Priya Prasad Pataskar

Alexandra I was about to ask Vu Do if he had lost his credit card, when I read your post where you mentioned that you had not lost yours. In spite of that the hacker could access data. I agree with you that hackers may not physically require a card to steal money. As you mentioned, we enter card details everywhere we shop online, may it be for…[Read more]

Paul, do you think cut off, the correctness of timeline and period of recording of the below levels is also important one.
Transaction level – Transactions can be reported to occur in a different period of month or cycle.
Account balance level – Account balance can be hidden under balance sheets of a different financial year or…[Read more]

Rightly said, assertions are important to investors. Investors must have right to correct and accurate data about the financials of the company. The investor has interest in growth and management of the organization he has invested in. Also the assertions give him clear picture of how his investments have been used.
I also believe they are…[Read more]

Great post Said. The Ordering process has potential to be fraudulent and can incur loss to the company
1. Unauthorized ordeing can lead to loss
2. Quantity of items to order can be erroneous. Either error can be good are ordered less than estimated or more than estimated
3. Number of goods requested mismatch the number of goods received.
3.…[Read more]

Yes Prof Yao. I can explain the constraints in class.

Q] Have you ever:
– Been victim of Fraud?
– Had evidence of, suspicions of fraud occurring?
– Been pressured (e.g. by an employer) to commit an act that was morally or legally questionable?
Explain

I have experienced a fraudulent activity in my life. I was did take care to not fall prey to it, however I was almost on the verge of being…[Read more]

Q] List risks associated with database management systems (DBMS)
1. Sensitive data if stored in plain text can be a big risk. e.g storing passwords
2. Maintaining concurrency of data
3. Frequent updates or version changes from the DB product can sometime create discrepancies in data
4. Data must be made available at all times
5. Access must…[Read more]

Traditional ||||||||||| RDBMS
1. Data stored in flat files separated by delimiters ||||||||| RDBMS: Data stored in tables, in rows and columns
2. Relation between files cannot be established ||||||||| RDBMS: Relationships between tables can be shown
3. Data is not independent of each other |||||||||| RDBMS: Data is physically and logically…[Read more]

Q] Key benefits of relational databases vs traditional file system?
Traditional RDBMS
1. Data stored in flat files separated by delimiters Data stored in tables, in rows and columns
2. One file cannot be related to another…[Read more]

Q] What are key characters of relational database management systems?

Data was earlier stored in flat files. Where data was separated using delimeters.eg tab or ; or, or |. E.F Codd designed the relational database. Here data that is related to each other is stored in tables(relations). Relational database(db) has following characteristics:
-…[Read more]

Prof Yao, I have experienced this while working however to summarize it in words I referred the IT Auditing book.

One such experience I had was during one of audit I conducted. There was a finding on access management, reconciliation of access was not performed.
I had discussed the finding and customer readily accepted to set up a…[Read more]

That is huge. Exploiting vulnerabilities at the cost of someones life is a biggest threat that humans can experience.After reading your article did some research myself and I am shocked as attack on medical devices has been number one threat in 2016!

Hackers are exploiting vulnerabilities to deploy ransomware. Let alone devices like pacemakers,…[Read more]

Rightly pointed out Alexandra. Employees unknowingly can do certain things which can be a big challenge. Especially while transferring data.
I think solution like Data Loss Presentation software can be used and will prove beneficial in highlighting if any sensitive data is being sent outside organization.

12th Sept 2016

Patch management, yet again proved to be most important preventive control!

Dawid Golunski, a researcher has found many vulnerabilities in exiting MySql version. One of the most critical vulnerability is the zero day vulnerability, an attack the IT industry dreads about. The vulnerability is tracked as CVE-2016-6662, which can…[Read more]

Agree with your point Magaly. Preventive Controls are designed to discourage errors from occurring. They are proactive in nature.
In some cases, detection of a irregularity that occurred is the only way to realize that the organization needs controls in that area.

I have experience that I can share,
Objective – Visitor laptops are not…[Read more]

Rightly said Annamarie. Solution based approach is the key.

In this approach the auditor and customer should demonstrate flexibility in ways to implement a control.
Flexibility also must be with the timelines given to implement. Although a deadline must be fixed, they can mutually agree to a timeline.

Binu, I think customer cannot completely deny a recommendation. They could have a different way to approach the final result. And they should discuss with the auditor why they think a different approach is better.

This point makes more sense when we understand that the customer is doing the business on daily basis and auditor might be involved…[Read more]

There are 3 solution development approaches,
1,. Recommendation Approach –
This is a solution suggested by the auditors. Mostly this is easy to do for the auditor and for the auditees to agree to it. However, the recommendation might not be practically easy to implement unless suggested by thoroughly experienced audit team. The involvement of…[Read more]

Nice post Said! When I studied the phases in detail I realized that the Reporting phase and drafting report can actually take lot of time. Collating data right from first phase of audit and documenting all findings will be the most important. There could be a point while drafting report that you realize that you need to validate something or need…[Read more]

I agree with your answer Annamarie. What do you think would companies approach would be towards getting both the frameworks. Would they prefer to get COBIT implemented first or ITIL?
I think they would try to adopt COBIT first as it is will help set up overall governance and then go for ITIL.

However each framework has a different positive…[Read more]