Sister CISA CISSP:

November, 2009

1

November 30, 2009  8:17 PM

Consensus Audit Controls Released – That are Actually Useful!



Posted by: Arian Eigen Heald
Admins and Auditors, Tools for Auditing and Security

If you're like me, if you see/or hear about one more "set of controls," "baselines," "standards" or "frameworks," you'll tear your hair out. And scream For my money, the

November 23, 2009  5:39 PM

Buy Your OWN Automatic Theft Machine



Posted by: Arian Eigen Heald
Automatic Theft Machines, Data Breaches, Eigen's Rules of Thumb, Hardware & InfoSec, Identity theft, Stupid Technology

Is it really a surprise that ATMs can be bought on eBay or Craigslist? Given the amount of...


November 20, 2009  9:14 PM

Ownership of What????



Posted by: Arian Eigen Heald
Start Laughing Now

Every now and then, some outfit does...


November 18, 2009  3:44 PM

Belly-Laugh of the Day



Posted by: Arian Eigen Heald
Start Laughing Now, Stupid Technology

A co-worker of mine came across a slide-show on cio.com (of all places!) on vintage technical ads. How one ad for Daisy guns got in there, I'll never know, but it does...


November 13, 2009  9:49 PM

You Can’t Outsource Reputation



Posted by: Arian Eigen Heald
Data Breaches, data security, information security, TCM (Truly Clueless Management)

Reviewing yet another data breach in the news, I was struck by the phraseology of the news report. Specifically, the article on MassMutual brought a point to mind that I keep using with companies and...


November 10, 2009  6:06 PM

Things You Can Do To Help An Investigation, Part II



Posted by: Arian Eigen Heald
Data Breaches, Digital Forensics, Incident Response, information security

In a previous column, I talked about the importance of locking up a computer and not continuing to use it after it has been compromised, or the fraudster was fired. This works in a lot...


November 5, 2009  4:52 PM

A Not-So-Great Use of Cloud Computing



Posted by: Arian Eigen Heald
cloud computing, Cloud Security, Data Breaches, Data Center, data security, information security

As I'm sure you know, I'm not yet a big fan of "cloud computing," known by various acronyms. I have yet to see a really comprehensive approach to audit and security. Ultimately, you don't know where your data is in the "cloud." And the Feds have access to it without a warrant. So you...


1

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: