Sister CISA CISSP:

May, 2009

1

May 23, 2009  10:25 AM

When a Control is NOT a Control or, “It’s Good Enough”



Posted by: Arian Eigen Heald
Admins and Auditors, Compliance, IT audit, Steps to an Easy Audit

I run into an awful lot of engineers who hate paperwork (I feel the same way.) They are busy fixing problems, building new application support and dealing with upper managers who have no idea what they're asking for, clueless users and now I come along to top it off asking for a bunch of...

May 21, 2009  6:19 PM

A Free Tool for Testing Your Firewalls and Routers



Posted by: Arian Eigen Heald
firewalls, routers, Security Devices, Tools & Tricks of the Trade, Tools for Auditing and Security

I see a LOT of firewall configuration files and router configuration files. It's the bane of my auditor's existence to read through a PIX firewall config (up to 500 pages of a text file). After the 35th page of text, you could drive a truck through that firewall while I tried to wake up. Plus,...


May 18, 2009  3:08 PM

Looking for Some Good (and FREE!) IT Policy Templates?



Posted by: Arian Eigen Heald
Admins and Auditors, free tools, information security policy, IT Compliance - Policies, security policies, Tools & Tricks of the Trade, Tools for Auditing and Security

Thanks to an email, I've come across a great website to offer you when it's time to go looking for some good policy templates. SANS, the be-all end-all of security training, has organized a website that offers us


May 14, 2009  2:28 PM

Turn it Off on the Road



Posted by: Arian Eigen Heald
laptop security, Security on the road, Travel

I travel a lot - about 40% of the time. I plug in to the Net from all sorts of places as a part of doing business. So I have some rules based on experience: 1. Turn off the WiFi adapter if it's not in use. Why broadcast the last hotel you stayed in, and allow bad people to try and attach to...


May 12, 2009  9:46 AM

Security Maxims to Live By



Posted by: Arian Eigen Heald
Admins and Auditors, Eigen's Rules of Thumb, Start Laughing Now, TCM (Truly Clueless Management)

I happened across the Vulnerability Assessment Team website of the Argonne National Laboratory. The Security Manager there has a great sense of humor, and has devised some security maxims much like my


May 6, 2009  5:30 PM

Watching Your Data Evaporate in the Cloud



Posted by: Arian Eigen Heald
"How Do You Know?", cloud computing, Compliance, Data Center

"Cloud" computing continues to beat the drum of "cutting costs." Although I must say that I am hard put to differentiate between "cloud computing" and data centers that host hardware, the emphasis seems to be on shared server resources and supposedly quick turnaround for new applications. In my...


1

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: