Priya Prasad Pataskar

Customer data collection and updation is indeed an important process. Check can be made when order is placed. The customer details in order must be mapped to customer master data. If not a new record must be created. Good quality of customer data must be verified.
There must be mandatory fields in customer data and if a record is modified, there…[Read more]

To add to your point Alexandra, Apple Pay would have its own vulnerabilities and potential to fraud.
So many applications are target to hackers. Eventually, Apple Pay will have bank or credit account details stored.

Yu Ming,

You mentioned about the order on-the-go process and its interesting. Does DD ask you for the time of pick up in the application while you place the order?
The staff at DD also must be simultaneously working on in restaurant customers and they should have the knowledge of which order should get priority. If in their O2C process a time…[Read more]

Great point Fred. The competency to stakeholders success is very important. Attention to detail while performing each activity like checking the sales order, checking the quotation correctness, verifying customer data is important.

Q] Which portion of the Order to Cash (OTC) process do they see as the most vulnerable to theft, fraud or failure of some kind? Explain.
A]
Order to Cash process has multiple potential processes vulnerable to fraud. I believe the preparation of sales order is the most vulnerable one. This document collects data from all ends, customer, product,…[Read more]

Absolutely correct Ian and Alexandra.
Operating systems deals with memory management. It decides which process will get memory at what time.Trojan or virus affects the systems once they are picked up by the operating system and placed in RAM to be executed.
A memory protection key mechanism divides physical memory up into blocks of a particular…[Read more]

3. What are the challenges faced by Salvi?
The Indian customers had reliable trust with offline banking and when internet was on rise online banking systems attracted customers for the comfortable nature of online banking. But considering legacy systems and paper work it was not easy to transfer online banking that too with security.…[Read more]

I had read this news earlier and that time Yahoo had not accepted that the data has been breached. They said they were investigating. The news I read dated back to Aug 2nd. Prior to publishing the news, Motherboard, has tested 5000 records and they had claimed that not all but few accounts were accessible. And the accounts which were not…[Read more]

Your smart cars are at risk!
While electronic accessories and smart cars add leisure in cars it also increases security issues.
Are you an owner of Audi or Volkswagen? What is the issue?
Volkswagen, Audi, Seat, Skoda key less cars produced over the last 20 years are vulnerable to hack attacks due to cryptography keys. The car manufacturers are…[Read more]

Great answer Deepali. As we are talking about startups, there will be two major factors that company has to keep account of one is expenditure on risk mitigation and two establishing of security framework.
The risk profile will help the startup understand the picture from broader perspective and help management in creating awareness.
Generally…[Read more]

Nice point Alexandra.

For certain operating systems and applications of those operating systems are allowed to use app’s internal data.Applications should not be able to communicate with other applications to use the internal data. The user must be notified when the application needs to use internal data from another application.
The fault…[Read more]

Well explained Alexandra!
I would also like to add that the risk profile will help organization determine priority of IT requirements.
It also proves as a plan to manage risks,target spending,, preparation for impacts. This is a proactive means of handling risk.

Great post Ming Hu. You brought a good point about Risk Appetite. I read in detail about it,
An organization should consider risk appetite at the time of aligning organization goals.
To determine risk appetite following steps should be taken:
1. Develop risk appetite
2. Communicate risk appetite
3. Monitor and update risk appetite
However…[Read more]

Cry Ransomware uses UDP, Google Maps, Imgur

A dubbed Cry pretends to come from The Central Security Treatment Organization (CSTO), a fake organization which encrypts a victim’s files and then appends the .cry extension to encrypted files claiming ransom of 1.1 bitcoins ($625) to access them. What is unique in this new threat is the ability to…[Read more]

It depends upon the business what is level of risk that the business can tolerate. In general it can depend upon following factors,
– Legal/Government rules
– Timeline to implement mitigation action
– Organizational policies, objectives
– Interest of stakeholders

The main aim of Risk Assessment to help the decision making process to verify if the risk has come to a acceptable level or not. and what measures can be taken to provide its acceptability.
When the cost of risk is smaller than the mitigation cost, it is reasonable to accept risk.In this case however the organization must be able to provide the…[Read more]

Deepali, how database enforces integrity is interesting,
Domain integrity – Ensuring a domain gets selected range and type of values. eg If a phone number column must allow only numbers and special characters but not alphabets.
Triggers and Procedures They are the stored programs that run behind the system when a particular action is evoked.…[Read more]

I agree with you Said that databases are difficult to recover in case of failure.
Oracle has many database recovery techniques in place,
1. Control files – This is the file that software requires to access database. No one except Oracle can edit this file. The file contains time stamps, database logs, transaction logs. And we can refer to this…[Read more]

Great post Binu!
You mentioned about SQL injection. In this attack the SQL query is exploited by entering an input that was not expected by the system. This input serves to the SQL query in such a way that it forms a different meaning of a query and gives us possibility to see data that we are not authorized for.

Similarly exploits are done…[Read more]

I think, RDBMS offers security by providing below features,

1. Logical and physical independence
eg if a disk has to be replaced where database stored, it will not impact the logical tables, rows and columns.
2. By having constraints
e.g primary key will help uniqueness, defining range of values in Check constraint will ensure that the…[Read more]