Sister CISA CISSP:

August, 2009

1

August 30, 2009  12:46 AM

Securing ALL Your Web Services



Posted by: Arian Eigen Heald
Admins and Auditors, information security, Tools for Auditing and Security

A number of commentators, notably IBM's Kris Lamb, have reported that malicious code is no longer limited, for the most part, to p0rn and other sleazy websites. Hackers are targeting the...

August 28, 2009  2:02 PM

Small Business is Being Targeted



Posted by: Arian Eigen Heald
ACH Fraud, Banking Fraud, Data Breaches, data security

The days when you could assume that because your company was so small hackers wouldn't care, have officially gone past. Security by obscurity has passed as well. Now the thieves are looking for small businesses so they can get to the banking accounts and wire money. I was called on...


August 26, 2009  3:18 PM

Check out this Article on Wireless



Posted by: Arian Eigen Heald
free tools, information security policy, Wireless

I don't usually promote other articles - it's kind of "cheating," but short of copying and pasting the entire article, I've got to send you in the direction of Lisa Philfer's article on


August 24, 2009  6:31 PM

By the Numbers



Posted by: Arian Eigen Heald
Data Breaches, employee theft, Identity theft, information security

I was reading through the list of 2009 reported data breaches/identity theft/etc over on Identitytheft.Info and pondering the patterns that might be visible with a little help of sorting/filtering in Excel. Part of the problem is that...


August 20, 2009  3:42 PM

Points to Ponder: Reviewing the “SoupNazi” Activities



Posted by: Arian Eigen Heald
Admins and Auditors, Data Breaches, information security, PCI

By now I'm sure you've heard that Albert Gonzalez is being charged with the attacks on Hannaford, Heartland, 7-Eleven, etc. In between all the excited reporting, are some points that admins and auditors ought to pay attention to. We ought to ponder how this attack is different from attacks in the...


August 17, 2009  7:20 PM

Blaming the Auditor for Bad Security



Posted by: Arian Eigen Heald
Admins and Auditors, Compliance, Data Breaches, IT Compliance - Policies, TCM (Truly Clueless Management)

Heartland Security has attempted to point the "Public Finger of Blame" at the hapless QSA auditor they used for PCI compliance, saying that the "QSA let us down." So who is in charge of security, Heartland or the auditor? Security is a corporate posture, not a pass/fail compliance test. You can...


August 10, 2009  12:54 PM

Which One is More Clueless? I Can’t Decide



Posted by: Arian Eigen Heald
Data Breaches, Start Laughing Now, TCM (Truly Clueless Management)

I ran across a story about a former employee who "broke into" his employer's computers, according to a news story from a TV station, entitled Cops: Former Worker Hacked Casino Computers. Now, here's the...


August 7, 2009  3:47 PM

Things NOT to Do When You’ve Been Hacked, Part II



Posted by: Arian Eigen Heald
"How Do You Know?", Adventures in Auditing, Data Breaches, Incident Response, information security

I finally asked that deadly question: "What do your Incident Response Procedures say?" Whoops, there goes all the buddy-buddy geekiness: I have morphed into The Auditor Who Asks Questions. "Umm, well, they pretty much say to do what we just did." I notice the vagueness of the reply,...


1

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: