-
Ian M. Johnson posted a new activity comment 7 years, 10 months ago
This is interesting. I know Apple has more of a process for getting apps “accepted” into their app store. I wonder if it is largely due to security reasons. Stories like this may cause Androids app approval process to become more of a process. Very interesting article.
-
Ian M. Johnson posted a new activity comment 7 years, 10 months ago
Right! I don’t know how they are saying that it is just accepted that government data is “fair game”. A couple years ago, I would have guessed that Government data would have been harder to steal that corporate company data. It doesn’t make sense that it is not because the government should have the best security, technology, infrastructure, ect.
-
Ian M. Johnson commented on the post, Week 3 Questions, on the site 7 years, 10 months ago
How about duplication of data? Or would that be included in data consistency? I think data duplication and other inaccurate data is a real problem within large data bases. It causes a waste of storage and it costs money to explore, investigate, and fix these data issues.
-
Ian M. Johnson posted a new activity comment 7 years, 10 months ago
According to PCMag, data independence is:
“techniques that allow data to be changed without affecting the applications that process it. There are two kinds of data independence. The first type is data independence for data, which is accomplished in a database management system (DBMS). It allows the database to be structurally changed without…[Read more]
-
Ian M. Johnson commented on the post, Week 3 Questions, on the site 7 years, 10 months ago
Capacity management could be a control the bottleneck issue. Cloud computing could help with the server limitations. I am sure that over the years the equipment has increased in efficiency and decreased in size which helps with some of the issues as well.
-
Ian M. Johnson posted a new activity comment 7 years, 10 months ago
What is an information risk profile? How is it used? Why is it critical to the success of an organization’s risk management strategies and activities?
In the article, “Key Elements of an Information Risk Profile”, Isaca defines an information risk profile as: “An information Risk Profile documents the types, amounts and priority of informa…[Read more]
-
Ian M. Johnson commented on the post, Week 3 Questions, on the site 7 years, 10 months ago
What I meant was: “data within a column must be accessible by specifying the table name, the column name, and the value of the primary key of the row. The DBMS must support missing and inapplicable information in a systematic way, distinct from regular values and independent of data type.”
-
Ian M. Johnson posted a new activity comment 7 years, 10 months ago
The article I read is about the rising tension between China and the US and what the cybersecurity front had to do with this. From the US’s perspective, China is the “leading suspect” in the largest breach of government-help personal data in US history, stealing 22 million people’ data from the US Office of Personal Management (OPM). The article…[Read more]
-
Ian M. Johnson posted a new activity comment 7 years, 10 months ago
List some risk associated with database management systems (DBMS)
• High development costs
• Long development projects
• Large and expensive physical infrastructure
• RDMS are known to resource inefficiency and ineffective distribution
• Facilitate poor performance “bottlenecks” for the user
• Each single server has limits and when those…[Read more] -
Ian M. Johnson posted a new activity comment 7 years, 10 months ago
What are key characters of relational database management systems?
• Data is displayed in tables, columns, and rows.
• Supports missing data in an organized and logical way.
• Supports at least one language
o Languages support data definition operations, data manipulation, constraints, and transaction management.
• Supports logical…[Read more] -
Ian M. Johnson posted a new activity comment 7 years, 10 months ago
I referred to this last week in the News section…
Very scary situation. The government has recently contacted the people affected and provided them a risk response to identity theft. It takes some effort and costs money for the individual! I am sure it costs money on both ends (meaning those affected and the US government).
I find…[Read more]
-
Ian M. Johnson posted a new activity comment 7 years, 10 months ago
Fred/Brou,
Yes, there are situations where it costs more to prevent than respond to the risk. However, yes, if your response is to just accept the risk, than it obviously doesn’t cost more. There are situations where it costs more to prevent and respond and vice versa…
My point is yes, it may cost more money to respond but if you can’t…[Read more]
-
Ian M. Johnson posted a new activity comment 7 years, 10 months ago
Are the actions that MedSec and the financial firm partnership took legal? I would assume not. Definitely a scary thought. I would be curious to know the amount of cyber attacks that are taken for financial gain. I would also assume that it would be a large number of the total attacks per year. I think with the ability to release things to…[Read more]
-
Ian M. Johnson posted a new activity comment 7 years, 10 months ago
That’s a great point. I would argue that there are cyber cases where competitors would absolute attack a competitor for information. Also, in some cases, the competitor happens to be an international entity. I have read about other foreign governments attempting to steal latest designs on US government equipment and assets. Great point and…[Read more]
-
Ian M. Johnson commented on the post, Weekly Question #8: Complete by November 2, 2017, on the site 7 years, 10 months ago
Part 3 doesn’t mention the customer. At what point are they involved with this step? Is part 3 more of a recommendation and then it is up to the customer to decide what is within their scope/budget to implement?
-
Ian M. Johnson posted a new activity comment 7 years, 10 months ago
Are there situations that you would use one over the other?
Would you agree that there are certain IT service mgmt. issues that would require ITIL over COBIT? Would it be a waste of resources/overkill to use both in these situations? I only ask bc I read that ITIL concentrates on and offers more detailed guidance when it comes to IT service mgmt.
-
Ian M. Johnson commented on the post, Weekly Question #8: Complete by November 2, 2017, on the site 7 years, 10 months ago
For solution development, I agree that the auditor works with the audited in most cases. Do you think that it is the audited or auditor’s responsibility to come up with a plan to fix the problems identified in the audit? Does it depend on each company’s unique situation? Or does it cost more for the auditor to come up with a plan? Does the…[Read more]
-
Ian M. Johnson commented on the post, Weekly Question #8: Complete by November 2, 2017, on the site 7 years, 10 months ago
Sean – I agree. I think that the control framework, In the most basic form, is an organizational tool. I think it helps both the company and the auditor from that perspective. In order for the company to completely adopt the framework, the company must completely understand to buy-in and hold its employees accountable.
-
Ian M. Johnson posted a new activity comment 7 years, 11 months ago
The article I read is about how President Barack Obama is set to sign the most substantial piece of cyber security legislation in years. You have heard the “information sharing” topic in the news often. This bill will solve the info sharing issue and is designed to give companies legal cover to share data about cyber attacks with each other and…[Read more]
-
Ian M. Johnson posted a new activity comment 7 years, 11 months ago
What are the 3 types of risk mitigating controls? Which is the most important? Why is it the most important?
The three types of risk mitigating controls are: preventative, detective, and corrective. All three play a significant role in ensuring that the company’s assets are properly secured and accounted for.
The most cost effective…[Read more]
- Load More