Sean Patrick Walsh

I didn’t even consider an OS as a single point of failure, but you bringing it up in your response is important. A single point of failure makes protecting the integrity and availability of the OS that much more important, especially depending on the network resource the OS is used to interface with (i.e. an individual work station is not as…[Read more]

Great current example! I’m not sure just yet that there were no controls though. There could very well have been controls at Wells Fargo, but the failure point might have been separation of duties. There may have been controls in place that were handled by colleagues, as a “second set of eyes” to look at the record, or the controls may have been…[Read more]

I forgot to address the concept of a legacy OS in a network in my response, so thank you for bringing it up. Many businesses run legacy systems because upgrading is not feasible for one reason or another, or not justifiable for the cost(s) associated. I know when I was in the military, there was a contract with Microsoft to continue to patch the…[Read more]

What are your thoughts on administrative mitigation controls regarding malware protection? I think an administrative policy should be in place regarding malware as well. That policy, along with an employee training program, would help to create security awareness in employees regarding threats in email, web usage, flash drives, etc. The policy…[Read more]

Is it Windows security is not that great, or is it that the majority of businesses use the Microsoft OS which increases the percentage of attacks on that platform? I think a lot of the security vulnerabilities with Windows has to do with the fact that the majority of businesses use that product as their OS which means that the system is constantly…[Read more]

Yulon, I was not aware that BestBuy and Newegg also sold on Ebay. I buy a lot of books online because I am constantly reading, so I had noticed Barnes & Noble sold books on Ebay. That was the only brick and mortar big name seller I had noticed selling on there. Now that you mention those two other companies I wonder if it is actual an ideal…[Read more]

List common control issues associated with operating systems and remediation strategy/plan.

Some common control issues and methods of remediation with Operating Systems are as follows:
– Unnecessary Services/Protocols Running – Run protocol scanners and shell commands such as “netstat” to find out all services running on a system. Then…[Read more]

I agree with your two key competencies selected. The entire process entails both of those aspects from beginning to end as you explained. It’s hard to limit it to just two because I also think a risk awareness mentality is so important as well. Since the person would be responsible for the entire process I think they should be aware of where the…[Read more]

Your example of an employee changing/modifying the delivery address is great. That type of error would cause a loss for the business, and the incorrect changes might not even be intentional either. A separation of duties and a check in the ERP system could help mitigate that type of loss though.

Why is so important to protect operating systems?

The operating system is the software that allows a user to operate a computer system. It is the interface that allows a user to communicate with an entire system that they would not independently be able to communicate with and operate. An OS is what manages all the processes, software, and…[Read more]

That is really good insight to that “link of the chain.” That is definitely an area of the O2C process that involves a lot of moving parts and is the actual physical movement of goods. At that point, like you mentioned, there are more personnel involved in both the business and outside of the business that pose new threats to the order and…[Read more]

2. Which portion of the Order to Cash (OTC) process do they see as the most vulnerable to theft, fraud or failure of some kind? Explain.

Issuing order invoices is the portion of O2C which I see as the most vulnerable to theft, fraud, or failure of some kind. Without proper controls, there is an incentive and opportunity for employees to issue…[Read more]

1. As customers we experience various company’s order to cash process (OTC) whenever we buy something. Which company do you believe has a ‘great’ OTC process? Why?

I prefer any website I can use Paypal for payment personally, but for sake of argument I will say Ebay for example since they allow Paypal payment. Ebay makes it very easy for m…[Read more]

You’re correct about your assumption that many compromises go unreported. I watched an episode of the show “Cyber Wars” on the new Vice News channel recently and it talked about how low the percentage of attacks are actually disclosed to the public. Certain attacks, like those that involve PCI and HIPAA, are required by law to disclose to the…[Read more]

I thought it was really interesting reading the textbook portion on DBMS’s about how many are open source. I think that is both a positive and negative aspect. Having the systems open source allows everybody easy access to the code which helps find vulnerabilities quickly. Once vulnerabilities are found those who discovery them either make the…[Read more]

Wouldn’t a DBMS be less likely than the rest of a business’s network components to be infected by malware? My understanding is that most DBMS’s are well behind a network’s firewalls and IDS/IPS components, and that would make them much less likely to get infected.

3. List risks associated with database management systems (DBMS)

Risks associated with DBMS’s are as follows:
– Improper privileges granted to users
– Single point of failure
– SQL Injection attacks
– Databases are a BIG target for hackers; especially with those storing PCI/PII type data
– Without proper checklists for auditors,…[Read more]

2. Key benefits of relational databases vs traditional file system?

RDBMS’s prevent data redundancy, limit access by requiring logon credentials for authentication, prevent data losses by authorizing different levels of data manipulation to different users, offer portability of access from different locations, data is easier to manipulate to…[Read more]

1. What are key characters of relational database management systems?

Some of the key characteristics of a RDMBS are as follows:
– Tables, rows, and Columns
– Primary and foreign keys
– Attributes to describe data
– Ability to create relationships between data with keys