Last night we talked about a variety of storage components and how they all technically worked at a very detailed level. While you may never work in a factory that manufactures hard drives, as an IT Auditor why do you think it is important to understand and appreciate the variety of storage components that exist in an organization?
Reader Interactions
Comments
Leave a Reply
You must be logged in to post a comment.
I think going into IT auditing you have to in way understand and appreciate the different type of technology that come up and where everything started from in general. For all the variety of storage components it is crucial to understand how things work because we’re going to be the ones searching and auditing these different components. Being able to find hidden drives and stuff like that are going to helpful in the career of IT auditing.
Exactly! Do you see how the command line tool DISKPART was beneficial over the GUI tools provided by Windows?
As an IT Auditor you have to be able to find and access all data if you want to be effective. Being aware of how to access all storage components (including hidden) is critical to audit IT and not miss data that people are trying to hide.
I think it is important for us to know about different kinds of storage components and how it works.
First, different storage components have their common functions and also have their special functions that the other one does not have. If we know about these information, sometime we can deal with some hidden problems. It can be a chance for us to become a better person on our position. In our works, sometime we may need to connect with the storage component manufacturers, if we know about the information, we may find out deeper information about the storage components.
I think the most important thing we learn in last class is that how to find the hidden storage components. As IT auditors, the job give us the responsibility find what is wrong in the system and what is going on. If someone wants to hide some information in the system, we should have the capability to find them out. Therefore, it is also important for us to understand how those storage components exactly work.
Using access control as an example, Its almost impossible to properly audit access controls without knowing the principles of identification, authentication and authorization. So while we may never work in a factory that manufactures hard drives, as an IT auditor, I think it is important to understand and appreciate the variety of storage components that exist in an organization because IT auditors might have to perform audits of applications, databases, etc. One of the most important roles of the IT Auditor is to perform audit over critical systems. Without an appropriate understanding of the applications that make up the systems, important IT controls within an organization may not be fully tested and may be ineffective.
A system engineer / database engineer / Network engineer are professionals in their field, they can successfully hide a lot of facts and documents even from an experienced person (an experienced person not as professional as them), how much more hiding these facts from a layman. To catch a “thief”, you need to think like a thief; to catch a monkey you need to act like a monkey. Having an understanding makes it easier to know what to look out for. I would look for hidden files/hard-drives because I know its possible drives/files could be hidden, but If I didn’t know that you can hide files/drives, I wouldn’t bother looking for them right? And again, how do you search for something without even knowing where to search
Using access control as an example, Its almost impossible to properly audit access controls without knowing the principles of identification, authentication and authorization. So while we may never work in a factory that manufactures hard drives, as an IT auditor, I think it is important to understand and appreciate the variety of storage components that exist in an organization because IT auditors might have to perform audits of applications, databases, etc. One of the most important roles of the IT Auditor is to perform audit over critical systems. Without an appropriate understanding of the applications that make up the systems, important IT controls within an organization may not be fully tested and may be ineffective.
A system engineer/database engineer / Network engineer are professionals in their field, they can successfully hide a lot of facts and documents even from an experienced person (an experienced person not as professional as them), howbeit hiding these facts from a layman. To catch a “thief”, you need to think like a thief; to catch a monkey you need to act like a monkey. Having an understanding makes it easier to know what to look out for. I would look for hidden files/hard-drives because I know its possible drives/files could be hidden, but If I didn’t know that you can hide files/drives, I wouldn’t bother looking for them right? And again, how do you search for something without even knowing where to search
Really good points, especially from a control perspective. The example that sticks in my head (particularly with the assignments we had ‘to turn in for tomorrow’s class) is something like encryption controls on hard drives. What I like about these exercises is that we’re learning about different storage types and formats, which is important when you want to secure them.
I think as an IT Auditor, it is important to understand and appreciate the variety of storage components that exist in an organization. Because different storage components have their own function, which can help IT Auditor better perform audit.
It is important for an IT auditor to understand and appreciate the variety of storage components that exist in an organization, because IT auditors may audit different types of storage components. If we know the differences, we can be easier to evaluate the risks in the organization.. If someone wants to find out any information in the storage components, we can easily find it on different systems.
First of all, it is important for IT auditors to understand types, functions, and characteristics of storage component. second, IT auditors need to understand how different storage component work independently and collaboratively in a system. Understanding these concepts will help the IT auditors to better assess risks associated with these storage components and develop appropriate control solutions over it. I remember in the last class, we added extra storage to the system in the virtual machine, however, the added storage space was invisible in GUI before we configured it. This is an excellent example of the importance of understanding different storage components and mechanism behind them. If we didn’t know that storage could be created and intentionally or unintentionally hidden in a system, we would unable to effectively assess risk and security controls when conducting audits.
Storage components are important for an IT auditor to understand since as an IT auditor you need to have the access to get all data and information that exist in the computer and to understand the different way and function every component perform independently. Understand storage components will help an IT auditor to get an overall picture of computer so that can be perform risk assessment more efficient for an organization. This is the reason why understanding storage components is important for an IT auditor.
As an auditor I will be expected to understand the organization’s storage system. Whether it is effective, and if it secure. I enjoyed the aspect of the class where we used the diskpart to see all the disks that we could not see from the graphical interface. The task manager role was also an interesting discussion. We could see which processes are being executed at a time, which ones are using up most of the memory. The background processes can also be viewed here. Sometimes you wonder why a computer is slow only to find there are some processes running that you were not aware of
.
The performance monitor gave us a view into the overall performance of the computer. For example, the Processor Queue Length can be used to see how many threads are waiting in queue and if the processor is able to handle all the requests. This can help make informed choices of whether an upgrade is needed or not. All these activities we did are important because an auditor must be able to check the inventory of storage resources and use levels.
I think each storage component is essential, they are combined into a whole. It is important to be a T auditor, knowing each of them, and being able to use it accurately.
I think IT Auditors should be able to access to all informations, and having a good understanding about the variety of storage components that exist in an organization can be so helpful for them. As an IT Auditor, we are responsible for auditing different components, and we should be familiar with variety of storage components,and how we can access to them even hidden files.
As an IT auditor, you should understand and appreciate the different type of technology well. Computer data storage is a very important part of a system providing the most significant function of retaining information. Computer data storage includes all computer devices, components and other recording media.
As an IT auditor, you should understand and appreciate the different type of technology well. Computer data storage is a very important part of a system providing the most significant function of retaining information. Computer data storage includes all computer devices, components and other recording media.
I think the meaning for understanding the storage is not on learning how to make a storage, but deeply understand the characteristics of various kinds of storage components through its manufactories process and materials. According to the command line related to the storages, we can get access to hidden storages and it can be a crucial technique for auditors searching the consumers’ resources to conduct auditing.
I think the meaning for understanding the storage is not on learning how to make a storage, but deeply understand the characteristics of various kinds of storage components through its manufactures process and materials. According to the command line related to the storage, we can get access to hidden storage and it can be a crucial technique for auditors searching the consumers’ resources to conduct auditing.
It is important to understand the variety of storage components that exist because in order to complete our tasks effectively, IT Auditors need to know how and where to access these components. Therefore, as an IT Auditor, I need to know where to go to find the storage components (the ones that are in plain sight and the hidden ones).
Since 10 years ago, I began to build my own desktop computer through purchasing different hardware components online. For hard drive and random access memory (RAM), we must learn that RAM has a much faster speed than hard drive, however, once the power is cut off, all data stored in memory will be lost. Hard drive has a much bigger capacity but speed is much slower than RAM due to its mechanical structure as the inherent weakness.
For a IT auditor, understanding of Redundant Array of Independent Disks (RAID) is quite essential when we are auditing the storage components of a business entity. When an organization pursuits the maximum capacity and speed of hard drives, they might choose to build a RAID 0 mode under the risk of data loss. However, when an organization pursuits the maximum security, they might choose to build RAID 1 mode under sacrificing the capacity of hard drives. Both of them are the areas that should be concentrated on in the IT auditing.
It is important to understand the storage components to understand the various drives on the computer. For me, it helped to understand how the backup procedures could be performed.
As an IT auditor, better understand storage in a computer system can be helpful to find hidden malwares or software that may lead some risks to the system. In addition, it will help us to evaluate the performance of the system to reduce the downtime and improve efficiency.
I think its important to understand how storage works because data is the most valuable asset to many organizations. Where the data lives and how it behaves allows us to use and interact with it in a meaningful way. We must be able to categorize data to understand what is important – just like a bank has a vault and safety deposit boxes in the back, with debit withdrawl forms in the front, so to do organizations have sensitive data wrapped behind firewalls and security but data visible “in the front” to everyone on the web. This also helps lead to cost effective defense measures. You COULD store all your data on inexpensive consumer grade hard drives in the same rack, but that would be a terrible idea if you needed to have redundancy, accessibility (high bandwidth apps that require lots of I/O) and security.