-
Sean Patrick Walsh posted a new activity comment 8 years ago
“Creating a Risk Intelligent Organization”
This article discusses how many businesses have spent a lot of time building risk frameworks and processes to mitigate risks, but how they often fail from a lack of risk oriented culture. The author describes the importance of how risk awareness throughout a business’s culture, from the top to the…[Read more]
-
Sean Patrick Walsh posted a new activity comment 8 years ago
“Creating a Risk Intelligent Organization”
This article discusses how many businesses have spent a lot of time building risk frameworks and processes to mitigate risks, but how they often fail from a lack of risk oriented culture. The author describes the importance of how risk awareness throughout a business’s culture, from the top to the…[Read more]
-
Sean Patrick Walsh posted a new activity comment 8 years ago
All of my information was captured in that OPM hack from my SF-86 data for my govt clearances.
-
Sean Patrick Walsh commented on the post, Progress Report for Week Ending, March 15, on the site 8 years ago
I totally agree and only brought it up from personal experience in the military. What is put out by “the brass” in D.C, and what is said by your Commanding Officer, can be totally lost by the time it gets down to whoever is directly in charge of you and your colleagues. I believe they are both important, but figuring out how to get them both…[Read more]
-
Sean Patrick Walsh commented on the post, Week 1 Questions, on the site 8 years ago
Let us know how your recommendation goes!
-
Sean Patrick Walsh posted a new activity comment 8 years ago
Information security is a technical problem and a business problem. Since information is digitized to such a degree today, its security is in the hands of IT professionals. Their training and expertise is needed to properly secure data and to create safe and reliable methods to access and transport data. The IT personnel need to develop training…[Read more]
-
Sean Patrick Walsh posted a new activity comment 8 years ago
In your simplified example, how might you approach attempting to quantify the loss to the business of “good will” from a data loss scenario (i.e. hacking data)? Would the business have to also quantify the loss due to compliance lawsuits like Target did in its security breach a couple years ago?
-
Sean Patrick Walsh commented on the post, Happy Birthday SNL // the typists from the Carol Burnett show, on the site 8 years ago
I agree with your example. If an auditor cannot independently perform an audit than there is much more chance that the auditor will miss something by having to rely on the benevolence of employees to show them the correct information the auditor is looking for. By having the technological skills necessary to perform the audit independently…[Read more]
-
Sean Patrick Walsh commented on the post, Happy Birthday SNL // the typists from the Carol Burnett show, on the site 8 years ago
I thought it was concerning that an employee could have their password reset over the phone. That makes a social engineering attack much more possible.
-
Sean Patrick Walsh commented on the post, Happy Birthday SNL // the typists from the Carol Burnett show, on the site 8 years ago
Is it HTTP sites specifically, or insecure sites in the sense of sites with malware embedded? Has anybody suggested to the IT personnel to update firewall settings or set a content filter prevent going to those types of sites?
-
Sean Patrick Walsh posted a new activity comment 8 years ago
Week One You-Tube Video:
What issues did you identify from this video?
There was a complete lack of awareness and respect for basic security controls. A room required to be secured was left open. Company equipment was insecurely transported outside of the business which allowed a thumbdrive to be lost. Passwords were left unsecured around…[Read more]
-
Sean Patrick Walsh posted a new activity comment 8 years ago
Describe a real life example of a company’s profitability-driven controls. What are the differences between a compliance-driven vs. a profitability driven control?
A profitability-driven control is meeting a minimum gross sales margin. A gas station knows how much to charge for each gallon of gasoline sold each day based upon the market rate o…[Read more]
-
Sean Patrick Walsh commented on the post, Happy Birthday SNL // the typists from the Carol Burnett show, on the site 8 years ago
I am not sure I agree that your examples were failures of SOX. SOX instituted the require that CEO’s personally certify their business’s financial reports. The bill also gave SOX “teeth” by making the CEO criminally liable for materially misleading financial statements. If the SEC and/or the DOJ declined to bring any charges against executives in…[Read more]
-
Sean Patrick Walsh commented on the post, Happy Birthday SNL // the typists from the Carol Burnett show, on the site 8 years ago
In your own words, how would you define a control environment?
I would define a control environment by the corporate culture regarding ICS. When a business has an ICS in place and the management takes the ICS policy and procedures seriously, the attitude of the company toward control systems is reflected as such. The attitude and culture of…[Read more]
-
Sean Patrick Walsh commented on the post, Happy Birthday SNL // the typists from the Carol Burnett show, on the site 8 years ago
What is the purpose of all auditors having some understanding of technology?
The purpose of all auditors having some understanding of technology helps make it harder to hide fraud and corruption in a business. Most businesses incorporate technology into their business processes and functions at every level. Auditors need to have a basic and…[Read more]
-
Sean Patrick Walsh commented on the post, Happy Birthday SNL // the typists from the Carol Burnett show, on the site 8 years ago
How does the control environment affect IT?
The control environment can affect IT by requiring mandatory compliance with laws and regulations. Certain laws require a separation of duties and responsibilities. For example, certain employees in a business may have the ability in SAP to create an entry for a new supplier, but that same employee…[Read more]
-
Sean Patrick Walsh commented on the post, Happy Birthday SNL // the typists from the Carol Burnett show, on the site 8 years ago
I agree with you that the video presented a lack security awareness and understanding of importance. There were also the employees who purposely took their colleague’s password to login into the system to look at payroll data of other employees. Security controls can help mitigate many risks, but personnel who are “up to no good” are very…[Read more]
-
Sean Patrick Walsh commented on the post, Happy Birthday SNL // the typists from the Carol Burnett show, on the site 8 years ago
What are some current system-related risks that you have experienced in your organization?
I know while I was still in the military that there was a significant problem with personnel connecting flash drives, iPods, etc. to govt networks and systems. This caused a lot of issues because many times personnel would unknowingly infect the network…[Read more]
-
Sean Patrick Walsh commented on the post, Happy Birthday SNL // the typists from the Carol Burnett show, on the site 8 years ago
Did you ever receive paperwork for an order not in the system? I imagine that data can get lost for a number of reasons. Was there a policy in place for you to follow to make corrections, or did you have to escalate to somebody with a higher level of authority?
-
Sean Patrick Walsh commented on the post, Happy Birthday SNL // the typists from the Carol Burnett show, on the site 8 years ago
Bernie Madoff ran a private investment firm, whereas SOX’s requirements are more for publicly traded corporations. So Madoff had much more control over the corruption that he was a part of. If the financial collapse had never taken place in 2008/2009, I wonder if we’d have even known about what he was doing.
I think the requirements and…[Read more] - Load More