-
Yu Ming Keung posted a new activity comment 8 years ago
Nice post Fred,
I like how you list the benefits if an organization does follow both the frameworks. COBIT and ITIL provide a top-to-bottom approach to IT governance and control. According to ISACA, COBIT guides management’s priorities and objectives within a holistic and complete approach to a full range of IT activities. ITIL supports this…[Read more]
-
Yu Ming Keung posted a new activity comment 8 years ago
Why do we need control framework to guide IT auditing?
1. help implement IT governance, and enterprises
2. Risk assessment to identify risks
3. Risk response, control activities to mitigate or transfer risk
3. Event identification to further investigate
4. Monitoring – continuous monitoring / maintenance after an event to ensure the…[Read more] -
Yu Ming Keung posted a new activity comment 8 years ago
Preventive – controls that prevent the loss or harm and reduce the risk from happening in the first place. Examples of preventive controls are segregation of responsibilities and firewalls
Detective – controls that monitor activity to record issues after it has happened. An example of detective controls is performing an audit.
Corrective -…[Read more]
-
Yu Ming Keung posted a new activity comment 8 years ago
COBIT (Control Objectives for Information and Related Technology)
ITIL (Information Technology Infrastructure Library)Similarities:
Purpose:
Both frameworks provide guidance for the governance and management of IT-related services by enterprises, whether those services are provided in-house or obtained from third parties such as service…[Read more] -
Yu Ming Keung posted a new activity comment 8 years ago
Q1 & Q2
Explain the key IT audit phases
What are the key activities within each phase?
1. Planning
– to determine the objectives and scope of the audit to perform the audit
– develop a series of steps to be executed in order to accomplish the audit’s objectives.
– obtain a basic background and understanding of the area to be reviewed b…[Read more] -
Yu Ming Keung posted a new activity comment 8 years ago
Ahbay,
I completely agree with your point that human factor is one of the biggest issue for information security. Every business is different so that an organization security is necessary to align with its business goals and strategy. How to defense the information from data breach is a technical problem. However, If the company lost its most…[Read more]
-
Yu Ming Keung posted a new activity comment 8 years ago
Nice post Priya,
I just want to add some of my thoughts to your point 1. Temple provides wifi and printing services to all students. We can get access to the networked printing servers through Temple’s computers or our personal computer by sending email. It is easy, convenient and comfortable. However, the printer will store our documents in…[Read more]
-
Yu Ming Keung posted a new activity comment 8 years ago
I agree with you all. Not only ITACS students but everyone at Temple represents information vulnerabilities to Temple, and Temple represents information security vulnerabilities for all students as well because Temple stored our sensitive data in its database where it can be the target to hackers. Let’s say the “TUpay” got hacked, our payment card…[Read more]
-
Yu Ming Keung posted a new activity comment 8 years ago
Great post, Tran!
I completely agree with you that if the latest and best security technology is being employed, it does not mean you are 100% safe. The new technology for now will become old obsolete in one day soon. Companies need to keep an eye on the zero day attack because it is hard to be detected by newest security.
When I was taking…[Read more]
-
Yu Ming Keung posted a new activity comment 8 years ago
Kimpton Hotels Hit with 6-Month Card Data Breach
This accident happened between February and July 2016 and it was published recently. The hotel chain confirmed that a credit card breach at its 60+ restaurants and hotels front desks. The details of the damage is still unknown. Kimption said the malware was installed in its servers that processed…[Read more]
-
Yu Ming Keung posted a new activity comment 8 years ago
Is information security a technical problem, a business problem that the entire organization must frame and solve, or both? Explain the nature of the problem in the context(s) you chose.
Information security is business problem that must be solved by an organization but it requires adequate technical support by the information security m…[Read more]
-
Yu Ming Keung commented on the post, Progress Report for Week Ending, February 23, on the site 8 years ago
I agree with you Priya.
A strong control environment can enhance reliability for the data being transferred within the organization. It basically is a system where all upper and lower level employees can work under the same IT governance to achieve its strategic objectives and safeguard its intellectual assets throughout the organization.
-
Yu Ming Keung commented on the post, Progress Report for Week Ending, February 23, on the site 8 years ago
Good post Daniel!
Other than additional training for employees has to be in place to educate those employees, I think it is very important to train the upper management as well because they also have to treat information security seriously. And the management must show a serious attitude toward the restricted Information security policies for…[Read more]
-
Yu Ming Keung commented on the post, Progress Report for Week Ending, February 23, on the site 8 years ago
Nice post Said.
I think the manager in the video is not strong enough to demonstrate the restricted policies for the workers to follow. He basically approves the workers to ignore such IT policies such as helping the employees to lock off the computer. If the upper management can demonstrate a strong message on how to protect information by…[Read more]
-
Yu Ming Keung posted a new activity comment 8 years ago
What issues did you identify from this video?
1. Passwords are set by workers’ name. Post-it notes with username and password allows co-workersto easily get access to others’ laptops and log into business site to looked at protected and sensitive information.
2. No strong passwords
3. Negative attitude or low awareness toward protecting…[Read more] -
Yu Ming Keung posted a new activity comment 8 years ago
What is the purpose of all auditors having some understanding of technology?
“New technologies have changed how information and data is stored, accessed, processed and created, and who and where it can be accessed by.” All auditors have to have basic and fundamental understanding of today’s technology since having the required skills and kno…[Read more]
-
Yu Ming Keung commented on the post, Week 1 Questions, on the site 8 years ago
I agree with your point. Without a doubt, all types of auditors should be able to understand the relevant technology associated with their auditing process because having the knowledge on hand can help them spend less time in learning the topic.
For example:
Mobile applications such as smartphones and tablets, are now the top areas for…[Read more] -
Yu Ming Keung posted a new activity comment 8 years ago
1. How does the control environment affect IT?
According to COSO, “Control Environment is the set of standards, processes, and structures that provide the basis for carrying out internal control across the organization. A strong overall control environment and attitude can lead to strong controls over decentralized processes and…[Read more]
-
Yu Ming Keung commented on the post, Progress Report for Week Ending, February 23, on the site 8 years ago
I agree with you. The SOX act is an enhance of protection for those investors. Besides of protection, I think the SOX act were established to regain the trust with the investors because the financial numbers are more reliable more under the SOX act. Investors and shareholders won’t invest in a company that they don’t trust so independent auditors…[Read more]
-
Yu Ming Keung posted a new activity comment 8 years ago
1 Describe a business process you have experienced (either as an external or internal participant) and what your role was.
Over my summer, I interned in a real-estate company in California as a junior accountant. I was part of a team of professionals working to manage daily accounting tasks.
My responsibilities included:
1. Assigned to…[Read more]
- Load More