To be honest, this week was a little bland as we had to read on the standards and policies of IT itself and look at examples of sites that make standards for their fields which did not appeal to me all that much.
It did seem however that a lot more people participated in the BID process. I think as we get more comfortable with each other and the topics on hand, we will have better, deeper discussions on what we read, watched, or heard in class. This week many of the people realized the same kinds of things I realized as we read through chapter 3. I think the biggest point that I made in my post is the importance of documentation in the workplace. At the place I worked at this summer, documentation was key to the success of projects. On projects that had little to no documentation involved, it was impossible to get the job done. Everybody was extremely frustrated with the fact that there was no documentation which lead to the leaders not being able to lead effectively and the workers not wanting to do the extra work to figure out what needs to be done. Even if the workers were motivated to figure out what was wrong and what needed to be done, this is extra man hours that could have been avoided with the proper documentation.
Lastly, another important point that was made on the discussion boards and in the book is that as technology changes, the policies that auditors need to follow will change with them. This means that auditors need to be open to constantly learning new concepts and ideas to shape their policies around. It is a big job to develop these standards and policies to be sure that most companies will be secure, productive, efficient, and effective. It was also brought up on the discussion boards that these standards and policies sort of in a way create a united way for companies to have the same universal language. This way most companies will have the same sort of layout which will make it more efficient for auditors going from place to place.
Sunday, September 27, 2009
Sunday, September 20, 2009
End of Week 2 Reflection
Welcome.
This is my first reflection blog post. In this blog I will post weekly updates on things learned and discussed in class and other miscellaneous topics such as successes and failures throughout the course.
This week we read chapters 1 and 2 of our IT Policy and Audit book and also watched and listened to a webcast: Best Practices for Database Security and Compliance.
Both sources explained the importance of security for a business and said that many businesses still have insecure network designs and do not back up their data. One of the most enlightening facts that was said in class and is in the linked pdf was "60% of companies that lose their data will shutdown within 6 months of the disaster (http://www.sbsnet.com/MySecureBackup.pdf)." I believe most of these companies do not realize the risk potential there is for a company regarding their data. Many companies don't realize the importance of backing everything up in case of a network breach or a disaster that occurs.
Another interesting topic that I was discussing with someone on the discussion boards is that a paid hacker does not require as much money as a company that is trying to protect their network has to pay. A company trying to protect their network would have to spend lots of money just on equipment and also staffing alone would cost an arm and a leg. A small company may not have the kind of money to prevent natural disasters or mitigate network attacks. A cost effective solution to securing the network and allowing for data replication would be a step in the right direction to help out the many small companies looking to secure their data.
I look forward to updating this blog weekly with things learned in class and create a journal type "notebook" that I can refer to in the future to reflect on things I've learned and continue to improve on my knowledge.
This is my first reflection blog post. In this blog I will post weekly updates on things learned and discussed in class and other miscellaneous topics such as successes and failures throughout the course.
This week we read chapters 1 and 2 of our IT Policy and Audit book and also watched and listened to a webcast: Best Practices for Database Security and Compliance.
Both sources explained the importance of security for a business and said that many businesses still have insecure network designs and do not back up their data. One of the most enlightening facts that was said in class and is in the linked pdf was "60% of companies that lose their data will shutdown within 6 months of the disaster (http://www.sbsnet.com/MySecureBackup.pdf)." I believe most of these companies do not realize the risk potential there is for a company regarding their data. Many companies don't realize the importance of backing everything up in case of a network breach or a disaster that occurs.
Another interesting topic that I was discussing with someone on the discussion boards is that a paid hacker does not require as much money as a company that is trying to protect their network has to pay. A company trying to protect their network would have to spend lots of money just on equipment and also staffing alone would cost an arm and a leg. A small company may not have the kind of money to prevent natural disasters or mitigate network attacks. A cost effective solution to securing the network and allowing for data replication would be a step in the right direction to help out the many small companies looking to secure their data.
I look forward to updating this blog weekly with things learned in class and create a journal type "notebook" that I can refer to in the future to reflect on things I've learned and continue to improve on my knowledge.
Subscribe to:
Posts (Atom)