Wen Ting Lu

Just want to add in what you mentioned, separation of duties is a classic security method to manage conflict of interest, the appearance of conflict of interest, and fraud. I agree with you that it’s important to segregate the person who handles the cash from who records the cash in the accounting system. This reduces the risk that cash will be…[Read more]

I agree with you Fangzhou.

ERP system stores an organization’s sensitive information, information security has become the major concern for companies that implementing ERP system. Someways to secure ERP system include limiting data access, keeping user activity logs, maintaining firewalls and encryption. In addition, by implementing two-factor…[Read more]

Hi, Yu Ming

You brought up some very good questions in regard of the security concerns with the ERP system. By doing some research online I found that ERP system can leverage the current system to continuously monitor and
improve their internal controls through periodic or on demand controls or specialized reports. For example, there are SAP…[Read more]

3. What key (1-2) competencies does the person responsible in a company for security (e.g. for a given process) need to have to be successful? Why?

I think one of the most important competencies the person responsible in a company for security need to have to be successful is having integrity & honesty. It’s significant that this personnel i…[Read more]

Hi, Fangzhou

You are absolutely right that spam phishing is widely affected. I found some statistics online that was very interesting. There was a campaign, it sent 1000000 messages through spam phishing attack, the open rate was 3%, and click through rate was 5%. However, only 1000 message sent through spear phishing, the open rate was 70%,…[Read more]

Hi, Yuming

You made great points. One thing I want to point out is that spam messages often contain images that the sender can track. When you open the email, the images will load and the spammer will be able to tell if your email works, which could result in even more spam. What we can do as email users to avoid this is by turning off email…[Read more]

Massive DDoS Attack Knocks Out Twitter, Box, Spotify

The article I read talked about the DDoS attack targeted New Hampshire-based company Dyn and its managed DNS infrastructure. The company originally said it restored operations around 9:30 a.m. Eastern Time. However, a second attack followed that knocked Twitter and others offline again for…[Read more]

Outsourcing and SLA audit questions

-Does the outsourcer have adequate back-up procedures?
-Does the outsourcer have adequate physical access controls and
administration and maintenance?
-Is vendor performance monitored?
-Will the SLA include service-level credits?
-Are billings and payables verified to the contract for validity?

You are right that it’s important to know how ERP system works, if general I/T people don’t know how The ERP system works, then it’s challenge for them to implement controls to protect the system and resolve issues.

Hi, Jaspreet

I agree with you that having to remember different passwords for multiple accounts that we have is annoying. However, we cannot be careless because system security is very important. There are still people lack the awareness of the how serious leak passwords and account information are. If you use very simple passwords or reuse the…[Read more]

Just to add in, it also limited user to make changes from other posting period to prevent them committing fraudulent acts.

Absolutely, it’s important for companies to compliance with regulation. You are right that to have one posting period open at a time for real time postings reduce human error from recording to a different posing period. In addition, it prevent fraudulent activities from happening, it prohibited authorized users to have access to make any changes…[Read more]

3. Consider the list of financial and accounting controls. Rank them. Which to you believe is the most important, the least. Why?

I have found seven accounting and financial control procedures after Google research. Below are the list of the seven controls, I would rank them from most important to the least important.

1. Access…[Read more]

How would you determine if an organization’s network capacity is adequate or inadequate? What impacts could be expected if a portion of an organization’s network capacity is inadequate?

Capacity planning is the process of determining the production capacity is adequate or inadequate needed by an organization to meet changing demands for its pro…[Read more]

4. You’ve used various computer systems in your lifetime, carreer. System security is complex and often maligned as cumbersome, difficult, beurocratic, etc. Have you seen these problems in your experience? Explain

Password is one of the major system security concern that we all have, no matter it is for work, school, or personal. As s…[Read more]

2. What is the relevance of only being able to have one posting period open at a time for real time postings? What does this prevent from happening?

You can open as many posting period as you want in SAP. Generally, for business only the current posting period is kept open for a fiscal year to enter transactions related to that period. The…[Read more]

1. Do you believe business rely too much on administrators to configure the security protocols in programs like SAP, rather than look for security in the entire network? Explain

I don’t think business rely too much on administrators to configure the security protocols in programs like SAP. I think business should focus on security in the e…[Read more]

Hi, Joshua

Change from traditional passwords to biometrics is very interesting, and it’s become popular especially for the banking industry. Traditional passwords are either too cumbersome or no longer secure due to growing number of data breaches. Some of the nation’s largest banks are increasingly using fingerprints, facial scans and other…[Read more]

Hi, Yulun

You are right that we have so many accounts for school, work, and personal. It’s difficult for us to memorize all those passwords. Most of time, people will choose to use the same password for all their accounts, which is not a good way to secure their sensitive information. There is actually a way to save your passwords for the…[Read more]

Hi, Abhay

Thanks for sharing the hospital example! It’s very important to have Business Continuity Plan (BCP) to guide the hospital in response to an emergency/disaster situation or a mass casualty incident. Patients’ safety should be hospital’s priority concern. Also, organizations should strengthening their capacity to scale their response…[Read more]