Mansi Paun

I agree with you completely, Deepali. In addition, the people responsible for general IT controls for an ERP system should know how the system works so that they are aware of the data on the system, it’s criticality and how their work can affect the outcome and availability of the information in the ERP system.

1 Having seen the P2P and O2C processes and their areas susceptible to failure and risks, it is evident that the success of the ERP system greatly depends on users performing different tasks throughout the process. It is possible that non-financial personnel involved with the ERP systems post to accounting records which could be incorrect for a…[Read more]

Loved the detailed explanation, Binu. In addition to the causes you mentioned, EMP could also be caused by geo-magnetic storms. To elaborate further on why Electro Magnetic Pulses are a physical threat,
I’d like to explain the Compton Effect, which is an intense release of electromagnetic energy that causes photons to knock loose electrons in…[Read more]

For an organization having to choose between Denver- Colorado, Miami – Florida, Redlands – California and Tulsa Oklahoma, from a physical security perspective, In my view, the best place to have the data center set up would be at Denver, Colorado. The pros and cons for each of the places are as below :

Miami, Florida – is located in the Hur…[Read more]

Yulun, won’t updating the shipping address as your secret address lead up to you/your company? The address won’t remain secret anymore and you fear getting caught if the original end customer calls customer service to inquire about the order. The company would find out that shipping address has deliberately been falsified. It won’t be long before…[Read more]

You make a good point about being a “fictitious” and fraudulent customer as it is a very real-world situation. Personally, I feel that if the order is not accepted upon delivery, and is sent back to the company, the loss due to effort spent in delivering etc. might be a very small amount. However, I do agree that COD orders can be used in causing…[Read more]

Good thinking, Said – knowing what entity is of value to one self and the company, would make it easier to decide which system and phase of the process should be attacked. If you’re after money or , it would make sense to go with stealing the payment info than going for plain customer info. You made a great point about changing the goods shipped…[Read more]

I second you, Sean. I too am of the opinion that the Finance team should manage collections and not the Sales team.

Apart from the points you mentioned, I’d like to add that the each minute of the sales team’s time should count towards generating sales. Sales team should, in no way, be spending time and effort in chasing customers for…[Read more]

Assuming I’m an outside organization with the goal to cause negative impact to a company’s Order to cash process, below are the ways in which I can cause harm to the sub-processes. The thought process for causing negative impact to each of the sub-processes in the O2C process is as below :

1. Quotation/order entry
=Stealing customer master…[Read more]

Absolutely Andres, while writing the News post, I was thinking the exact same thing. In this week itself, if you see, we have a number of articles that point to Russia’s superior cyber-security capabilities. And these are just the instances that have come to light – can you imagine the number of incidents that would have gone undetected or unreported?

Great answer, Wen Ting. I especially liked the mnemonics you shared. Would you say that a part of the Operating system could be considered as a presentation layer ? A core Network guy I know, seems to refuse to believe that the OS has anything to do with the OSI model.

Great post, Deepali ! You’ve covered all the advantages of VPN very well. Could you tell how VPN provides better bandwidth and efficiency of the network or are you referring to the bandwidth or efficiency being better generally of an organization’s intranet as I was of the opinion that VPN won’t really enhance the bandwidth.

Glad you brought that up, Yang Li. The protocols underlying VPN connections is IPsec or SSL. These protocols provide tamper detection. What this means is that you can’t alter the message without detection as SSL uses Message Authentication Codes. To understand more about how Message Authentication Codes work, you might want to take a look at-…[Read more]

Ian, you brought up a good point about the speeds over VPN being much slower than traditional internet. I agree partly to that view as the technology by itself is not designed such that speed achieved over VPN is slower than the parent connection however the different vpn clients that you use generally have a significant difference in the speeds…[Read more]

Well explained, Priya. I liked that you have mentioned the associated protocols for each layer. I’d like to add that the ARP (Address Resolution Protocol) is also one of the protocols which is used to translate IPv4 or internet layer addresses (OSI layer 3) into link layer or Ethernet MAC addresses (OSI layer 2).

Well put, Yulun. In addition to the point you made about insurance, I’d like to add that shipping costs also could be greater and a tad complicated. Doing business internationally would require working with multiple shipping companies and local vendors for door-to-door delivery as well. Shipping internationally would mean a longer duration to…[Read more]

I Agree, Wenting. Having random inventory checks and segregation of duties should greatly help in reducing fraudulent activities of the sort that Mr.Cash was carrying out. Regarding monitoring controls, however I believe they should be placed only where high worth parts are involved such as an engine or chassis even though these items are large…[Read more]

The OSI, or Open System Interconnection model is a conceptual networking model of how network systems are supposed to communicate to each other. The model breaks down different components of network communication into layers. The model consists of 7 layers :

1) Application layer : This is the layer that the user interacts through.…[Read more]

Q2 What are the advantages of VPN?
A2
A virtual private network, as the name suggests, is a private network that extends across a public network or internet. It enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. VPNs can usually increase privacy…[Read more]

That’s interesting, Sean. Thanks for the information on the Amazon case. I agree with your view that considerable thought should be put in before planning and implementing controls. Apart from the monetary aspect, standing in line for 30-40 mins a day for a check would have it’s share of problems. To tackle that problem, may be the company can…[Read more]