Paul M. Dooley

Domain 2: 72%

This is an interesting question. When first thinking about the question at-hand, what’s more important, depth of knowledge in technology, or its impact on the enterprise, my initial reaction would always be to side with the impact on the business. The ultimate goal is always to align with the business vision and create competitive advantages via…[Read more]

Of the 7 “not so good” types of auditors discussed in the article, it’s my opinion that the “faker” would be the worst type of auditor from the auditee’s perspective, if they’re ever able to identify the underlying truth. There are a number of obvious reasons that this could have significant negative impact to the audtiee. The point of the IS/IT…[Read more]

I think the most obvious benefit that the Audit and Assurance profession will realize from the Millennial generation is the comfort and knowledge that they have with technology. They were born into the computer generation and creates a comfort level that doesn’t exist in prior generations where that comfort level has to be learned and as witnessed…[Read more]

VPN is an alternative to what can be very costly private leased lines from a service provider. The VPN technology allows us to leverage best-effort braodband connections while still securing the mission critical traffic and keeping that sensitive information out of others’ hands. While they can still see the data, the encryption makes it…[Read more]

In my experience cost/benefit analysis is always the first analysis done when trying to select a technology for a project. While it may not be hte only one, I do believe that in my experience it carries the most weight. That being said, it does not mean that the cheapest solution is or should normally be selected, however, if there are 2 very…[Read more]

Said, great point. VPN are used to both protect data, but also are commonly used for privacy issues as well. I know on the darkweb VPNs are constantly used to protect the privacy of the end user

I will have to agree with my colleagues that mainframe, by its very nature, is a more secure computing environment than a distributed computing environment. I would add more but I think the 8 responses before mine pretty well summed up the conclusions haha.

Tamer, interesting perspective and I agree it’s important to have the fundamental understanding. Shared resources are critical in the review.

I think the necessity of availablity of data is often times forgotten while the confidentiality and integrity are more often focused on rather than the A in the CIA triad. Availability is absolutely critical and should always be top of mind when analyzing.

Said I completely agree with the others it was a good idea to bring to the forefront some of the limitations or challenges they bring to the table when used. That being said, I think we can all agree that even with the few limitations or disadvantages there’s no question why relational databases are so widely used today.

Ian, interesting perspectives on the recommended controls you brought up. I definitely agree with capacity management. Cloud computing may also address server limitations but opens up an entirely different list of risks, however, off the top of my head I can’t seem to come up with an alternative.

It may not be the responsibility, however, I believe it is best practice to collaborate and discuss action plans that other’s may have used to address similar findings. Any insight that can be provided can bring a huge amount of value to the client which should certainly be a part of goal if you would like repeat business from said client.

I agree. Intimate knowledge of key vertical industries can be a huge help and should be leveraged more. No matter how much you may study and read, there’s nothing quite like having personal experience and real life scenarios to be able to reference and the associated outcomes from different approaches. This should be shared regularly and should…[Read more]

I agree with Deepali’s sentiments here. It is the auditors responsibility to identify and bring to attention any holes in what they are audited, and while it may not be necessary for the auditor to give their input as far as working the action plan to mitigate the identified risks, I think it is critical to have a meaningful dialogue about what…[Read more]

I agree. One of the biggest challenges is employee awareness. That is the first and probably biggest hurdle in creating a secure environment and minimizing the liklihood of any data breaches. I think most of the time it is done without malicious intent, however, as we’ve all seen throughout the semester in real-life examples of breaches,…[Read more]

Explain common SLA issues identified by auditors

Some common concerns is that outsourcing the project or function may be unrealistic due to a number of issues, including that it is too complex. Additionally unclear measurements of service level agreements and performance against those agreements are defined therefor it is impossible to…[Read more]

What controls can be implemented to mitigate the risks associated with outsourcing?

Contracts
Statement of Work
High Level Monitoring
Connectivity and Network Security
Data Security
Project Monitoring and Governance
Compliance with Regulatory Requirements
Benefit Measurement
Customer Satisfaction
Impact on IT Strategy

Source: Class…[Read more]