Priya Prasad Pataskar

3. Controls are important to financial and accounting processes. What would be different in the controls of a purely domestic US company vs. an international company? Give 1 – 2 specific examples.
The controls will definitely vary based on the company geographical extent
1. Time zone – The timezone that the multinational firm will have to c…[Read more]

I believe that personnel in IT must definitely have knowledge in accounting and finance. As Sean pointed out, to understand what can go wrong in a system, first we have to understand the system and business is. ERP is so well integrated with business processes and the controls are the driving factor for a well managed ERP, an person handling ERP…[Read more]

The attacks on iCloud especially for celebrity accounts has been on rise. Hackers confess it is a easy hack and can be done by finding out the email address behind the icloud account. Hackers find a target to exploit and can find purported email accounts. Hackers use the Apple’s create account page to guess email address used. While creating new…[Read more]

Great explanation Paul. As you mentioned companies should consider the Business Continuity aspect especially when protection against EMP can done only with a little additional cost. The concept of underground data centers and using shields or cabinets made out of EMP resistant special materials is great.
Experts also mention he risk is not high…[Read more]

Great post Vaibhav. I strongly agree with the 3rd risk you mentioned. In case of failure of IT systems what can be done? Do you think a temporary manual system can work? You mentioned about access being blocked due to not functioning of card readers. In this case should the company be prepared to open the doors without the access readers? Is it…[Read more]

Well explained Niel. I agree with you that Denver could be the best choice. To add to your points I would say that Denver has good temperature balance to host a data center. Experts say that cooling management is the most difficult and costly to handle. Average yearly temperatures in Denver ranges from 64 F highest to 36 F lowest.

I agree with you Alexandra that Miami should not be considered as an option.
Miami is the second most humid city in the US. The servers need the relative humidity in the air to be around 45-55%. If humidity levels rise, water condensation occurs which results in hardware corrosion and component failure. In Miami, additional cost would be…[Read more]

Adding mitigation for risks in PHYSBITS:
-Dependencies for maintenance activities of both the systems must be minimum.
-As far as possible the reporting structures of physical and IT securities must be considered to resolve the dependencies that can be avoided.
-Segregate authorization levels depending on locations, the assigned rights must…[Read more]

Physical Security Bridge to IT Security is a standard approach for enabling integration of physical and IT security. PHYSBITS provides a architecture for managing and monitoring physical and IT security systems by bridging both securities. There could be risks in using Physbits,
1. Implementation will be complex and time consuming. IT would be…[Read more]

I agree guys. A company cannot do much if a buyer is fraudulent, Generally a company would take following steps to resolve collection
1. Talk to buyer
2. Register Complaint internally and follow up
3. If problem isn’t resolved they would take help of the law
That is what ebay’s collection policy says “We don’t provide mediation, collect…[Read more]

Good point Magaly. I would also think a vendor or a person who visits warehouse to load and unload the materials, as a outsider to the organization. In addition to cyber attacks an outsider can get physical access to the confidential areas of the company if access levels are not controlled. Having physical security measures like CCTV cameras, door…[Read more]

Assume you’re an outside organization with goal to cause negative things to happen to an organization’s Order to Cash (OTC) process. Where would you attack it? Explain Why and How
As a fraudulent customer, one can try to wreck the order process
1. Providing incorrect details on purpose – address, bank account details
2. Deliberate return of…[Read more]

Great point Paul. If the ordering process is lengthy or complicated or system is down, it will impact the process at a primitive stage. In case of online shopping the volume of traffic the servers can handle must be correctly predicted. The system must be available at all times. If a customer finds that the site is slow, the chances of that…[Read more]

Yulun, the attacks you mentioned would fall under cyber security attacks on the software system of the company. The hacker in some way would pose either as a customer or would exploit the customer’s software interface to launch an attack.
I think it is very important for the company to ensure secure software by conducting penetration testing or…[Read more]

Great points Sean. Alexandra, this is not always true but, I think Sales comes into picture when Finance department might need help to understand why the payment is not happening from the customers side. Sales department has a connection with customer. If he relationship is healthy, sales department can also give a friendly call to customer asking…[Read more]

Who in an organization should care more about the collections process – Finance or Sales? Explain

IT should be the responsibility of the Fiance department to track receivables, highlight in case of issues and ensure the payment is complete. In case the Finance department is getting no response from customer then Sales department can help. T…[Read more]

I agree with Said and Yu Ming.
Yes I have read about Apple denying to unlock some iphones. The question that we should look at is, what would happen to the data once it is shared. The attacks are always organized and well planned. However the security system should also be well organized. If an attack is determined before the launch, while it is…[Read more]

A medical office in Texas was attacked by multiple burglars who stole 5 laptops. One of the laptop contained confidential patient data which was not encrypted. Data like medical records numbers, diagnosis, admission and discharge details, date of birth, address, SSN, medicare and medicaid numbers is at stake. The StartCare Health System has now…[Read more]

Great article Paul. This points out that Privacy laws change depending on the government rules. I think a whatsapp user in Germany or anywhere else in the world must restrict the parent company from having access to sensitive data.
I know that whatsapp started encrypting messages only from April this year, until then it was only clear text. So…[Read more]

That is bad news. Thanks for sharing. I believe hackers can attack ios and launch zero day attacks as they are able to jailbreak into the phones. Once hackers get root access they can easily bypass security in the OS. With this they are able to run a shell code, find kernels base address and execute a code in kernel to launch the attack.