-
Yang Li Kang's profile was updated 8 years, 1 month ago
-
Yang Li Kang posted a new activity comment 8 years, 1 month ago
2.5 Million Possibly Impacted by New Malware in Google Play
2 Malwares managed to slip through Google Bouncer and made available via Google Play. The two malwares were disguised as apps as well as embedded in many top rated apps in the store. The first malware called CallJam was designed to make fraudulent phone calls through the allure of free…[Read more]
-
Yang Li Kang commented on the post, Week 2 Questions, on the site 8 years, 1 month ago
I really like your pizza analogy :D. I completely agree. A control framework serves as a baseline for all audit to follow. This ensures uniformity and sort of a guarantee that if the framework is followed, the IT infrastructure of the company would be governed correctly.
-
Yang Li Kang posted a new activity comment 8 years, 1 month ago
This is interesting. I never knew that sharing information about cyber attacks were sue-able. This is definitely a step in the right direction towards combating the same enemy. But it also makes me wonder, what if the cyber attack came from a competitor?
-
Yang Li Kang posted a new activity comment 8 years, 1 month ago
While I do agree that preventive control is the most important, I think that both detective and corrective control are also very important and should not be downplayed. The key is that preventive control only MINIMIZES risk. They do not eliminate them. Loss can still happen, and when they do, the two other controls play a huge role in preventing…[Read more]
-
Yang Li Kang posted a new activity comment 8 years, 1 month ago
Preventive control is definitely most important, but complete prevention is impossible. From your Dropbox example, Dropbox may have taken the best preventative measure but they were still a victim of data breach. The other two measure are important when preventive controls fail.
-
Yang Li Kang posted a new activity comment 8 years, 1 month ago
What are the 3 types of risk mitigating controls? Which is the most important? Why is it the most important?
The 3 types of risk mitigating controls are:
1) Preventive Control – A set of measures taken in order to reduce a risk from happening
2) Detective Control – Measure taken to determine the the cause of the loss event once it has…[Read more]
-
Yang Li Kang posted a new activity comment 8 years, 1 month ago
Why do we need control framework to guide IT auditing?
A control framework is needed to ensure a uniform thorough audit is performed by all IT auditors in all organizations. A framework is established to adhere to compliance and optimized to be effective. A framework creates a standard of IT governance that all organization should meet in order…[Read more]
-
Yang Li Kang posted a new activity comment 8 years, 1 month ago
Comparing ITIL and COBIT: list some key similarities and difference based on your understanding
COBIT and ITIL are both tools and guidelines that should be used by organizations to govern and manage IT-related services.
The distinction between COBIT and ITIL is that COBIT focuses more how to govern the use of IT in order to add value to the…[Read more]
-
Yang Li Kang posted a new activity comment 8 years, 1 month ago
What are the key activities within each phase?
1) Planning
-The request of an audit will be given to the audit manager.
-The audit team will conduct a preliminary survey of the department that requested the audit to have a deeper understanding of the functions and systems being reviewed.
-Consult with the client to receive their input on…[Read more] -
Yang Li Kang posted a new activity comment 8 years, 1 month ago
Explain the key IT audit phases
1) Planning
Before starting an audit, it is important to plan the entire audit to ensure it is executed effectively. The objective and scope of the audit should be determined so there is a clearly define direction where the audit should head without being side-track part ways through the audit.2) Fieldwork…[Read more]
-
Yang Li Kang posted a new activity comment 8 years, 1 month ago
Sensitive User Data Exposed in OneLogin Breach
This article is about a breach in one of OneLogin’s service Secure Notes, which allows users to store sensitive information such as passwords and license keys. You would think that such service would keep security their number one priority but apparently a bug caused the data to be visible in clear…[Read more]
-
Yang Li Kang commented on the post, Week 1 Questions, on the site 8 years, 1 month ago
Although much of what’s shown in the video was internal, such as co-workers gaining unauthorized access to private information and theft within the company, the actions shown in the videos also exposes vulnerabilities to external threats. For example, if a contract worker such as cleaners were to come across all those information and devices. Who…[Read more]
-
Yang Li Kang commented on the post, Week 1 Questions, on the site 8 years, 1 month ago
As many of our classmates have commented, yes, I do believe incorrect data entry is an IT risk. I think that IT in general is merely a tool that we use in order to simplify business and smoothen business process. People create IT system and people operate IT systems. The room for human error is always present as long at people are behind the IT…[Read more]
-
Yang Li Kang posted a new activity comment 8 years, 1 month ago
I agree, IT in general are merely tools used to make business process run quicker and smoother. IT itself can never cause any harm or damage to the business. It is usually the human operating the IT systems will cause harm.As you mentioned, employees who are negligent towards IT are one of the main reason for data breaches in an organization. This…[Read more]
-
Yang Li Kang posted a new activity comment 8 years, 1 month ago
What are some current system-related risks that you have experienced in your organization?
From my experience working in Temple’s International Admissions Office, some of the system-related risks I’ve experienced are:
1. Inputting a wrong scholarship code for a student. An admission counselor may input a wrong scholarship code a student. The…[Read more]
-
Yang Li Kang posted a new activity comment 8 years, 1 month ago
What are some current system-related risks that you have experienced in your organization?
From my experience working in Temple’s International Admissions Office, some of the system-related risks I’ve experienced are:
1. Inputting a wrong scholarship code for a student. An admission counselor may input a wrong scholarship code a student. The…[Read more]
-
Yang Li Kang posted a new activity comment 8 years, 1 month ago
Do ITACS students represent information security vulnerabilities to Temple University, each other, or both?
Explain the nature of the vulnerabilities ITACS students represent in the context(s) you chose?
I do believe that ITACS students represent information security vulnerabilities to Temple University and the other way round.
Some…[Read more]
-
Yang Li Kang commented on the post, Week 2: Questions, on the site 8 years, 1 month ago
Walmart actually looks for suppliers who meet their own standard. I believe I read in a case study from Harvard Business Review that Walmart is such a huge player in the retail industry that suppliers cannot afford to lose their business partnership. They are almost forced to sell their products at a low price to Walmart or risk losing their sales…[Read more]
-
Yang Li Kang commented on the post, Progress Report for Week Ending, March 22, on the site 8 years, 1 month ago
As Ming Hu commented, all company within the industry will have to comply to the same laws. This places them on an even playing field. It is then up to the companies reduce cost elsewhere in order to increase profitability. Companies who does this well will rise to the top in terms of profitability.
- Load More