Priya Prasad Pataskar

Advantages of VPN
1. The main purpose of VPN is to have a secure connection which can be connected remotely over a Internet Protocol Security.
2. VPN offers higher level of security as the VPN needs authorized access to connect to the network.
3. VPN is comparatively low cost than any other configuration to remote connect over secure link.
4.…[Read more]

Ian, you have stated an important point regarding mobile devices connecting to VPN. Currently not all mobile OS have a VPN built-in client (only Android and ios provide built-in). Mobile devices do not have an open VPN protocol which is disappointing. Companies must provide a software application to launch VPN client via mobiles devices. If one…[Read more]

Great post Daniel. I agree with you that the level of security an organization can achieve using VPN with a decent cost is great. However it must be ensured that the service provider for the Internet via which the network is connected must have minimal downtime and good connectivity. Otherwise the day to day business work will be impacted.

Great point Ian, VPN may slow down the speed. About having experienced employees having encryption knowledge holds true only to a person who is setting up the VPN. For a user, it is just another level of authentication they need to provide.
I have experienced that companies prefer the employees to directly connect to servers rather than saving…[Read more]

Along with security VPN provides access to remote systems. This helps connect to systems even when you are not physically present serving the important component, availability.

OSI is an ISO developed networking model determines how data moves between networks. The data travels through the 7 layers of OSI model and is governed by a protocol of data is packaged and sent to the next layer.
Physical layer – Electronic Connection – This layer defines how raw data travels in forms of bits and bytes in form of electronic…[Read more]

Great discussion everyone.
After reading the posts I would say that combination of controls is a good idea.
Lets say employees ave to wait for long security or bag search,
Solution – Have a sample check at random and on random days.

Security cameras- If employees feel they have been constantly under surveillance and if that affects…[Read more]

Very apt Binu.
I would also like to add that employee physical access log system can be in place. In this example, when Mr Cash was stealing big auto parts that could not have been carried in lunch box, he might have come with his friends at odd hours. A access record would be a great control here .

I would also like to add that the company should consider the geographical conditions to where the shipment will be delivered. If there is extreme change in climate of where product is made and where the shipment is suppose to reach may damage the product. Also the conditions while transporting goods must be favorable for the products and must be…[Read more]

Great point Deepali. In addition to the control you mentioned I think division of duties is important. Mr Cash should not have access to all parts of all the cars. Employees could be distributed on basis of which parts they handle. The shift timings could be adjusted to ensure employees do not have access to everything,
Also development of an…[Read more]

1. Using the Fraud Triangle analyze the ‘One Piece at a Time’ video scenario and explain how the environment was favorable to Fraud.

The Fraud traingle has 3 compements
1. PESSURE to commit fraud
2. OPPOURTUNITY to commit fraud
3. RATIONALIZATION to the commit fraud

One piece at a time is a beautiful elucidate of the fraud triangle. Thi…[Read more]

Q] List common control issues associated with operating systems and remediation strategy/plan.
A] OS has to provide a confidentiality, integrity and availability to the system. OS security may be approached in many ways, including adherence to the following:
– Unauthorized access to the system – OS can have different users accessing different…[Read more]

Q] Why is so important to protect operating systems?
A] Operating system is the backbone of computer. It handles Memory Management,Processor Management, Device Management, File Management, Security, Control over system performance, Job accounting, Error detecting aids, Coordination between other software and users. The security of OS has…[Read more]

Joshua you brought up 2 great points,One, internal risks can increase external risks- this is absolutely true. A employee using unauthorized software has potential of ip breaches and malware entering the organization. Data retention policy must be followed rigorously. Classification of data for internal entities to clearly understand how to handle…[Read more]

Denial of Service is more of a network based attack. A distributed DOS can cause more harm. In DDos an attacker may make use of the vulnerabilities in your system to use your system to launch further attack by sending huge chunks of data from your system.
Along with great firewall, good and up to date antivirus, keeping track of email and spam…[Read more]

Great explanation Daniel. In case of open source operating systems it becomes easy to to insert malicious code in OS using those applications. A study of more than 2.5 million apps last year found that 97% of malware targeted Android.
[http://www.makeuseof.com/tag/secure-mobile-operating-system/]

Mengxue, thanks for sharing this news. You have brought up an interesting question here. What is the purpose of hackers exploiting identity theft?
Mainly that happens not for a direct monitory gain. A person may steal personal information to get details of your personal life that can be used while committing a bigger fraud.
Another reason is…[Read more]

You summarized it well Magaly. Great point about a strategy not being one-size-fits-all approach. I think the basic issues remain the same but the ways to implement them become different for organizations dependent upon the business operations, geographical location, the core business function and different cultures where the business is…[Read more]

There is another issue that is brought up in the case regarding server implementation, the issue of implementing secure framework within a short time and the cost required to do so.
With cloud The cloud model offered by RSA would take about 9 months while online model would take 15 months. With cloud HDFC Bank could opt for pay-by-use pricing,…[Read more]

Rightly pointed out Alexandra. Customer relationship management experience will definitely help.
I also agree with Wenlin that the knowledge of business is utmost important. without understanding how business works. A person has to understand how a business works to detect if anything has gone wrong in the O2C process.