Patrick J. Wasson

Database is very important for information technology because all of company’s data are stored in several databases and databases become the final target for cybercriminal. So securing database is important for IT auditor. In this chapter, we learned that MySQL interact with other application software, and that authorize privilege to end users and administrators can protect database from being unauthorized access. The two levels maybe administrators level and clients level. For administrators, they should perform regularly data backup, monitoring, and maintaining user accounts. For users, they should keep their password and username securing.

The operating system should be protected because it manages the computer’s memory, processes, and all the software and hardware running on the computer. for the security in database, security can be provided by encrypting PII and sensitive information in the table to column.for the security at server, physical servers and operating systems should be strengthened to protect the database. Network access should be restricted and precautions taken

The reason why we spent so much time discussing this is is because it is important to know the process of the database and operating system level of a database server. The two main levels of security that affect a database server is the administration and clients. Administration has the authority to modify the database server to fit needs, while the clients may make changes tailored to their business. We can ensure both levels are secured through auditing the servers as IT Auditors and using appropriate testing to provide reasonable assurance.

The database contains all the data information, which is equivalent to a bank vault.Protecting the database is very important, and the ultimate goal of the hacker is the important part of the customer information in the database, for example, PII, and credit card information.The two security levels of the database are client level and server level.Among them, server level needs a strong firewall to filter the external network to ensure that the information is properly authorized through SQL access.In addition, strong encryption of passwords can protect the database.

By storing the data in different tables, you can reduce the probability of editing the data. At the same time, for different parts of the data collection, the split table also gives different people different permissions, which is what IT auditors should pay attention to. In order for ERD to work with SQL, we need to create queries for SQL. We can create and insert our data into SQL and edit mySQL delete commands. To design an ERD, you need an outline of the business structure.

The reason we spent so much time talking about this is because DBs hold all the vital information that hackers want to get. They contain all the private and sensitive information that we are trying to secure. the two main levels of security are at the client and server. At the client level it is important that there is a password policy the ensures strong passwords, regular password updates, secure password reset processes, and other security measures like two-factor authentication and CAPTCHA. Also, that administrators are regularly updating and managing the servers with patches and audits. At the server level it is important to physically secure the servers. This includes restricting physical access, backing up data to multiple locations, having power back ups and more.

The reason why we discuss it so much is that it is very important as databases are one of the most valuable asset for the company. The two levels are client level and server level. For client level, we need good password policy and more authentication method. For server level, we need administrators to install updates and patches to make it secure.

I prefer the GUI because I’m more familiar with it.GUI user experience has a relatively mature methodology and specifications. CUI is now linked to new technologies such as AI.Intelligence. It is good, However, the controllable of the software must be taken into account.I like GUI more in this respect.

The graphical user interface (GUI) is simply a way of presenting information to a computer user, who can click, click on visual indicators and ICONS to retrieve information and interact with it. The command line interface (cli) is a text-based user interface for viewing and managing computer files.Even among computer users, the cli is not as popular as the GUI, but it provides faster management of a large number of operating systems.I prefer to use the GUI before class, but now I understand that with a basic command line knowledge, office works faster and easier, which also helps with network connectivity.

I prefer the GUI because it is more familiar and comfortable to my computing experience. The benefits of a graphical user interface is that it creates a more interactive experience for the user. It’s easy to read and manage. A drawback may be that this delays a further understanding in knowing the operation of a computer. That’s where the command line interface comes into play. The benefit of the command line interface helps a user understand the language of the computer and what to type into the system in order for the command to be performed. A drawback of the command line interface is that because it’s a taught skill to use the command line interface, many computer users are not aware of the system within the computer. Understanding the command line is vital to the career of an IT Auditor because it helps to know how to perform commands within the system to help perform a successful audit.

Thanks for contributing to the discussion!!

Thanks for contributing to the discussion!!

I prefer the GUI because it is more interactive and flexible than the CLI and is suitable for beginners. The GUI can use custom options to change the appearance and edit the configuration and is visually intuitive. But the GUI is slower than the CLI, and it requires more memory and is less accurate than the CLI. The CLI, which gives users better control and is faster and better than the GUI, is better for professionals. IT auditors understand that command line can better control system functions and audit them.

I prefer a GUI. I am not familiar with all the commands necessary for a CLI and I find using a mouse to navigate mich easier. GUI’s aste much easier for beginners and are much easier to use for most programs. However, GUI is going to add complexity and can slow down applications. CLI is not as intuitive or easy to use but is very powerful and useful for the users that know how to use them. They allow users to complete very complex tasks. Understanding CLI is important for IT to understand becuase it is the engine that is actually completing the tasks. GUI is just a skin overtop tht makes it easier to use. But it all boils down to CLI.

prefer the graphical user interface, but I think the command line interface is cool after learning. As I researched, the GUI (Graphical User Interface) is a graphics computer. It allows users to interact with electronic devices through graphical icons and visual indicators instead of a text-based user interface. The advantage is that it is easier to use for the public, the disadvantage is that it takes more time to process due to the heavy workload. The CLI (Command Line Interface) is a text-based representation where users can type commands to operate software or devices. It’s more convenient for IT professionals. But some tasks are difficult to accomplish in the command line interface. The reason why understanding the command line is so important to our future IT auditing career is that it is fast, easy, effective, and accurate for IT staff.

I prefer GUI more because I have basically no idea about the different GUI and CLI before this class. The benefits of GUI are convenient to use for beginners which apply to most programs. But the GUI adds complexity and may slow down the application and hard to do a repetitive or batch task. The CLI allows better control and with faster task process for more professionals users which provides better control over system functions and reviews for IT auditors.

I prefer CLI more. For GUI, after each update, the interface might change overtime and there are more useless information on screen for easier access. By using CLI, the same command can be used through multiple version unless they change the basis. The information returned from the console are also more direct. Understanding the command line is so crucial as whatever which interface my client choose for their system, I can use the same command line if their system is base on the same base like Linux, Unix or DOS which will make my work easier.

I think we care about domains because it’s a major avenue of how all devices are interconnected on private and public networks. A domain should be created by a company to help monitor and identify all the various devices on its network. Company devices may have access to sensitive information so the domain enables administrators to set up all devices in a secure way. Private Domain Server Networks provide a tool in keeping outside public users from accessing company computers through the internet. I think this is less of an issue on a home network because inherently a home network has way less users and devices to track, and internet security through a firewall can suffice vs setting up a private domain. I feel like for a straightforward, and very IT Audit applicable, question this was a little more difficult to answer with confidence than I initially expected. We should go over it in class!

I think the reason we need to care about the domain of corporate PCs is that administrators can manage them more easily. The administrator will control the computer and protect company information. Similarly, employees may need to share some documents within the company, for example, they can use a shared drive to get documents. For IT auditors, it’s also important to understand how a company manages its computers and shared drives. For myself, my laptop doesn’t need someone else to control or share drives and document to others, so I don’t have to be on the domain.

Domains stored a company’s resource, and only the company have right to use it. Because many hackers and cybercriminals want to steal company’s resource for the money, protecting domains is very important for a company.
A domain is like a website that allows internet users to access in and use the resource. A company needs domains so that its employees can access same resource to finish their work. But for the personal computers, they are the internet users so they don’t need to be a domain at home.
Domains is a company’s resource. There are many business valuable resource. As a IT auditor, it’s our responsibility to check a client company’s domain is safe or not, and whether its have a good protection to protect company’s resource. For example, if its password system is ok, if company’s users have authentication or authorization for the access control.

We care about domains because its how other computers can be found and seen on a network. It’s okay to not be on a domain at home and not at work because a job will want to see what computers are using their servers. This relates to my future work as an IT Auditor because it demonstrates an understanding how different settings require different standards amongst computer usage. Also, when looking at what computers are on a domain, an IT Auditor may be able to distinguish which computers are from the outside or straight from the company.

Domain provides network administrators with a way to manage and control a large number of PCS. Domains usually consist of computers on the same LAN. Organizations such as companies or schools can manage computers used or provided by the organization through the domain. So at home we don’t need to be on a domain. As an IT auditor, we should focus on computers in every domain in the organization because domains help the organization manage every user in the domain flexibly.

The domain belongs to the company’s work on the network, and the domain can help the company manage the permissions of various accounts.And the domain log can record and monitor account activity.When suspicious activity occurs, the company can quickly identify and resolve the problem.There is no need to use domain at home. We do not need to carry out Segregation of duty at home.Adding a domain name to a company is like installing a camera in the whole company.When IT crimes happen, information can be collected better.In addition, the firewall of the domain can also effectively prevent illegal access.

We care about domains because they are the way that organizations control and secure how users interact with each other and with the rest of the internet. They allow for IT policies and procedures to be enforced on the users and they help to keep unauthorized users from access sensitive information. It is not necessary at home because there are not enough users or resources stored to justify setting one up.

We care about a domain because a domain related to system and management, which is easier and efficiency to assess the system and management of the system. If you have a domain at home, it means that you can assess at home. It is dangerous for the company because other people also can assess in other places based on the weak of security. For an IT auditor, it is important to know the basic IT knowledge on a domain, which helps manage and assess the system.

The idea here is to get to know about the domain, we need it because A domain is a convenience because it allows you to locate resources using a single namespace.NS is the main method to identify hosts on the network. All DNS entries must be in the domain. So, so you need a domain the internal domain and external domain, Even internally, this is very useful. Most companies have only a few externally accessible addresses and many internally accessible addresses.

The domains are important as it can help us to administrate all of the computer under it. It is ok for me to not be on a domain at home as there are not that many devices so that I can configure them all by myself. Also, all of those devices are in my possession and within reach. But for a larger group like companies, it is easier to administrate devices by adding them to the domain so that every device is under company’s control. It is also easier for me as an IT Auditor to audit as I don’t need to audit each individual device.

As an IT Auditor, it’s important to have a base understanding of storage components because it will help to understand where everything is being stored. It’s important to know how back-up/recovery systems work together in holding information. So in the event that a specific file needs to be retrieved, an IT Auditor would know where to search for it.

Storage is an aspect of a PC that has both a Physical AND intrinsic value attached to it, because of the data being stored by any given organization. For many companies, this data can be its most crucial asset like trade secrets and sensitive customer personal information, As IT Auditors we need to know everything about these assets in order to assure their protection, and therefore, learning about the storage component of an organization’s enterprise is very important. We need to understand where and how the data is stored. and how it’s accessed, in order to effectively manage risks and advise on controls that can prevent any type of theft or breach by cybercriminals. We need to understand how data is stored, how often it may be backed up, and everything that may cause a vulnerability to a cyber attack.

As am IT auditor, it is important to understand the diversity of storage component, which can help us have a better understanding of IT systems. When auditors conduct auditing in auditee or companies, they must know what they are checking. If we do not turn on the disk management, we dno’t know the situation about the disks. It is important for the companies to have backups, which can reduce the risk when data lost or disk suffer from physical damage.

Storage components are very important for the IT system, which are used by the computer as a location to store bulk data until it’s required. For an IT auditor, it is a good experience to get IT knowledge. Many people never work in a factory that manufactures hard drives, so it is a good way to know the basic knowledge of storage components. For me, it is the first time to know the storage components, I think that it is very interesting.

For enterprises, the content of storing electronic materials is even more important, and may involve related business secrets such as contracts, independent intellectual property rights, and employee information. We need to understand the structure of the storage hardware. When a part of a company or company file is attacked or lost. The knowledge of these storage hardware is very important when we are targeting vulnerabilities. This is a necessary experience for us to verify problems and vulnerabilities, so storing hardware knowledge is needed. In addition to prevention, companies need to back up some important files for a long time, and be able to recover lost files at any time. The integrity of company data has been protected. IT personnel need to understand how the storage works to maintain the company’s normal business.

As an IT auditor, especially audit hardware devices, we should know whether the company has good devices to work for the company. One reason that leads to data leakage is the computer devices are too old to service the data transaction and cause a series of vulnerabilities. If we know the storage is important for the company and checking the status of storage, we can avoid some potential hardware risks and do a better job.

Thanks for contributing to the discussion!!

Storage components involve the storage security and cost pressures of an organization’s information. As the amount of digital information stored increases, so does the pressure on organizations to increase their storage capacity. After understanding the variety of storage components, we can help organizations improve the functionality and security of their storage solutions and reduce the storage cost for organizations.

Most of what hackers want is the data kept in storage. Therefore understanding storage is vital for IT auditors. With an understanding of the physical and digital components of information, storage is necessary in order to audit how well a company is protecting and accessing the data in the storage.

In my opinion, the importance of understanding storage components is that get understand of where everything is stored, and also important to understand the organization process of the backup/restore system store information together. It’s also important as an IT audit to know that the organization or firms are storing data which might be the most critical Intangible asset, we need to get deep understanding in order to give our advice for effectively manage the risk and can prevent cybercriminals.

The importance of understanding storage is that if my scope of audit contains a defect storage component, I will know if the data can be recovered and the performance of the remaining hard drives. With the variety of storage components that exist in an organization, the data will be saver than before while there will be more element that is needed to be audited.