-
Priya Prasad Pataskar posted a new activity comment 7 years, 11 months ago
Great point about conflict on interest. I agree with you.
Separation of duties is a fundamental principle of many regulatory mandates such as Sarbanes-Oxley and the Gramm-Leach-Bliley Act. SOD is an internal control requirement focusing on 2 primary objectives:
1. prevention of conflict of interest
2. detection of control failures that include…[Read more] -
Priya Prasad Pataskar posted a new activity comment 7 years, 11 months ago
Nuclear Plant Impacted by Malicious Hack
International Atomic Energy Agency declared that the German based plant was hit by cyber attack. The plant was disrupted in the last 2-3 years. The plant was not shut down completely but we can imagine the consequences of nuclear threats. It was a disruptive attack which means the attackers were able to…[Read more] -
Priya Prasad Pataskar posted a new activity comment 7 years, 11 months ago
That must definitely be troublesome. What do you think is a solution for this?
Basically ERP softwares must grey out the text boxes where data cannot be entered, they should not be editable if the access does not allow editing.
I think organizations should maintain Access Control Lists and must hand out a copy to respective individuals defining…[Read more] -
Priya Prasad Pataskar posted a new activity comment 7 years, 11 months ago
Great points Ming Hu. I would like to add to your list.
A person responsible for security must be a good observer and must take active interest in learning about each and every process in the organization. Organization’s functions are so closely bound and interdependent that a person responsible for security must be a scholar in the…[Read more] -
Priya Prasad Pataskar posted a new activity comment 7 years, 11 months ago
1. What is segregation of duties and why is it a commonly used control? Give an example of two (e.g. IT) roles that should be segregated?
Segregation of duties results in most important function, protection of company assets.
Purpose – Basically it prevents internal fraud and errors. To ensure that there is control over a process separation is d…[Read more] -
Priya Prasad Pataskar posted a new activity comment 7 years, 11 months ago
Interesting you mentioned about IAM in cloud, Alexandra. It is definitely much more complex than a normal environment.
Users can connect to any application from any place and from any device. This distributed structure of cloud applications increases the complexity of managing user identities. Users struggle with password management while IT is…[Read more] -
Priya Prasad Pataskar posted a new activity comment 7 years, 11 months ago
Great example Paul.
you mentioned how granting access depends on 4 functions. Similarly the 4 functions can be applied when there is change in access and termination of access.
An employee, lets say Frank moves from marketing team to IT team, his access will have changes. If Frank leaves the company his access must be terminated.
IAM enables…[Read more] -
Priya Prasad Pataskar wrote a new post on the site Auditing Controls in ERP Systems 7 years, 11 months ago
mirant-corporate-fraud-case_priya-pataskar
-
Priya Prasad Pataskar posted a new activity comment 7 years, 12 months ago
http://www.databreachtoday.com/2-million-hipaa-penalty-after-patient-data-exposed-on-web-a-9465
In Feb 2012 St Joseph Health reported that their electronic records containing PHI were publicly accessible from Feb 1 2011 to Feb 13 2012.
These records were stored at a server with default settings, default password that allowed anyone to access…[Read more] -
Priya Prasad Pataskar posted a new activity comment 7 years, 12 months ago
How would you determine if an organization’s network capacity is adequate or inadequate? What impacts could be expected if a portion of an organization’s network capacity is inadequate?
Network capacity must be able meet service-level agreement (SLA) targets of delay, jitter, loss, and availability. SLA requirements for a traffic class can be…[Read more]
-
Priya Prasad Pataskar posted a new activity comment 7 years, 12 months ago
1. Do you believe business rely too much on administrators to configure the security protocols in programs like SAP, rather than look for security in the entire network? Explain
I believe the company as whole and board might be more concerned and focused on overall security in the network. From ERP perspective, the ERP mangers would focus more…[Read more]
-
Priya Prasad Pataskar commented on the post, Week 8: Questions, on the site 8 years ago
Binu, I would say have a password management tool is better than having similar passwords for all accounts. This is a fact that people will use similar passwords or phrases or same passwords for various applications making it easy for hackers to guess credentials for all accounts.
In comparison a password management tool would use high level…[Read more] -
Priya Prasad Pataskar posted a new activity comment 8 years ago
I have been through the same. I had in fact audited a team who used to have 120 applications and security policies made them change passwords every 15 days. Now that is serious issue. Password management tools is an option but that software is at risk too.
I came across many articles which speak about password less security and I stand with them.…[Read more] -
Priya Prasad Pataskar commented on the post, Week 8: Questions, on the site 8 years ago
I think companies focus on both. Since network security and frauds are spoken more about and get quick media attention they are more focused. The constantly growing network related frauds tend to get more attention of security team. In my opinion, if the team members of security team are focused on network security and giving it more importance,…[Read more]
-
Priya Prasad Pataskar commented on the post, Week 8: Questions, on the site 8 years ago
Good points Alexandra and Mansi. From SAP point of view you can keep multiple periods can be kept open for posting. However, to prevent fraud it is recommended only one posting period must be open. Special periods are thus provided for closing postings during the period-end closing.
Posting periods can be bound by company codes that can…[Read more] -
Priya Prasad Pataskar posted a new activity comment 8 years ago
Hacking Beyond Software and Applications!
Security researchers have been figuring out hacking techniques that do not restrict to only operating system or applications, but break through the actual machine. They trying techniques to exploit the hardware behavior by targeting the actual electricity signals that comprises bits of data in computer…[Read more]
-
Priya Prasad Pataskar posted a new activity comment 8 years ago
BCP stands for the planning of Business Continuity and DR is actions taken to recover form a disastrous event to bring business back to continuity after an event of calamity or failure. BCP leads to DR.
Business Continuity Planning-
1. It is a blueprint of a plan if an incident occurs. BCP identifies the parameters of DR. BCP defines a plan in…[Read more] -
Priya Prasad Pataskar commented on the post, Week 7 Questions, on the site 8 years ago
I agree with your points in this entire discussion. The domain and business knowledge is necessary for systematic execution of IT functions in ERP. This knowledge can only be obtained by experiencing the business processes thoroughly. More than training, knowledge transfers sessions, shadowing a senior will be more helpful to get accustomed to the…[Read more]
-
Priya Prasad Pataskar commented on the post, Week 7 Questions, on the site 8 years ago
Many non financial functions have to capacity to direct the smooth functioning of the business. As a member of finance team I would ensure that the investment in procurement of raw materials is appropriate. As part of accounting team I would also ensure the correct credit check is done before the order is approved, so that the order will be place…[Read more]
-
Priya Prasad Pataskar commented on the post, Week 7 Questions, on the site 8 years ago
I agree with you Deepali. What background knowledge is required depends on the business process the person is handling. I every business will have its own processes and tools, application and transfer of knowledge will be easy if the basics are clear.
ex. It will be easy for a recently hired project manager who to handle FICO if he was…[Read more] - Load More