MIS 5214 - Section 001 - David Lanter
March 31, 2021 by Jose Gomez 51 Comments
Zibai Yang says
April 1, 2021 at 11:39 am
How to efficiently avoid SQL injection？
Priyanka Ranu says
April 4, 2021 at 2:48 pm
Some of the ways SQL injection can be prevented are:
1. Install updates and patches regularly to your applications
2. Use accounts with least privileges to restrict access in case of a breach
3. Conduct regular vulnerability scans and code reviews to detect potential second-order attacks
Kyuande Johnson says
April 5, 2021 at 9:59 am
Install a security plugin
Update your website regularly
Only use trusted themes and plugins
Delete any pirated software on your site
Delete inactive themes and plugins
Xinyi Zheng says
April 3, 2021 at 3:40 am
Why the organization need restoration tests?
Haozhe Lin says
April 4, 2021 at 3:52 am
restoration testing usually needs to focus on the time required for recovery and the degree of recovery. For example, if there is a system error, can you fix the error and restart the system within a specified time interval. For automatic recovery, it is necessary to verify the correctness of mechanisms such as reinitialization, checkpointing mechanisms, data recovery, and restart; for the recovery system that needs manual intervention, it is also necessary to estimate the average repair time to determine whether it is within the acceptable range.
Therefore, with the increasing popularity of network applications, e-commerce and e-government, system recoverability is becoming more and more important, which has a great impact on the stability and reliability of the system. But restoration testing is easy to be ignored because recoverability testing is relatively difficult. In general, it is difficult to imagine system errors and catastrophic errors, which requires enough time and energy, and also requires more designers and developers to participate.
Anthony Wong says
April 6, 2021 at 11:50 am
Organizations need to ensure that their data is successfully backed up and readily accessible in the event of a disaster. This is generally part of the business continuity plan and should be tested periodically. These tests can help identify issues within the plan before it needs to be used. Last thing an organization wants is to have a disaster and then realize they’re BCP is not adequate.
Wenyao Ma says
April 3, 2021 at 9:26 am
As an IT auditor, what action will be taken if IT is found that the organization has not implemented appropriate backup procedures?
Cami Chen says
April 4, 2021 at 10:06 pm
I think the IT auditors should document the issue, and then he or she can check the company’s policy on how it backup data, including backing up to media or to the cloud, and how frequently backup the data. They consider whether the backup process is reliable. additionally, the company needs to have a test for restoring the backup annually. In order to improve security, the IT auditors ensure everything is documented, so that the company can implement the policy effectively and efficiently.
Vanessa Marin says
April 6, 2021 at 10:38 pm
The role of the Auditor is to be a third party assessor (even if it is an in-house audit). Your goal is to uncover and report and depending on your scope, you may offer risk mitigation suggestions or strategies. There is no action to take as an auditor. That’s for the c-suite to decide how to proceed from the auditors report.
Humbert Amiani says
April 3, 2021 at 2:42 pm
When resource-efficiency is a priority, are data loss prevention systems worth it?
Mei X Wang says
April 5, 2021 at 10:47 pm
When resource efficiency is a priority, I think data loss prevention systems are even more crucial. If there aren’t sufficient backups in place to prevent data loss, then it’ll take more resources for the companies to rebuild and restore their business conditions.
Not even factoring in the reputational costs from downtime and data loss, the business will take a harder hit by trying to cut costs by skimping out on data loss prevention systems/procedures.
April 4, 2021 at 3:47 am
Do you know which data backup methods are being utilized in your organization? What are they?
April 4, 2021 at 10:37 pm
We back up the data to the cloud. Since it is the cheapest and easiest way to share data within the company, the admin needs to ensure that assign appropriate access to us. In doing this, the company must have effective access control for both internal and external users. The company must also have controls that prevent data leakage. For example, having complete employee training can avoid the employees send a confidential file or provide full access to the wrong recipients.
Junhan Hao says
April 5, 2021 at 11:51 pm
Cloud storage is popular among enterprises of all sizes. It is also affordable because you only pay for what you use. In addition, cloud computing is very convenient because your service provider will take care of the installation, management and maintenance process.
April 4, 2021 at 2:44 pm
What is the difference between full and incremental backups and which backup is efficient to use?
April 5, 2021 at 9:50 am
A full backup is a total copy of your organization’s entire data assets, which backs up all of your files into a single version. An incremental backup covers all files that have been changed since the last backup was made, regardless of backup type.
April 5, 2021 at 10:13 am
Some of the main reasons for not doing a full backup every night include cost, time, and resources. Incremental backups are designed to back up large amounts of data over an entire time period without slowing/stopping production due to the large amount of data that needs to be backed up. A full backup every night consumes resources and, in most cases, is not feasible or useful for most businesses.
April 6, 2021 at 3:18 am
Full backup is copies the entire data set, requires a lot of storage space and time-consuming, incremental backup is full backup add with changes since the previous backup, it’s fast to back up and requires less storage space. But full backup can recovery faster than incremental backup.
Anthony Messina says
April 6, 2021 at 9:16 am
Incremental backups save all changes made since the last backup, differential backups save changes made since the last full backup.
April 4, 2021 at 3:42 pm
In your opinion, which method of data backup do you think is the most efficient?
Krish Damany says
April 4, 2021 at 6:44 pm
From the reading, it makes sense for an organization to have a shadow backup process in place. This is because the time window of data loss is decreased significantly. For a regular user, the most efficient would be a regular file or directory backup of the most important files. While an image backup would contain everything on the drive, it is the slowest backup method, making it inefficient.
April 6, 2021 at 2:23 am
Redundant Array of Disks (RAID) Redundant Array of Inexpensive Disks (RAID) provides considerable data protection and reliability based on server networks. RAID also provides fast access to gigabytes of stored information.
April 6, 2021 at 3:25 am
In my opinion, incremental backup is good choice. The incremental backup is a resource-friendly alternative to full backup. Such a setup is designed only to back up data that has changed since the previous backup. Also, the incremental backup is faster than full backup.
Jonathan Castelli says
April 4, 2021 at 6:12 pm
Which RAID level would you choose to help prevent data loss? Why?
April 4, 2021 at 6:48 pm
I would choose RAID-5 to help prevent data loss. This is because it has parity, striping, and redundancy. The downsides is that the write speeds are slowed, and RAID-5 can only recover from a single drive failure.
April 6, 2021 at 9:23 am
If we are talking purely data loss prevention I would use RAID 1 which is mirroring. Basically all data on the main drive is written identically to a second drive. So if the main drive gets corrupted in any way, the second drive still has all the same data.
April 4, 2021 at 6:47 pm
With cloud computing becoming more popular and normalized, what kind of backup methods should be recommended?
Zhen Li says
April 4, 2021 at 10:03 pm
Which data back-up is effective and useful? File/Directory data backup, image backup, or shadowing?
April 4, 2021 at 10:12 pm
How often do you think data backups should occur and why?
April 5, 2021 at 9:49 am
In efforts to protect the Availability of data in an organizations regular backups must be performed. Important files should be backed-up at a minimum once a week., Preferably once every 24 hours. This back up can be performed manually or automatically.
April 6, 2021 at 11:52 am
Completely agree. I think if you have full backups and incremental backups occurring weekly, it should cover majority of the data that is changed on a daily basis.
April 5, 2021 at 11:48 pm
Any major changes to the data stored on the server can run hard disk backups. At the same time, server-level backups should be run every 24 to 48 hours.
April 6, 2021 at 2:32 am
In an ideal concept, you can run file-level or hard disk backups as long as you make any major changes to the data stored on the server. At the same time, server-level backups should be run every 24 to 48 hours. For version control backups, the best practice is usually to create one for each update. When there is a problem with the software, we can roll back the snapshot.
April 6, 2021 at 10:43 pm
Me favorite phrase in IT: “It depends.” It comes down to what you are backing up. Financial? Medical? How often do you need to access historical data? Is the data you are backing up important to you? Is the storage and back decision based on your business goals or is it moderated by regulation. As a rule of thumb, it’s probably wise to say: “As often as possible!” but in reality you have to consider all the questions above and then some. Not to mention the costs associated with backups and storage.
April 4, 2021 at 10:59 pm
What are some ways organizations can protect PII?
April 6, 2021 at 8:23 am
1. Identify what PII information the organization collects and where it is stored
2. Implement employee training policy educating about the importance of protecting PII
3. Securely delete PII no longer needed
April 6, 2021 at 9:27 am
You could have a secure email gateway where rules can be setup to monitor the flow of any possible PII going out unencrypted or going to a personal ISP. Also, you could ensure proper access management/permissions are established for any file servers that contain PII. Workstations should be locked down so that USB cannot be used. Of course, proper end user training on how and what type of information is allowed to be sent out or accessed, or what information must be encrypted if being sent by email is always a must.
April 4, 2021 at 11:26 pm
What are the advantages of RAID 5 over RAID 1?
April 6, 2021 at 2:37 am
RAID1 achieves data redundancy through disk data mirroring and generates mutually backup data on a pair of independent disks. The storage efficiency is only 50%, and storage performance is not improved. RAID5 is a storage solution that takes into account storage performance, data security, and storage cost. The storage efficiency is (N-1)/N, where N is the number of disks. On RAID5, the read/write pointer can operate on array devices simultaneously, providing a higher storage performance.
Austin Mecca says
April 6, 2021 at 9:04 pm
RAID 5 provides operations readings fast and is able to serve multiple users at one time as well as it can provide a high level of data redundancy. I think the most important factor to consider however is when a disk fails the system wont have to go down because of the parity information collected from the other disks to rebuild the data.
April 4, 2021 at 11:34 pm
Of all policies listed in the chapter, which do you believe is most critical?
April 4, 2021 at 11:58 pm
What is shadowing? What are the advantages of shadowing over file/directory data backup?
April 6, 2021 at 9:20 pm
Shadowing is something that frequently records backup copies of each file actively worked. Failures result in little loss. Its advantage over file/directory data backup is that it allows for more current file changes to be restored.
Ting-Yen Huang says
April 5, 2021 at 3:11 am
How does organization choose what type of data backup to choose>
April 5, 2021 at 9:43 am
What are the advantages and disadvantages of RAID 5?
April 6, 2021 at 3:32 am
Advantages: 1. Read data transactions are fast as compared to write data transactions that are somewhat slow due to the calculation of parity; 2. Data remains accessible even after the drive failure and during replacement of the failed hard drive.
Disadvantages: 1. It has a complex technology; 2. Failed drives have adverse effects on throughput; 3. If another disk gets damaged or corrupt, data gets lost forever.
April 5, 2021 at 4:14 pm
Should weekly or monthly data backups be required by organizations?
April 6, 2021 at 8:30 am
I think its important to regularly and consistently perform backups whether its daily, weekly, or monthly. Having a consistent schedule helps build continuity. One of the other factors to consider is how often does your data change? If the data changes quite often then organizations need to stay on top of backing up all the new data. It also depends on the size of the organization. If its a average mid-size company then they will benefit from performing a full backup every 24 hours, with incremental backup every 6 hours.
April 6, 2021 at 9:22 pm
That’s a good point I didn’t think about initially, it will vary as some portions of data may not change for months so it would be more efficient to check after more extended periods of time.
April 6, 2021 at 10:36 pm
You have to consider space, resources and cost. Backing up data isn’t cheap. Consider servers/infrastructure (onsite or in a cloud). scalability, support, disaster recovery, costs for accessing your data, vendors fees, etc. Data storage is crucial but it gets pricey, has risks involved and requires serious attention.
Prince Patel says
April 7, 2021 at 11:39 am
Do you think the Government should make it mandatory to have certain basic information security controls for all organizations to protect the data?
You must be logged in to post a comment.