Priya Prasad Pataskar posted a new activity comment 8 years, 4 months ago
Hacker Claims to have access to 200m Yahoo user records! Yahoo says they are investigating!
A hacker named Peace has claimed that he has access to 200m credentials of Yahoo users. The hacker confirmed with the Motherboard that he was selling these accounts privately and now they are on the dark web for sale. The cost of each credential is…[Read more]
Priya Prasad Pataskar posted a new activity comment 8 years, 4 months ago
The accident is supposed to have happened in May 2016 which was published around August 1st 2016.
Priya Prasad Pataskar posted a new activity comment 8 years, 4 months ago
That is huge damage! As posted by Mandiant in 2015, on an average hackers spend 146 days on the system before the attack is noticed. This is a positive sign considering the average time of 205 days in 2014.
In the news you posted, the attackers probably used the data to exploit users. Mandiant has claimed that since 2014 the number of disruptive…[Read more] -
Priya Prasad Pataskar posted a new activity comment 8 years, 4 months ago
Q How does the control environment affect IT?
Control environment helps organization increase efficiency and effectiveness of IT governance.
– Establishes control over data being sent out and data that comes in the organization. ex. DLP software
– Control over access management ex. Authentication to access the facility
– Helps in keeping…[
Priya Prasad Pataskar posted a new activity comment 8 years, 4 months ago
In addition to the competency required to audit I would also like to add that auditors technical knowledge determines success of the audit. A technically sound person will be able to do a quality audit.
Also based on my experience, auditors get a defined timeline to complete the audit. If the auditor is not technically sound and lacks business…[Read more]
Priya Prasad Pataskar posted a new activity comment 8 years, 4 months ago
Nice post Deepali! It goes without saying, that if someone wants to point out flaws in a system, that someone must have the know how of the system in and out.
The auditor must have the business knowledge, operational knowledge and technical knowledge of the system that they are auditing.
Ex. The 7.1 requirement of PCI DSS requires to” Limit…[Read more]
Priya Prasad Pataskar posted a new activity comment 8 years, 4 months ago
Rightly pointed out Daniel. To add a few more,
– Employee attitude towards following security practices is shallow
– Laptops are not physically locked. Visitors who are in the building can also have access to those laptops. We are not sure if laptops have encrypted hard disks.
– The employee uses her name in the password. Such passwords are…[Read more] -
Priya Prasad Pataskar posted a new activity comment 8 years, 4 months ago
Deepali correctly pointed out few very important ones.
I believe the most important one is regarding formal training to the employees. Although senior management makes lot of effort in certification or making brilliant policies, the number of employees that are directly associated in making those policies is very less may be 2-5% of the…[Read more] -
Priya Prasad Pataskar posted a new activity comment 8 years, 4 months ago
[Q] What are some current system-related risks that you have experienced in your organization?
An organization faces risks from the varied external and internal factors. I came across many such scenarios at my organization.
Although risk was identified and mitigation actions were followed, practically while working we faced new risks that…[Read more]
Priya Prasad Pataskar posted a new activity comment 8 years, 4 months ago
What you say is right Said, If grade A is too costly the investment cost is going to increase. However if the standard recommends to use grade A must be with logical reasons. In longer term grade B material will incur more costs to company in terms of return of goods as users were not satisfied, poor quality or it might lower the brand…[Read more]
Priya Prasad Pataskar commented on the post, Happy Birthday SNL // the typists from the Carol Burnett show, on the site 8 years, 4 months ago
I believe, if the management has to sign on agreeing that they are responsible for the financial accounting that is happening within their company, it mandates the management to have adequate internal control and also maintain that control.
To maintain this type of control, a framework is established by management and there is an audit team to…[Read more] -
Priya Prasad Pataskar posted a new activity comment 8 years, 5 months ago
Great post Annamarie!
I also think having compliance driven controls helps increase profitability in some cases.
There would be a huge one time cost to establish compliance controls and may take time to be implemented. However, in the longer run the well established control will help the company against fraudulent data, law suits,…[Read more] -
Priya Prasad Pataskar posted a new activity comment 8 years, 5 months ago
Question: Describe a real life example of a company’s profitability-driven controls. What are the differences between a compliance-driven vs. a profitability-driven control?
Compliance driven controls are those regulatory decisions that are taken in order to follow set of procedures and standards. They help establish controlled e…[Read more]
Priya Prasad Pataskar posted a new activity comment 8 years, 5 months ago
I agree with your point Annamarie.
Laws like SOX are not only sufficient but also prove beneficial for the management to establish control over the happenings in the company. SOX mandates to exhibit clarity with the shareholders and thus helps in building trust. -
Priya Prasad Pataskar posted a new activity comment 8 years, 5 months ago
3. In your own words, how would you define a control environment?
Control environment is established by defining set of policies and procedures by the governing body (board of directors/ senior management) of the organization. The control environment establishes the culture, practices and behavior in the organization.
Ex. To list a few…[Read more]
Priya Prasad Pataskar posted a new activity comment 8 years, 5 months ago
1. Describe a business process you have experienced (either as an external or internal participant) and what your role was?
As an internal auditor I was also responsible for audit scheduling and initiating audit process.
Function : Information and Data Security
Process : Audit Scheduling and Initiating process
Aim : The…[Read more]