• Log In
  • Skip to primary navigation
  • Skip to main content
  • Skip to footer
  • Home
    • Instructor
  • Class Materials
    • Classroom Recordings
    • Lectures
  • Class Blogs
    • About Blogs
    • Read Blogs Here
  • Schedule
    • ACL
      • Class 01 – Introduction to the Course and to Fraud
      • Class 02 – Fighting and Preventing Fraud
      • Class 03 – Fraud Detection
      • Class 04 – Data Driven Fraud Detection – Investigating Concealment and Money Laundering
    • ACL Labs
      • Lab 01 – Install ACL / Review and Work with On-Line Documentation
      • Lab 02 – ACL Analytics Basics | CPE (1.5)
      • Lab 03 – Fraud Scandals of Note
      • Lab 04 – ACL Analytics Foundations (CPE) (ACL 101 V4 CPE)
      • Lab 05 – Remediating Issues & Reporting Results (CPE) (ACL 105 V1 CPE)
      • Lab 06 – ACL Analytics Introduction to Scripting (CPE) (ACL 106 V1 CPE)
      • Lab 07 – Basics of Datetime Fields Learning Series (Basic-Intermediate) (ACL 210)
      • Lab 08 – Basics of Datetime Fields Learning Series (Basic-Intermediate) (ACL 210) (Continued…)
  • Quizzes and Tests
    • Mid-Term Exam
    • Final Exam
  • Grading and Policies
  • WEBEX

MIS5208 Spring 2018

DATA ANALYTICS FOR IT AUDITORS AND CYBERSECURITY

You are here: Home / Archives for General

General

Nayana ransom payment a wake-up call for cyber hygiene

May 6, 2018 by Linlan Chen

 

Nayana – a South Korean web hosting company dishing out $1m worth of bitcoin to restore the websites and data of its customers that had been held ransom by the Erebus ransomware.
Sure, the business damage (think customer lawsuits) to Nayana of not doing would have been huge, but so would the damage caused by the negative press on the company’s poor cyber hygiene that opened the doors for hackers.

http://www.computerweekly.com/blog/Eyes-on-APAC/Naraya-ransom-payment-a-wake-up-call-for-cyber-hygiene

Nayana ransom payment a wake-up call for cyber hygiene

May 6, 2018 by Linlan Chen

 

Nayana – a South Korean web hosting company dishing out $1m worth of bitcoin to restore the websites and data of its customers that had been held ransom by the Erebus ransomware.
Sure, the business damage (think customer lawsuits) to Nayana of not doing would have been huge, but so would the damage caused by the negative press on the company’s poor cyber hygiene that opened the doors for hackers.

http://www.computerweekly.com/blog/Eyes-on-APAC/Naraya-ransom-payment-a-wake-up-call-for-cyber-hygiene

What I Learnt from This Class

May 6, 2018 by Xinteng Chen

I learnt auditing skills from this class. The most important skill I learnt is ACL. ACL is an important tool for auditors to test data. Auditors can look for frauds by using ACL. Auditors can build relationship between different tables, and find frauds from the new table. In addition, Benford Analysis can be used to look for suspected frauds. Auditors can analyze the percentage of the first digit to compare with certain percentage rates. If they are not matching, that means there are suspected frauds.

In addition, I learnt what the fraud is and why the organizations have frauds. It is important for an IT auditor to understand the reason and definition of frauds, because IT auditor’s job is to make sure their organizations do not have mistake on system and data.

New Attack Method

May 6, 2018 by Hanqing Zhou

Spectre logo jazzed up

Intel, AMD, and Arm are three main processor manufacturers that almost all over the world computers use them. Thus, even a small vulnerability can affect the information security of thousands of people.

German publication Heise reported that there are eight new “CVE-listed vulnerability reports describing side-channel attack flaws in Chipzilla’s processors.” For the new types of the attacks, the attackers can extract passwords and other secrets from memory by using the marewares in the PC, and they have many kinds of new variations, which makes the issues become difficult for the Researchers and developers.

Thus, the users should not only wait for the new version of the patch. We should also be careful to identify phishing websites and malware.

http://www.theregister.co.uk/2018/05/03/just_your_monthly_reminder_that_the_spectre_bug_is_still_out_there/

Cyber-security and Social Media

May 6, 2018 by Mahroo Sanati

Last decade Facebook claimed 20 million users and today they are hosting nearly 2 billion users on social media. For comparison’s sake, they are representing about 30% world population on their social media platform.

There are many potential risks for businesses that are new and less understood. Following I’m going to explore three related social media cyber-security facts.

Social media is always attractive to attackers, but they are ways to hedge the attack risks. The most recommended way is to make the best use of privacy setting available on these platforms and get educated on how much you show expose on these networks.

Another argument is that there is no one holding the control of these platforms. You may be able to stop sharing information but quitting does not mean that your previous information or account will go away too.

Finally, we all know that social media bound with improvement in security. But we should not let this calm user into a false sense of full safety. And the end of the day cyber-security risk is the end user’s problem to own.

Fraud and Corruption

April 29, 2018 by Somayeh Keshtkar

Fraud

These days we are surrounded with different kind of frauds which may appear so small but they have harmful effects on our lives and even our society. With a quick careful look around our lives we can see many small illegal activities that are not obvious, and we do not notice them. Bribery is one of the illegal activities that is very harmful for society such as police bribery. Corruption in government organizations plays an important role in spreading bribery in many societies, and in particular in their law enforcement entities such as police departments.

If people do not obey the law of their land especially in countries with restricted laws, they must be punished, and would not have any chance to escape from the law enforcements. However, countries with corrupted system can encourage people to break the laws without being concerned about the consequence of their actions. Police bribery is one of the common issues in such countries. For instance, in Malaysia police bribery is very common, and people can get away from their crimes by bribery. I lived in Malaysia for 6 years, and I witnessed many briberies to avoid getting tickets for speeding, or even avoid getting DU and other crimes. Because of this problem, the number of accidents and other casualties is relatively high. I witnessed bribery on streets on a regular basis, even though I was a student at the time, and didn’t spend a lot of time outside. The case of bribery must have been a lot worse in a city as large as Kuala Lumpur. The link below is showing one of the many case of bribery that was captured on a video.

http://www.theindependent.sg/malaysian-traffic-police-caught-on-video-taking-bribes/

 

Guest Speaker – Mike Green

April 28, 2018 by Binju Gaire

On 21st April, Saturday, Mike Green, Deputy CISO at Express Scripts, led our Data Analytics class. Mike put up an informative presentation to discuss about privacy and data security. I thoroughly liked his presentation where he talked about different methodologies that cyber criminals/ hackers adopt to compromise sensitive information, most commonly referred as personally identifiable information (PII), of internet users. Additionally, among several interesting topics that Mike covered in the class, I enjoyed when he allowed the students with an opportunity to use the website that let us know if any of our accounts have been comprised in a data breach (haveibeenpawned.com).

To see Mike take such pride in his work and experiences and share them with future IT Auditors and Cyber Security professional was truly inspiring!

Social Media

April 23, 2018 by Ruby(Qianru) Yang

Image result for linkedin hack

After Facebook and our class guest speaker, Mike Green’s lecture, I start thinking seriously about risks in our social media. Comparing with Facebook, Instagram and Snapchat, I think LinkedIn is more dangerous because most of us contained our real information in that, including real name, education background, working information and so on. I have read a news yesterday about Flaw in LinkedIn AutoFill Plugin Lets Third-Party Sites Steal Your Data. In the article,  it discloses a new vulnerability discovered in Linkedin’s popular AutoFill functionality found leaking its users’ sensitive information to third party websites without the user even knowing about it. LinkedIn provides an AutoFill plugin for a long time that other websites can use to let LinkedIn users quickly fill in profile data, including their full name, phone number, email address, ZIP code, company and job title, with a single click. A legitimate website would likely place a AutoFill button near the fields the button can fill, but according to Cable, an attacker could secretly use the AutoFill feature on his website by changing its properties to spread the button across the entire web page and then make it invisible.

https://thehackernews.com/2018/04/linkedin-account-hack.html

Summary Of Data Analytics class

April 17, 2018 by Parneet Toor

 

Blog:Summary Of Data Analytics class

Internal auditors with data analytics experience are becoming the rock stars of the profession. Not only are they in high demand among leading companies.

We learnt about ACL Analytics which is a data extraction and analysis software used for fraud detection & prevention, and risk management. By sampling large data sets, ACL data analysis software is used to find irregularities or patterns in transactions that could indicate control weaknesses or fraud. While doing ACL labs I learnt how to navigate through the application and earned basic analysis skills.

I learnt and performed Benford analysis where I analyzed the probability that the first digit of a number 1 is about 30% while the probability the first digit is 9 in each of the four places in any number. Benford’s law tests only the frequencies of the digits and it successfully created a table that counts transaction amounts that start with digits 1 through 9. Developed a fraud policy for the company was a great opportunity.

Study about fraud different fraud defense methods, Importance of fraud prevention, create a culture of honest, Hire right to reduce risks, assess and mitigate fraud, detect fraud early, approaches to fraud investigation, Options for legal actions in US. Recognizing the Symptoms of Fraud. Investigating Theft. How do perpetrators convert and spend stolen funds.Government records can assist in the following the financial tracks of the suspected perpetrators.

Investigating theft and fraud at workplace

April 17, 2018 by Parneet Toor

Blog: Investigating theft and fraud at workplace

Once have positively identified a suspect of theft or fraud, you might wonder what next steps to take. It’s always best to act immediately and hiring a private investigator is a logical and effective first course of action.

When conducting an internal investigation, it’s good practice to place the suspected employee on administrative leave, suspend them or temporarily transfer them to another location. It is completely lawful to gather evidence against an employee through various surveillance tactics; both covert cameras and undercover surveillance teams may be necessary. Video evidence of a theft is the most solid in terms of proof, but witness statements may also be used. A private investigator may check an employee’s financial records, computer files and work e-mails to back up video findings. Careful documentation and confidentiality with interviewees is very important to prove that evidence has not been tampered with. Once the theft or fraud is proven, you will likely want to terminate your employee’s employment. Make sure that you follow all legal guidelines to avoid any wrongful termination lawsuits against your company.

Next Page »

Copyright © 2025 · Magazine Pro Theme on Genesis Framework · WordPress · Log in