Ming Hu

Primary key is an efficient way for indexing, since it’s unique, just like our TU id, authorized people can search one by typing his/her TU id into the system. Also, first name or last name could be used for indexing as well, but it not as efficient as TU id, since it is not unique, for example, if you type “David”, maybe more than one result appears.

Great answer, I think one of other benefits is that traditional file system is kind of manual process within which human errors is a high risk, while database is kind of automated process within which could greatly mitigate the risks caused by human.

Q: List risks associated with database management systems (DBMS)

Legitimate privilege abuse – users may abuse legitimate database privileges for unauthorized purposes
Database injection attacks – SQL injections and NoSQL injections
Malware
Storage media exposure
Exploitation of vulnerable databases – it generally takes organizations months…[Read more]

Q: Key benefits of relational databases vs traditional file system?

It’s easier for user to understand and implement
It’s easier to convert from other database structures
it’s easier to implement projection and join operations
It’s easier to create new relations for applications
It’s easier to implement access controls over sensitive…[Read more]

Q: What are key characters of relational database management systems?

Using of primary keys
Avoiding of data redundancy – the use of “normalization” rules
Constraining data input – specify what sort of data a database column is allowed to contain
Using of SQL
Convertibility – data can be transferred between relational database systems…[Read more]

I totally agree with you. Since the relational database are designed to grant permissions on a table or a column and are not well designed to restrict access to a subset of rows in a table, one user with privileges on a table is able to read every row in the table, if that table consists of sensitive data, such as password, well, that’s really a big risk

Good example, and I think with that unique primary key, it’s would be more easier to search for specific values by the use of indexing, like through social security number, authorities can easily look up your criminal records, your background, etc.

The term “acceptable information system security risk” reminds me of one of other terms – “risk appetite”, Risk appetite is the amount of risk, on a comprehensive level, that an entity is willing to accept in pursuit of value. The risk falls into the range of “risk appetite” could be deemed as “acceptable information system security risk”, that is…[Read more]

I don’t agree with you. Maybe you are right that without recording accurate information, even all the business events are recorded they do not reflect much value. But without recording complete information, even all the business events are recorded still may lead to fraud, failures, theft, etc. Just look at WorldCom, by removing some existing…[Read more]

Q: The concept of ‘Assertions’ is important to accountants. Who else is it important to? Why?

Assertions are not only important to accountants, but also to auditors. Qualified auditors are engaged to examine the financial statements, including related disclosures produced by management, to give their professional opinion on whether those sta…[Read more]

I think that it is. Assertions are important to those people, groups or organizations who need these assertions to make decisions, take actions. As you said, investors decide whether to invest in, bank decide whether to loan to, suppliers decide whether to collaborate with, etc, all based on assertions.

I agree with you, and I believe that each of them is very, very important, but we should focus more on the word “most”, not the “important”. So I think that we need a comparison standard to draw our conclusion.

Great answer, I remember one of our professors said before, the effective way to reduce human errors is using automated controls for replacing manual controls. From real-world view, those human involvements are more likely to make mistakes, no matter intentionally or unintentionally, especially compared to automated processes.

Q: In class we discussed several dimensions of Management Assertions. Which do you believe is the most important? Why?

The several dimensions of Management Assertions we talked about are as follows:
Occurrence
Existence
Timing
Completeness
Accuracy
Valuation
Rights
Summarization
Presentation

As for me, each of them is very…[Read more]

Thanks for your sharing, your reason looks like that one organization can’t live without corrective controls, so that’s the most important, well, organizations can’t live without preventive controls and detective controls as well, does that mean all of them are the most important? It’s not convincing.

But I do agree with you that the balance of…[Read more]

“Millions of iOS Users Install Adware From Third-Party App Store”

The article I’m interested in is about adware on iOS. Even though Apple has a rigorous verification process in place to ensure that malicious applications are not published on its official app store, millions of iOS users still can’t free from malicious apps which would not only…[Read more]

Thanks for your sharing. Risk assessment is a very important component, evaluates the risks identified gives your unique perspective on the IT organization. Assesses the framework and process IT has embedded within the function to assess and manage risks. Evaluates the actions taken to mitigate risks and the level of accountability within the process.