-
Yu Ming Keung posted a new activity comment 7 years, 11 months ago
Fred, good post, I believe the performance test is the most common way to help an organization determine whether or not its network capacity is adequate. Then they can compare the result with the previous results or the capacity to check the network capacity. It is critical for the network to have excessive/more capacity to avoid DDoS attack.
-
Yu Ming Keung posted a new activity comment 7 years, 11 months ago
Hi Mengxue, Great post, I like how you stated that Spear phishing should be a bigger threat to an organization because targets the specific organization with collecting specific contents. And you outstanding example shows how the spear phishing hacker will ask for the customer list. Spear phishing does not have to be carrying malicious software or…[Read more]
-
Yu Ming Keung posted a new activity comment 7 years, 11 months ago
Question 3: In the contexts of being attacked by or unwittingly becoming a resource for distributed denial of service (DDoS), which is a bigger threat to an organization’s network and computer resources and why: Spam phishing or Spear phishing?
In the contexts of being attacked by a resource for distributed denial of service (DDoS), I would s…[Read more]
-
Yu Ming Keung posted a new activity comment 7 years, 12 months ago
Major DDoS Attack Causes U.S. Outages on Twitter, Reddit, Others
This week I found the news about a large distributed denial of service attack (DDoD) directed at DNS, internet performance management company Dyn caused Website outages for a number of its customers including Twiiter, Reddit and Spotify affecting mostly the eastern US. Dyn took…[Read more]
-
Yu Ming Keung commented on the post, Week 8: Questions, on the site 7 years, 12 months ago
I have never thought that changes can only be made by the authorized person. I would describe that one posting period is the first layer of security and the authorized user to make corrections is the second layer of security. Companies need to have a clear protocol for how the changes and corrections can be made in SAP to avoid fraud.
-
Yu Ming Keung commented on the post, Week 8: Questions, on the site 7 years, 12 months ago
I also agree that authorization control is the most important control too because authorization is the process of enforcing policies by determining what types or qualities of activities, resources, or services a user is permitted. Other controls will be meaningless if unauthorized users are able to access to the system to create/alter transactions…[Read more]
-
Yu Ming Keung commented on the post, Week 8: Questions, on the site 7 years, 12 months ago
1 Do you believe business rely too much on administrators to configure the security protocols in programs like SAP, rather than look for security in the entire network? Explain
I believe most business rely too much on technology to look for security in the entire network rather than relying on administrators to configure the security…[Read more]
-
Yu Ming Keung commented on the post, Week 8: Questions, on the site 7 years, 12 months ago
Hi Alex,
I strongly agree with you, especially if the password is generated randomly by the system, you have no way to remember the password. The safe thing to do is to write it down and don’t lose it. And we even forget our normal password we created sometimes unless we use the same one for all accounts. I know some there are some password…[Read more]
-
Yu Ming Keung commented on the post, Weekly Question #7: Complete by November 10, 2016, on the site 7 years, 12 months ago
Said, I definitely agree with you, companies without the right protocol tend to knowingly allow their employees to commit frauds. It is one of the biggest risk that could result in a loss of the company’s reputation. I would say that companies are the victims of a hack resulting less reputation loss and the public will forgive them, whereas they…[Read more]
-
Yu Ming Keung commented on the post, Weekly Question #7: Complete by November 10, 2016, on the site 7 years, 12 months ago
4. You’ve used various computer systems in your lifetime, career. System security is complex and often maligned as cumbersome, difficult, bureaucratic, etc. Have you seen these problems in your experience? Explain
The company I used to work for is a small estate real company and I did not see high system security taken place in the company. H…[Read more]
-
Yu Ming Keung commented on the post, Weekly Question #7: Complete by November 10, 2016, on the site 7 years, 12 months ago
2. What is the relevance of only being able to have one posting period open at a time for real time postings? What does this prevent from happening?
In general, the individual posting periods correspond to a calendar month and usually, at any one time, only one posting period may be open. The main reason for having one posting period open at a…[Read more]
-
Yu Ming Keung posted a new activity comment 7 years, 12 months ago
Outsourcing and SLA audit questions
How will actual performance be measured?
How frequent should we review the outsourcing performance?
What does outsourcing cover?
Cost, risks, time period, working hours, contract terms
Outsourcing vendors and location -
Yu Ming Keung commented on the post, Week 7 Questions, on the site 7 years, 12 months ago
I agree with you Yang, outsourcing vendors are the experts in the field and they should have the highest security level and plan to mitigate the risks. Companies are basically transferring risks but they should still be responsible for the outsourced functions.
-
Yu Ming Keung commented on the post, Week 7 Questions, on the site 7 years, 12 months ago
Good questions Alex!
I think all the questions you suggested help the auditors determine the conditions, pros and cons of the SLA. And I especially like the one that asks the back-up procedure of the outsourcer because if they don’t have it, it would be a risk for the company.
-
Yu Ming Keung posted a new activity comment 7 years, 12 months ago
Hi Yulun,
Great post, the video really helped me understand the difference between both Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP). This video describes how they are different and simplified reasons on why. It also points out that the IT department or head should help the company write the disaster plan because they have…[Read more]
-
Yu Ming Keung posted a new activity comment 7 years, 12 months ago
Nice post Andres,
I liked how you provide the components of BCP. All companies should develop their BCP based on those components. I think the Plan of transition in the event is extremely important because it can help the company locate where they are and how they can react and transit during the event.
-
Yu Ming Keung posted a new activity comment 7 years, 12 months ago
Good post Shahla,
Even though both DRP and BCP sound similarly, they are totally different from each other. Disaster recovery plan focuses on how to recover from the event, whereas Business Continuity plan focuses on how to maintain its main functions during or after the event.
-
Yu Ming Keung posted a new activity comment 7 years, 12 months ago
Good example Ahbay,
Hospitals usually have a special control to mitigate the risk of running out of power. It is one of the Business Continuity Plan (BCP) example, which is really important to make the patient’s safety. In the same case, companies should be able to operate at a minimum level to not affect the consumers.
-
Yu Ming Keung posted a new activity comment 7 years, 12 months ago
Yahoo Confirms 500 Million Accounts Were Hacked by State sponsored Users
Yahoo finally found it’s been hacked in 2 years and they slowly responded to the serious hacking influencing 500 yahoo mall users. Over a month ago, a hacker was found to be selling login information related to 200 million Yahoo accounts on the Dark Web, although Yahoo…[Read more]
-
Yu Ming Keung posted a new activity comment 8 years ago
Explain common SLA issues identified by auditors
A service-level agreement (SLA) refers to a contract between a service provider and its internal or external customers that documents what services the provider will furnish and defines the performance standards the provider is obligated to meet.
the issues identified by auditors:
1.…[Read more] - Load More