Yang Li Kang

Hi Wenlin,

I am on the fence about the risk of loss of personal touch. Usually, the business process that is outsource are the supporting processes. These processes are definitely essential to run the business but are limited on how much “personal touch” can be placed on these units. By outsourcing these processes, companies can focus on their…[Read more]

Outsourcing and SLA audit questions

Does the SLAs adequately evaluate the effectiveness of the services to be delivered by the vendor?
Does the SLA have quantitative and qualitative metrics that measures the effectiveness of the service? Are they reasonable and measurable?
Is there a clearly defined customer service level?
Is there a…[Read more]

Explain common SLA issues identified by auditors

– There are no proper Key Performance Indicators so the service provided cannot be monitored or audited.
– There is a lack of control frameworks which expose the organization to threats
– There are no penalties set for under-performance or failure to meet requirements of business
– No agreeme…[Read more]

What controls can be implemented to mitigate the risks associated with outsourcing?

Inadequate outsourcing vendor – Conduct proper research on vendors before selecting an outsourcing partner

Misalignment of process and quality standards – An agreed upon standards and processes must be part of the SLA contract.

Security breach – Requi…[Read more]

You listed risk sharing as a disadvantage of outsourcing. Based on the sources I read, risk sharing is listed as an advantage instead. Outsourcing helps shift certain responsibilities to the outsourced vendor. Since they are specialists, they able to plan risk mitigating factors better. Obviously, this varies based on vendors as some are better…[Read more]

What are the benefits and risks of out-sourcing?

Outsourcing is the transfer of specific business processes from one organization to another organization specializing in that business process. Most organizations cannot handle all aspects of a business process internally due to lack of expertise or high operating cost. Once the task is…[Read more]

Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP) are not synonyms. Rather, DRP can be categorized as a subset of a BCP. BCP is all about maintaining critical business operations following a disaster. The elements necessary for business continuity include the physical location of the place(s) of business, staffing, equipment,…[Read more]

Card Data Stolen from eCommerce Sites Using Web Malware.

RiskIQ, a cloud-based security solutions provider have been monitoring a campaign in which cybercriminals compromise many ecommerce websites in an effort to steal payment card and other sensitive information provided by their customers. The method of attack was called “Magecart” where thr…[Read more]

An electromagnetic pulse (EMP) is a short burst of electromagnetic energy. It may originate from natural or man-made occurrence. It occurs as a radiated, electric, magnetic field or a conducted electric current, depending on the source.

Natural occurrence that cause EMP include:
-Lightning
-Electrostatic Discharge (two charged objects…[Read more]

While I do understand what the article is trying to explain, I do not agree with it. Yes, IT was created with the purpose of making human life easier. Ease of use is a top priority, however it comes at a cost of little to no security. This will not be an issue if we leave in a peaceful environment where no body have any malicious intent. As we…[Read more]

Android Malware Improves Resilience

There have been numerous reports about malwares infecting apps in the Google Play store. One of the possible reason for this is the improvement of Android malwares to both avoid detection and maintain their presence on infected device even after being discovered. The most common technique used is packing…[Read more]

I really liked how you explained the advantages of VPN through the CIA concept as well. However, do you mind explaining how message integrity detects instances of tampering?

Geographical restricted content can be frustrating to face sometimes. I recall the countless number of times where even watching some Youtube videos would be blocked because the content was not available in my geographical region.

What are the advantages of VPN?

Security – A VPN connection between a user and the remote resources are encrypted. Thus, if the user’s VPN traffic is compromised, the user will not be harmed because the attacker will not be able to see what remote sources the user is connected to.

Privacy Protection – Connection through a VPN will not leave…[Read more]

What is OSI model? What’s the main function of each OSI layer?

The Open Systems Interconnection (OSI) Model is a conceptual and logical layout that defines network communication used by systems open to interconnection and communication with other systems.

Physical: the lowest layer of the OSI model, is concerned with the transmission and r…[Read more]

Bad Security Habits Persist Despite Rising Awareness

In the spirit on “Creating a Security Aware Organization Week”, I found an article that actually bring bad news about this topic. It seems that a survey was done in 2016 which found that despite 79% of organizations feel that they learned lessons from cyber-attacks and improved security, only…[Read more]

I just wanted to share that I thought I made a mistake when I used “Windows Server 2012 R2 Data Center” instead of “Standard” which was stated on the assignment. It turns out that there isn’t any technical difference between the two and using either one should be fine.

Windows Server 2012 Editions

I don’t think forgetting your password is that big an issue. I believe most application or software that required login information have the “Forgot your id/password” procedure. People should be able to retrieve their password on their own without contacting the help desk.

I wouldn’t say that the operating system is more important than the hardware. A computer can still operate without an OS through computer language but a computer cannot operate without its hardware. It is as you said, an OS makes operating a computer much easier for people who do not have knowledge in computer language.

Great examples. OS is a very important component of a computer as it pretty much controls it. Virus protection is especially important as who knows who is able to use and control our computer once our computer is infected.