-
Paul M. Dooley commented on the post, Week 4 Questions, on the site 7 years, 10 months ago
Said, I agree with you 100% that the shipping portion is the most vulnerable fraud in the O2C process. This is obviously the area where the person committing the fraud is trying to get the goods purchased by someone else. Without delivery, there is no gain from the actor.
-
Paul M. Dooley commented on the post, Week 3 Questions, on the site 7 years, 10 months ago
In my opinion, while all assertions are of importance, the most critical in reviewing and giving an accurate picture is the accuracy of the data reviewed. Again, as with most controls, humans are the most difficult element to control and with the validity of the information that was entered. If inaccurate data was reviewed the entire picture of…[Read more]
-
Paul M. Dooley commented on the post, Week 3 Questions, on the site 7 years, 10 months ago
I fortunately have not been a victim of fraud, that I know of. I was never pressured to do fraudulent activities by an employer either. I have however witnessed colleagues committing fraud. I was an outside sales rep and we were to be reimbursed mileage expenses instead of given a company car. There were some controls in place through the SAP…[Read more]
-
Paul M. Dooley posted a new activity comment 7 years, 10 months ago
The term “acceptable information system security risk” is a determined in the risk treatment process which is the fundamental goal of going through the risk assessment and other prerequisites to the risk treatment phase of risk management methodology. This is the idea that after going through the context evaluation and risk assessment phases of…[Read more]
-
Paul M. Dooley posted a new activity comment 7 years, 10 months ago
COBIT stands for Control Objectives for Information and Related Technology. There are 4 key features of the COBIT framework. It is not reliant on a specific technical platform. The processes and management are focused on the owners of such. It has become the international standard for IT Governance. ITIL stands for IT Infrastructure Library.…[Read more]
-
Paul M. Dooley posted a new activity comment 7 years, 10 months ago
Paul, you showed some great forethought into the question regarding the maturity of the environment we’re talking about and how detective controls could be more important than preventative controls. I honestly don’t think there is a true “correct” answer to the questions because it always depends on certain variables that we are left to assume. In…[Read more]
-
Paul M. Dooley posted a new activity comment 7 years, 10 months ago
My apologies, while I was preparing for class and going back to review my comment I could not find it so I will respond again.
I was a business to business sales representative for Verizonwhich specialized in infrastructure and IT Solutions sales. I was apart of the Automotive and Manufacturing vertical team and dealing with 6 high profile…[Read more]
-
Paul M. Dooley commented on the post, Week 1 Questions, on the site 7 years, 10 months ago
The control environment affects IT by helping limit the exposure to threats as well as minimizing what they need to review when troubleshooting issues i.e. if a certain application is unavailable for whatever reason. If the end-users were able to install whatever they wanted to it would create a chaotic environment with potential issues coming…[Read more]
-
Paul M. Dooley commented on the post, Week 1 Questions, on the site 7 years, 10 months ago
Great point guys. Actually, I think the biggest problem is that employees typically do not treat company owned assets the same way they would treat their privately owned assets. Something tells me that if the gentleman in the video who had his car broken into and laptop stolen, if that was his that he had paid for out of pocket it wouldn’t have…[Read more]
-
Paul M. Dooley posted a new activity comment 7 years, 10 months ago
Risks can be broken down into 2 categories, internal and external. Of those 2 categories of risk that IT systems faces, they are 100% of the time business issues while only sometimes (even though a majority of them are) technical in nature.
Some of the internal risks that are faced are users not complying with security policy as outlined in the…[Read more]
-
Paul M. Dooley commented on the post, Week 1 Questions, on the site 7 years, 10 months ago
The biggest issue that was exaggerated in the video is also what I believe is the biggest vulnerability to any organization, and that would be the end-users. It was very well noted that the end-users not buying into the security policies, as shown in the video by users writing down their passwords and keeping it under their keyboard or better yet…[Read more]
-
Paul M. Dooley commented on the post, Week 1 Questions, on the site 7 years, 10 months ago
The purpose of IT auditors having some technology understanding is since many of the infrastructure and environments that they will be performing audits on are highly technical it’s good have an idea of what that environment should look like and the associated components to help identify any gaps in the design that can be called out. I’m sure this…[Read more]
-
Paul M. Dooley posted a new activity comment 7 years, 10 months ago
Paul that’s a great point. I’m glad you guys agree with my stance. I think that it’s very easy for people that work in IT tend to start viewing things as tunnel vision when it’s absolutely critical that they keep an open mind and think outside of the box when analyzing problems or trying to determine where their vulnerabilities may lie. This is…[Read more]
-
Paul M. Dooley posted a new activity comment 7 years, 10 months ago
At the G20 summit in Hangzou, China, there are a number of US Senators strongly urging President Obama to open up a dialogue and start on an international action plan to address cyber-security on a global scale with partners. Due to the nature of hackers not having any real geographic boundaries, an international coalition against hackers is an…[Read more]
-
Paul M. Dooley posted a new activity comment 7 years, 11 months ago
Information security is both a technical problem and a business problem, however, is not necessarily a mutually exclusive argument. That is to say each individual security related event will always be a business problem, but not all security events will be a technical problem. Security can be compromised by a myriad of internal and external…[Read more]