Said Ouedraogo

List common control issues associated with operating systems and remediation strategy/plan.

Some common control issues associated with Operating Systems are “Password-Based Attacks”, “Denial-of-Service Attack”, and “Application-Layer Attack”.

A “Password-Based Attacks” is when an attacker gain access to your computer via your user name and…[Read more]

Why is so important to protect operating systems?

The Operating System is the heart of your computer, without it your computer can “live” (operate). It is like a translator between the user and the computer. That being said, it is crucial to protect your OS; otherwise you will find yourself in a bad situation. In fact, the OS controls your…[Read more]

The CEO should be part of the 5,000 employees who got fired. He is incompetent (because he does not know what is going on in his company) or he was aware of the fraud. Francly, I think he was aware of the fraud but decided not to react.
The worst thing is that the fraud did not even increase the bank revenue. It’s a risk that managers and…[Read more]

Which portion of the Order to Cash (OTC) process do they see as the most vulnerable to theft, fraud or failure of some kind? Explain.

I think the shipping note/delivery is the most vulnerable portion of the Order to Cash. The all process is considered complete only when the customer receive the product. The shipping portion is then critical to…[Read more]

My weekly news post is about a video that relates Wells Fargo fraud. As we talked about it last week, Wells Fargo was fined $190 million because of 1.5 million fake accounts created by multitude employees. Out of the $190 million fine only $5 million will go to the victims.

The company fired more than 5,000 employees and said they will invest…[Read more]

My weekly news post is about a video that relates Wells Fargo fraud. As we talked about it last week, Wells Fargo was fined $190 million because of 1.5 million fake accounts created by multitude employees. Out of the $190 million fine only $5 million will go to the victims.
The company fired more than 5,000 employees and said they will invest in…[Read more]

What is an information risk profile? How is it used? Why is it critical to the success of an organization’s risk management strategies and activities?

An information risk profile documents the types, amounts and priority of information risk that an organization finds acceptable and unacceptable. This profile is developed collaboratively with n…[Read more]

List risks associated with database management systems (DBMS)

– Easily guessed passwords
– Missing Patches
– Misconfigurations
– Excessive Privileges
– Web application attacks (SQL-injection) •
– Insider mistakes
– Weak or non-existent audit controls

Source: Slide decks

Key benefits of relational databases vs traditional file system?

– Reduce data redundancy
– Improve data integrity
– Data and program independence
– Improve strategic use of data
– Improve security

However, relational databases are more complex, expensive, and difficult to recover from a failure.

Source:…[Read more]

What are key characters of relational database management systems?

A relational database is a collection of data items organized as a set of formally described tables from which data can be accessed easily. It is created using the relational model. The software used in a relational database is called a relational database management system…[Read more]

In fact, completeness does not mean anything if the data are not accurate. I think that it can be complete if it is not accurate. We must be sure of the accuracy of all data before asserting anything, because a single mistake makes the whole process questionable.

You are absolutely right. This happens all the time, even if companies say that they have bidding process to chose suppliers. It is really easy to come with a scheme in a company. In fact, if the person responsible for purchasing and one or two persons from the bidding process committee team up, they can do a lot of bad things.

It was difficult to “blow the whistle’ knowing that she was your boss and that you were an intern. You will have been seen as the ‘troublemaker”.

Didn’t you have an insurance?
And sometimes it is better to do research before contracting those vehicle shipping companies because some of them are just a fraud.

Which portion / step of the Procure to Pay process do they see as the most vulnerable to theft, fraud or failure of some kind?

“P2P involves the transactional flow of data that is sent to a supplier as well as the data that surrounds the fulfillment of the actual order and payment for the product or service”.
That being said I think that the…[Read more]

In fact, it is better if both the customer and the auditor work together. Since, it is the auditor who found the issues, his/her point of view on how to solve them can be really helpful. Based on that the customer can develop an action plan.

The US Gets Its First Cyber Security Chief

Last Thursday, the White House named a retired brigadier general as the government’s first federal cyber security chief. In fact, General Gregory Touhill will be the first Chief Information Security Officer (CISO) of the United States of America. His job will be to protect government networks and…[Read more]