-
Tamer Tayea posted a new activity comment 7 years, 10 months ago
The VPN will allow remote connectivity in secure manner , the VPN is good business productivity tool for mobile workforce.
One of crucial tools to secure VPN is use of two factor authentication 2FA. -
Tamer Tayea posted a new activity comment 7 years, 10 months ago
Hi Fangzhou,
Nice recap SLA auditing concerns, however one auditor’s major concern is lack of documenting SLA measurable metrics like availability, performance, response time, location of data, issues resolution process, and other measurable quality of services metrics. Another concern is related to outsourcing vendor’s security practices and…[Read more]
-
Tamer Tayea posted a new activity comment 7 years, 10 months ago
Hi Sean,
The service metrics is good measure of SLA , the challenge is how accurately measure SLA in outsourced environment . Monitoring outsourced services for uptime is mu8ch easier than monitoring service response time.
-
Tamer Tayea posted a new activity comment 7 years, 10 months ago
Ariana,
Good summary for risks of outsourcing. I would like to add the risk of compliance, as well as issues arising around how to effectively measure SLA performance metrics.
-
Tamer Tayea posted a new activity comment 7 years, 11 months ago
Outsourcing and SLA audit questions
– Do you have business management expectations defined in SLA agreement?
– Does business have internal policies on how to manage SLA risks?
– Does the outsourcing contract include expected availability, performance, response time, location of data, issues resolution process and other measurable quality of…[Read more] -
Tamer Tayea posted a new activity comment 7 years, 11 months ago
Explain common SLA issues identified by auditors
– SLA may not clearly document expected availability, performance, response time, location of data, issues resolution process, and other measurable quality of services metrics.
– SLA may not document infrastructure and security standards used by outsourced vendors.
– SLA may not be in line with…[Read more] -
Tamer Tayea commented on the post, Week 7 Questions, on the site 7 years, 11 months ago
What controls can be implemented to mitigate the risks associated with outsourcing?
– Establish agreed upon SLA including availability, outage events handling procedure.
– Establish process for regular communication particularly when outsourced application experience availability/security events.
– Establish confidentiality agreement and…[Read more] -
Tamer Tayea posted a new activity comment 7 years, 11 months ago
What are the benefits and risks of out-sourcing?
The benefits of outsourcing are mainly cost savings, potential increased efficiency, in addition to offloading outsourced services to skilled providers.The outsourcing risks are:
– All the compliance risks the business manages with in-house service will still be managed with outsourcing…[Read more] -
Tamer Tayea commented on the post, Week 6 Questions, on the site 7 years, 11 months ago
What are the advantages of VPN?
VPN or virtual private network protocol is used to extend local area network “LAN” data resource access to users connecting remotely with high degree of security and privacy. The remote systems (Laptop, PC, Server) uses VPN protocol to securely connect to LAN systems as if the remote system in part of the local are…[Read more] -
Tamer Tayea posted a new activity comment 7 years, 11 months ago
What is OSI model? What’s the main function of each OSI layer?
Layer 1: Physical Layer
This is first layer in ISO model, represents physical characteristics of operating system communication channel including electronics specifications and optical signals used for communication. It manages network media types like CAT5 Twisted Pair, SFP O…[Read more] -
Tamer Tayea posted a new activity comment 7 years, 11 months ago
Why is so important to protect operating systems?
Protecting operating systems (OS) is important due to nature of functions performed by OS system wide. The OS is responsible for managing all compute functions running on system sharing hardware system resources (CPU, Memory, Disk, I/O devices). The OS manages process multitasking, resource…[Read more]
-
Tamer Tayea posted a new activity comment 7 years, 12 months ago
Key benefits of relational databases vs traditional file system?
Relational database:
– Database is structured data logically combined based on selection of database keys and table relations.
– Store related data in 2 dimensional array.
– Use specific format based on database system used (Oracle, MySQL).
– Data are being saved to database in…[Read more] -
Tamer Tayea posted a new activity comment 7 years, 12 months ago
List risks associated with database management systems (DBMS)
One of the goals for DBMS is to secure databases against risks posed against the database. The risks vary from intentional hacking to expose data (confidentiality and privacy), commit fraud by altering data records (integrity), or bring database down (availability) and disrupt user…[Read more]
-
Tamer Tayea posted a new activity comment 7 years, 12 months ago
What are key characters of relational database management systems?
Relational Database is collection of two dimensional data stored in rows and columns.
The Database Management Systems DBMS provides:
– Database pro-active maintenance services like indexing for quick data retrieval of specific group of database records based on primary key.
-…[Read more] -
Tamer Tayea commented on the post, Weekly Question #8: Complete by November 2, 2017, on the site 8 years ago
Why do we need control framework to guide IT auditing?
A control framework is a way to categorize business established internal controls, it also establishes audit process and procedure intended to create business value and minimize risk.
The adoption of a control framework to guide IT auditing provides best practice methodology to Improve…[Read more] -
Tamer Tayea commented on the post, Weekly Question #8: Complete by November 2, 2017, on the site 8 years ago
Comparing ITIL and COBIT: list some key similarities and difference based on your understanding.
COBIT (Control Objectives for Information and Related Technology) and ITIL (Information Technology Infrastructure Library) have been used in IT business process management to drive business value.
ITIL mainly focuses on IT service delivery and…[Read more] -
Tamer Tayea posted a new activity comment 8 years ago
Explain the key IT audit phases. What are the key activities within each phase?
Planning, Preliminary Survey & Risk Assessment
– Client engagement and Acceptance.
– Define audit scope and objective.
– Identify areas of Fraud Risks and potentials responses.
– Understand business process and IT Involvement Environment.
– Understand current…[Read more] -
Tamer Tayea posted a new activity comment 8 years ago
How does the control environment affect IT?
The control environment intended to give acceptable level of assurance regarding business operations effectiveness, business operation efficiency, proper functional/financial reporting, and adherence to applicable laws and regulations. IT is in the heart of the internal control process.
IT…[Read more]
-
Tamer Tayea commented on the post, Week 1 Questions, on the site 8 years ago
What is the purpose of all auditors having some understanding of technology?
Auditors will need to ask for some reports and section of certain logs and they should be able to interpret of those reports. Example: Auditor may ask to get list of users with root access on ERP Data Base servers or get list of networks on firewall perimeter and list of…[Read more] -
Tamer Tayea posted a new activity comment 8 years ago
What are some current system-related risks that you have experienced in your organization?
Systems related risks are related to networks, systems, or user’s device, each of these component pose potential risk to IT environment.
– Misconfigured or none-patched systems, firewall or user device may be exploited.
– Applications without proper s…[Read more] - Load More