Liang Yao

There are different data leakage prevention related controls a company can implement. More to discussion in information security session.

That’t exactly the reason why we need OS….

And don’t forget the resilience piece…very important. In addition, how about physical access to the computers, whether servers or desktops?

can patch remediate the risk caused by “zero day” attack?

Sean – how about this recent news from CBS:

“US military uses 8-inch floppy disks to coordinate nuclear force operations”

Your thoughts?

That’s why it’s imperative to develop a disaster recovery plan. We will cover DR and how to audit DR plan soon.

Sean, indeed, one of the very important tasks for IT auditors is to verify technology policies are adherences. In this case, what do you think a firm should do in addition to develop a malware related IT policy? Let’s discuss during the class. Thx.

What cause the “blue scree of death”?

A lot good points, just one correction, OS is a software, facilitate the communication between applications and computer hardware components. Itself doesn’t include hardware part.

This follow up question is for ALL of you: In your opinion, which OS is easier to protect, a Mainframe computer or Distributed computer environment (e.g windows and Unix/Linux) and why?

Correct, one area IT auditor should always review is the IT team’s education, experience and training program.

Prepare to discuss controls should be in place to mitigate those risks…

What’s another important reason to maintaining currency of a database system?

Deepali – Thanks for bring in the real life example. However, the sample you brought up is rather from human aspect not a data corruption issue. We can discuss during the class.

Good point. We will discuss data recovery strategy in a few weeks.

Actually RDMS is a type of DBMS. It’s based on relationship among tables.

Data duplication can be reduced via a process called Normalization. We will discuss during the class.

You brought up several important subjects here: authentication vs. authorization; protecting data at rest, data in use and data in transition. Those are things concern IT auditors. We will discuss on Wednesday.

Database Administrator (DBA) and database developer are two different roles and we will discuss during the class.

RDMS has built in mechanism to handle concurrent access; it also has the security feature to assign different types of access; usually a database consists a lot of objects, including a lot of tables, access can be granted to those objects.