Sister CISA CISSP:

July, 2009

1

July 31, 2009  4:25 PM

Things NOT To Do When You’ve Been Hacked, Part I



Posted by: Arian Eigen Heald
Data Breaches, Incident Response, information security, information security policy

The problem with being a "geek" is that we truly love to tinker, to fix, to improve, to test....etc. So when you announce to a bunch of us that a website on the network has been broken into, there's lots of leaping into action. Which is exactly what you don't want to do. At all. While...

July 30, 2009  1:44 PM

Don’t Go Banking with your iPhone Just Yet



Posted by: Arian Eigen Heald
data security, information, mobile phone security

Articles are being released today about a flaw discovered by security researchers Charlie Miller and Collin Mulliner. They informed Apple a month ago about this flaw, but no fix had been issued. So they decided to go public at...


July 24, 2009  3:26 PM

Adventures in Auditing #3, or “Why Do you Need to See That?”



Posted by: Arian Eigen Heald
Admins and Auditors, Compliance, IT Compliance - Policies, IT Security

It always pains me when I get this question from a client's IT staff. It usually means that auditing has never penetrated to that level, and people are used to doing pretty much what they please around the network. It usually goes with: "This is a development shop. Those are not production...


July 22, 2009  3:09 PM

Adventures in Auditing #2



Posted by: Arian Eigen Heald
Compliance, data security, Physical Security

While doing a PCI exam not long ago, I visited a company that was very proud of it's security measures, and rightly so. They had done a lot of work to secure their environment. Sometimes it's the smallest things that we are so used to seeing that we stop "seeing" them. They become part of the...


July 15, 2009  8:47 PM

Hard Disks Never Die – They go to Digital Forensics



Posted by: Arian Eigen Heald
"How Do You Know?", Digital Forensics, Forensics, Hardware & InfoSec, information security

I'm attending an absolutely fascinating course on Digital Forensics provided by SANS. One of the things we will be doing is collecting data from hard drives for various practice exercises. Imagine my amusement when the handout and appendixes recommend where to get used hard drives to practice...


July 13, 2009  5:27 PM

Adventures in Auditing #1



Posted by: Arian Eigen Heald
Admins and Auditors, Adventures in Auditing, Compliance, Wireless

I'm still amazed that folks are going about their business believing that bad things won't happen. Is it human nature? I thought I'd share with you some of my latest adventures in traveling about and auditing various companies. Just when I think it's strange, it get stranger. I was doing an...


1

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: