Sister CISA CISSP:

April, 2008

1

April 29, 2008  2:07 PM

A YUMMY New (FREE) Tool for Looking at Packet Captures



Posted by: Arian Eigen Heald
Admins and Auditors, free tools, Networking, Security, Tools & Tricks of the Trade, Tools for Auditing and Security

I don't know about you, but looking at packet captures is right up there with looking at Cisco PIX firewall configuration files. Nonetheless, it's part of my job, on occasion, and although I enjoy the "capturing" part, the "looking through it" part tends to make my eyes cross. So, a nifty new...

April 24, 2008  9:10 PM

How Mature Are You?



Posted by: Arian Eigen Heald
Admins and Auditors, Compliance, IT audit, Security, Security Metrics

I know it's a leading question, but I think we've got to start asking ourselves where we are when it comes to information security and managing risks to our organizations. Continuing my quest for how to measure good security, I ran across an excellent article on the Information Systems Audit and...


April 22, 2008  6:09 PM

Using Your IDS as a Boat Anchor



Posted by: Arian Eigen Heald
Admins and Auditors, Compliance, Data Breaches, IT audit, Security, TCM (Truly Clueless Management), Tearing My Hair Out, Tools for Auditing and Security

Setting up your Intrusion Detection System to send you email alerts designed by the consultants who put it in and thinking you are secure is the equivalent of wrapping a chain around the server and tossing it in when you go fishing. It will do just as much, if not more good in the lake as it will...


April 17, 2008  9:47 PM

LOOK at Your Credit Card Receipts



Posted by: Arian Eigen Heald
Identity theft, PCI DSS, Security

You would think that with all the news and noise about credit card information being stolen, that more folks would pay attention to what they're signing at restaurants (an especially GOOD place to get your information...


April 14, 2008  8:48 PM

Yes, We Have No Bananas



Posted by: Arian Eigen Heald
Compliance, DataManagement, IT audit, Security, Security Metrics, Tearing My Hair Out

I've been reading a fascinating book by Andrew Jaquith, Security Metrics - Replacing Fear, Uncertainty and Doubt. This book takes...


April 10, 2008  8:01 PM

Dear Network Administrator – Please Change Your Password Like Everyone Else!



Posted by: Arian Eigen Heald
Admins and Auditors, Compliance, IT audit, Microsoft Windows, Security, Tearing My Hair Out

I have a nifty little .vbs script I wrote last year. I send it to the network administrators before I come on site, ask them to run it and send me the results. It tells me username, login ID, description, length of password, last login date, acct locked, etc. It also tells me when the...


April 9, 2008  3:13 AM

Time for an “Auditor” Admin-level ID or the End of Auditor Shoulder-Surfing



Posted by: Arian Eigen Heald
Admins and Auditors, Compliance, IT audit, Security, Tools for Auditing and Security

One of the biggest time wasters I experience during an IT audit is have to ask an administrator to: a. Run tools/scripts for me in order to access information b. "Shoulder-surfing" with an admin in order to collect information/screen shots. It's a waste of my time, since I know where to go...


April 4, 2008  4:44 PM

There’s a BIG Difference Between Hannaford and TJMaxx



Posted by: Arian Eigen Heald
Admins and Auditors, Compliance, Data Breaches, PCI DSS, Security, Wireless

One of my readers has commented about how badly Hannaford and TJMaxx have been treated by the media and Internet commentary because of their data breaches. From my perspective, concerning the data breaches, I can only speak as an auditor and an engineer, not having been inside either company's...


1

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: