Mansi Paun

Good thinking Binu, I too was of the opinion of putting in monitoring controls through the plant and introducing start of the shift and end of shift inventory checks. Apart from these I can think of having metal detectors or scanners(like the ones at Airport security checks) being used to have the personnel scanned during entry into and exit from…[Read more]

A 1 The Fraud triangle is a model for explaining the factors that result in one committing occupational fraud. It consists of 3 components – Pressure, Opportunity and Rationalization.
In the ‘One piece at a time” video, Johnny Cash goes on to say how he started to work as an Assembly line worker, installing wheels at General Motors in Detro…[Read more]

IoT devices being increasingly used for DDoS attacks

IoT attacks have long been predicted, with plenty of speculation about possible hijacking of home automation and home security devices. Today, attackers tend to be less interested in the victim and the majority wish to hijack a device to add it to a botnet, most of which are used to perform…[Read more]

Q 2 List common control issues associated with operating systems and remediation strategy/plan.
=> Some of the common control issues associated with perating systems and their remediation strategy are listed below:
• User access to shared files and network drives – this could mean giving maximum rights to a user which could lead to una…[Read more]

Very insightful answer, Sean. The point you made about unnecessary services/ protocols running is a very good one as it’s very easy that these go unnoticed. Other option is to use the system configuration utility to get an idea of what unfamiliar or suspicious programs are installed and then take the necessary action to safeguard the system. In…[Read more]

True Magaly, apart from the counter points you stated, using a computer without an OS would make it almost impossible for a large number of users who might not have the specialized skills required to work on that system. The way OSs have built in usability in today’s age, even people who do not have basic education are able to easily work on a…[Read more]

You’re right Binu, that’s the case when we’re talking about the OS on a desktop or laptop thought not for the Server OS. Server OS, even if we donot incur license cost again, the downtime and the rebuild activity will add a sizeable cost over a large server estate. Imagine a remote server OS which isn’t protected and which keeps crashing.…[Read more]

1 Why is it so important to protect operating systems?
The importance of protecting OS can be understood by understanding the impact on an OS that is not protected :
• Potentially allowing unauthorized access – could lead to a compromised system and information integrity due to unauthorized access
• Administrator authority is given to too man…[Read more]

Security challenges in online banking are :

• to have a trustworthy IT system that is not cumbersome to use for a customer –
Banking systems need to be able to strike a balance between being safe and convenient.
• to have the system robust enough to handle the different types of cyber attacks such as phishing, malware, pharming
• to have…[Read more]

Great insight, Binu and well explained. I’d like to point out that apart from the reasons you shared, it makes sense to protect the Operating systems to avoid financial losses as well. Any company’s primary and long term objectives are to make greater profit and lower costs and minimal losses which would eventually translate to higher earnings…[Read more]

You’re partially right when you say that we can’t do nothing about human errors. Since human errors are mostly unintentional, it would be difficult to put a check at every step where human involvement is needed. Also, it might not be feasible to put a person at every step to verify and re-verify the order with the customer as it would probably…[Read more]

I have a slightly different view on which of the sub-processes are more vulnerable to fraud, theft or failure. To me, it seems that the order entry step is prone to more human errors – the customer or the representative can make mistakes in entering the customer data aswell as quantities and the order specification. The payment process is…[Read more]

You’re absolutely right, Sean. It’s hard to limit the competencies to just two as there are other aspects of the role which are equally important. Having a risk awareness mentality is key to the role to spot pitfalls and plan mitigation strategy therefore someone with Accounting and S&D experience would be a great fit as they would already know…[Read more]

Per my understanding, the VPs of Sales & Services, Finance and Production in conjunction with the CTO should be incharge of the Order to Cash process. The entire order to cash process requires personnel involvement of the departments headed by these VPs along with the Specialists that help manage the technology aspect of the process, who report in…[Read more]

Well put, Yulun. I too am impressed with Amazon’s Order to Cash process. However, I would like to add a few points here which are integral to an O2C process –
~ Managing customer Master data – Since the buyers are required to furnish their contact details/delivery address or verify the delivery address while placing an order, it would be rare…[Read more]

In my opinion, the person responsible for the Order to Cash process needs to have –
• Accounting knowledge, and
• Sales & Distribution knowledge

This is because :
• The Order to cash process manages the life-cycle of a sales process
• It consists of the sub-processes of receiving customer orders and processing them.
• Orders are receive…[Read more]

The article I read and would like to share with the class is about the US government mistakenly granting citizenship to 800 immigrants from countries of concern to national security or with high rates of immigration fraud. It was found that the immigrants had used different names or birthdates to apply for citizenship and these discrepancies…[Read more]

Rightly said, Paul. It’s too common to view training employees as a cost or lost productivity and managers often fail to realize the benefits of basic IT security training imparted to employees. And while we say that employees are the weakest link in the IT model of a company, it is also true that sometimes training employees would accomplish the…[Read more]