Haozhu Huang

This is a news called “FBI denies denies claims of Apple ID hack”. In this news, it talks about the hackers have stolen more than 1 million iPhones and iPads information and post more than 12 million IDs. And this claimed had been viewed 370,000times in less than 24 hours.
After I read this news, I have to think about how important about the inf…[Read more]

I agree with Mengxue, Information security is a technical and a business problem. Information security problem such as data breach will cost company not only just economic loss, but also the company reputation. You said Information hard to control and protect due to people can accesses it. It is very clearly to show company managers should pay…[Read more]

I agree with Mengxue, Information security is a techical and a business probelm. Information security problem such as dara breach will cost company not only just economic loss, but also the company reputation. You said Information hard to control and protect due to people can accesses it. It is very clearly to show company managers should pay more…[Read more]

Is information security a technical problem, a business problem that the entire organization must frame and solve, or both? Explain the nature of the problem in the context(s) you chose.

Information security is a business and a technical problem. Organization must solve the information security due to it will cause many internal problems, such…[Read more]

I agree with Shukla. Simply to say, the quantitative information security risk analysis is use mathematical and statistical way to figure out the potential risk of information of a business process. and the example is very clearly to show the risk and the loss. And I more think that this analysis is like a expect of loss, and the result will show…[Read more]

I agree with Binue that think about the information security is a ethical issue. In fact, employees following the company framewor is like government staff fllowing the country rules, And under a complete system, there has a lot of rules to limit the staffs in order to decline the sefaty of a company. Employees may disclosure of confidential…[Read more]

I agree with Shahle, In the company security link, there has a lot of ways to protect the informationa safety by computer programs and employees. Like Vacca said in Computer and Information Security Handbook “Security is not an IT problem, it is a business problem.” IT problem can sloved by computer, but business problem need to slove by money and…[Read more]

I agree with you. Actually, i`m noticed that manager`s attitude of this video. However, you are right about the the sort of attitude of the manager let the weak control environment. Company should pay more attention to the training of their employees including those managers.

I agree with you. For me, I more think a control environment is like to set up some rules to help company improve the ability of management. And a good framework will totally help every aspects of organization.

I agree with you. The video show us some basic situations about information security in a company. Those situation is not a very big thing but always happened in an organization. And it will cause some big issue in the future.

I agree with you, However, I`m not sure about the employees rarely scan anti-virus detection software and browse insecure websites due to I known some of the anti-virus detection software is unsafely, it will steal the information, I more think about that company can support the anti-virus detection software to their employees, which is more safety.

Q4 Week One You-Tube Video: What issues did you identify from this video?

The issues in this video is the company employees did not understand the importance of the company and their own security information and equipment. Some example is they leave to open the equipment room door, which everyone can take the stuff without any register. Another…[Read more]

Q3 What is the purpose of all auditors having some understanding of technology?

Auditor job is carefully to check everything about business. In other words, the purpose of an auditor in an organization is accuracy and minimum error rate. Nowadays, organizations use computer system, such as ERP, and internet to do business and control the…[Read more]

Q2 How does the control environment affect IT?

The environment control is achieved based on the organization`s policy, procedures and efficacy. Control environment is affect IT due it can establishment rules in an origination. Employees following the rule. As a result, Control environment will create a reliability IT processes and support a IT…[Read more]

Q1 What are some current system-related risks that you have experienced in your organization?

I don’t have too much working experience, but I still known some system-related risks such as the leakage of company information by employees use their own company or external internet. Also, thumb drives are unsafely due to its easy will bring virus t…[Read more]

I agree with you Walsh, Control environment is not hard to understand the definition. For me, i would like to think control environment is set the rule in an organization. And it connect to many aspects like Wenli Zhou and Annamarie Filippone mentioned before including business structure, corporate culture, values, operating style, human…[Read more]

this is question 4: In your own words, how would you define a control environment?

I agree with Kochhar about control environment.

Actually, after i ready your answer, I more think about what is the requirements of the control environment. Perhaps, if company need to control environment, CPA should pay more attention to the management under the supervision of integrity and ethical culture, and try to prevent or detect the…[Read more]

I agree with Zhou`s thought. SOX is not just a law, it protect those investors who unfamiliar with company that they want to invest large loans. SOX is like a bridge to connect with shareholders and investors.

I agree with your thought, I believe that compliance means conforming to a rule and profitability means company more attention to increase the revenue and decrease the cost. The interests rate example is a very good example to show that both profitability and compliance is not exclusive but support each other.