets in the way of everything, including work. On occasion you may need to ask your boss for an extra privilege — but it’s best n…[Read more]
-
Fangzhou Hou posted a new activity comment 7 years, 10 months ago
2. In the Real World Control Failures, we’ve reviewed, describe the character of the leaders involved. Is it a root of the control failures?
Within the real world control failure case of the Heartland Payment System company, the company was lacking of monitoring controls, and the management did not consider the reports from the IT d…[Read more]
-
Fangzhou Hou posted a new activity comment 7 years, 10 months ago
1. How much of automated controls should be desired? Is it beneficial to consider controls at the initial design phase or controls are introduced as and when needs arise?
The automated controls can significantly improve the efficiency of the control, so it should involve in more basic controls to enhance the availability of a control. The…[Read more]
-
Fangzhou Hou wrote a new post on the site Auditing Controls in ERP Systems 7 years, 10 months ago
heartland-real-world-failure
-
Fangzhou Hou posted a new activity comment 7 years, 10 months ago
Exactly, I agree with you Jianhui that the easier version of SAP ERP system can enhance the efficiency in daily operation. More importantly, a friendly used ERP system not only offer the trained employees an easier way to deal the daily business processes, but for the entry level employees, this may help them take less time to learn how to use the…[Read more]
-
Fangzhou Hou posted a new activity comment 7 years, 10 months ago
3. When is the cost of implementing a compliance control higher than the benefit obtained? What should an organization do to ensure efficiency and profitability?
One of the most consistent problems organizations face in the procure-to-pay process is undetected financial leakage. Companies often fail to realize the efficiencies that can be…[Read more]
-
Fangzhou Hou posted a new activity comment 7 years, 10 months ago
2. The ERP systems market is very competitive. What should SAP and other ERP systems providers be focusing on to make their systems more competitive in the future?
I think the most attractive factor for the ERP users is whether it is friendly used, which means both entry level users and trained users can easily understand how to use the SAP…[Read more]
-
Fangzhou Hou posted a new activity comment 7 years, 10 months ago
1. SAP is a world class ERP system provider. If you are an SAP customer – what would you expect them to provide to support your company’s internal controls?
From the business concern, what I expect from the SAP ERP system apparently is to offer the assistant to improve the working efficiency and help the decision maker make a better dec…[Read more]
- Load More
Well explained, “Consumers are increasingly experiencing the convenience and security of biometrics,” said Ajay Bhalla, president, enterprise risk and security, MasterCard, in a supporting statement. “Whether unlocking a smartphone or shopping online, the fingerprint is helping to deliver additional convenience and security. It’s not something that can be taken or replicated and will help our cardholders get on with their lives knowing their payments are protected.”
MasterCard trials biometric bankcard with embedded fingerprint reader
Thanks for sharing!
On one hand, the fingerprint is helping to deliver additional convenience and security for us. However, on the flip side, one relatively large drawback for the convenience of the biometric card is that users are currently required to go to a bank branch in order to register and enroll their fingerprint. (Which is then converted into an encrypted digital template that is stored on the card.) Whereas bankcard users are normally mailed both their card and its PIN through the post so there’s no need to go to a branch to register before being able to use the card. We all know most people don’t really take actions to prevent the risk from happening until bad things occur to them. I am just curious to know how many people will actually participate to enroll their fingerprint.