-
Joshua Tarlow posted a new activity comment 7 years, 11 months ago
Definitely agree with your examples, especially the software engineer. The engineer may have good intentions, but could still cause cause damage and other issues. As mentioned above, they may not understand how the software may impact controls that are outside of their purview. Or the software may simply contain errors, which can cause a myriad of…[Read more]
-
Joshua Tarlow posted a new activity comment 7 years, 11 months ago
1. What is segregation of duties and why is it a commonly used control? Give an example of two (e.g. IT) roles that should be segregated?
Segregation of duties is a type of internal control that restricts the amount of control any one person has over a specific operation/function to prevent fraud and errors It essentially breaks up tasks…[Read more]
-
Joshua Tarlow posted a new activity comment 7 years, 12 months ago
Dyn definitely was the victim of a DDoS attack, but were they also the victim of spear or spam phishing? No question that others were certainly victims because so many connected devices were infected and turned to bots. But Dyn simply suffered from an inundation of traffic from this botnet, which may only be indirectly related to the phishing.…[Read more]
-
Joshua Tarlow posted a new activity comment 7 years, 12 months ago
Question 3: In the contexts of being attacked by or unwittingly becoming a resource for distributed denial of service (DDoS), which is a bigger threat to an organization’s network and computer resources and why: Spam phishing or Spear phishing?
Spam phishing is a bigger threat to an organization becoming a resource for distributed denial of s…[Read more] -
Joshua Tarlow posted a new activity comment 7 years, 12 months ago
“Regulators to Toughen Cybersecurity Standards at Nation’s Biggest Banks”
The article discusses initial framework that US regulators recently unveiled to address cybersecurity at the nation’s biggest bank. The plan was developed by the Federal Reserve and Federal Deposit Insurance Corp (FDIC) and will target US and foreign banks that operate i…[Read more]
-
Joshua Tarlow posted a new activity comment 7 years, 12 months ago
Can’t say I’m surprised at all. I remember when I was deployed, I heard from some of those stations at Bagram that they had to use their SSN when doing laundry. Which involved taking it to a service on the base run by local or third party nationals. I didn’t experience that myself since we had a facility on our base and I could do it myself, but…[Read more]
-
Joshua Tarlow commented on the post, Weekly Question #9: Complete by November 16, on the site 8 years ago
I’m not sure I could remember one randomly generated password. As you noted 10 is impossible and most recommend not to use the same password more than once. Thought about using a password manager but haven’t gotten around to researching it yet. In my opinion, passwords are a terrible for these reasons. Makes sense why many tech companies are…[Read more]
-
Joshua Tarlow commented on the post, Week 8: Questions, on the site 8 years ago
Definitely AKO, and a huge hassle. I remember that I was one of the few that had access to the computers at our unit because the certifications took so long to get, and then you had to find the one person at brigade who could authorize access. Always seem to use a lot of effort on things of less importance and not those that really need it. Not…[Read more]
-
Joshua Tarlow commented on the post, Weekly Question #7: Complete by November 10, 2016, on the site 8 years ago
Definitely can relate to some of the systems I worked with while I was in the military. I remember when I was deployed there some computers that had login information taped onto them in plain site. Definitely not proper security protocol, but just assumed that someone had just given up or didn’t care.
-
Joshua Tarlow commented on the post, Weekly Question #7: Complete by November 10, 2016, on the site 8 years ago
Couldn’t agree with your comment more. Breaches due lead to reputation damage, but fraud and wrong doing by a company will inflict much more damage to a company than an external data breach. As noted above, Wells Fargo was impacted by their employees and clearly lacked proper controls. They will likely suffer far greater damage than had it been a…[Read more]
-
Joshua Tarlow posted a new activity comment 8 years ago
You’ve used various computer systems in your lifetime, carreer. System security is complex and often maligned as cumbersome, difficult, beurocratic, etc. Have you seen these problems in your experience? Explain
One example that comes to mind in the Veterans Administration. I am currently using the GI Bill to finish graduate school so I n…[Read more]
-
Joshua Tarlow posted a new activity comment 8 years ago
Reminds of the episode in the second season of Homeland where one of the characters is assassinated by hacking into his pacemaker. These types of examples seem closer and closer to reality every day.
-
Joshua Tarlow posted a new activity comment 8 years ago
They are definitely being public which can be good or bad depending on what their goal is. First, its possible that officials are split on the decision the articles are a reflection of that. Or, it may be a form of psychological operations. Might be trying to warn the Russian government without actually conducting an attack.
-
Joshua Tarlow posted a new activity comment 8 years ago
“Cashing Out: ATMs Try to Stop Wave of Cyberattacks”
The article discusses the sharp rise in ATM fraud in 2015 and the slow implementation of EMV debit cards. Most financial institutions focused on credit cards and are now only starting to upgrade existing debit cards. Traditional debit cards and vulnerable to an attack known as skimming at…[Read more]
-
Joshua Tarlow commented on the post, Week 7 Questions, on the site 8 years ago
Sub-contracting can be another important issue to consider when outsourcing. It would be important to know if and whom the contractor might hire. There may be some areas that are sensitive and would not be appropriate to outsource a second time, or the contractor may not be reliable. It would be important to research and find out any…[Read more]
-
Joshua Tarlow posted a new activity comment 8 years ago
What are the benefits and risks of out-sourcing?
Benefits
* Can save money
* Control expenses
* Access to capabilities not internally available
* Focus on core operations
* Use IT resources on closer to business functions
* Access to first rate software/capabilities
* Share riskRisks
* Loss of business/institutional…[Read more]
-
Joshua Tarlow posted a new activity comment 8 years ago
1. Are the terms Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP) synonyms or are they different? If they are different, what are the differences?
Although there is some overlap between the two, they are different and not synonyms. A disaster recovery plan is essentially a subset of a business continuity plan. A business…[Read more]
-
Joshua Tarlow commented on the post, Week 7 Questions, on the site 8 years ago
Absolutely, not understanding accounting terms can prevent an employee from properly using the SAP system. As noted above, our homework cannot be completed without a basic understanding of accounting. For a full time employee using SAP, it is all the more important.
-
Joshua Tarlow commented on the post, Week 7 Questions, on the site 8 years ago
Definitely agree that currency and time zones are important areas to implement controls. Without proper controls for currency, the wrong amount can be linked to the wrong countries currency, which would corrupt the data and accounting/financial applications. Can either increase or decrease the value depending on the currencies in question. Also,…[Read more]
-
Joshua Tarlow commented on the post, Week 7 Questions, on the site 8 years ago
Definitely agree. That basic knowledge not only helps them deliver relevant information, but also to know management is looking for without being given specific items each time. It can allow IT workers to be more efficient and proactive, and not only reactive to senior management.
- Load More