Sister CISA CISSP:

Admins and Auditors


June 25, 2010  5:11 PM

A Freebie for Auditing Your Web Application for SQL flaws



Posted by: Arian Eigen Heald
Admins and Auditors, Data Breaches, Database security, free tools, SQL Injection

I ran across a mention of this tool in a SANS newsbite. Scrawl latest version requires information Scrawlr, developed by the HP Web Security Research Group in coordination with the MSRC, is short for SQL...

June 21, 2010  7:56 PM

SAS 70, SSAE 16, What’s in a Website Name?



Posted by: Arian Eigen Heald
Admins and Auditors, IT audit

Some dozen websites have the words "SAS 70" as part, or all of, their domain name on the web. Given the departure of the SAS 70 audit by 2011, I commented recently that they must not be having any fun. An anonymous reader ("CPA") wrote in to chastise me, to wit: Does anyone think that......


June 18, 2010  9:16 PM

The SAS 70 is Going Away – But…



Posted by: Arian Eigen Heald
Admins and Auditors, IT audit

It is being replaced (of course!) by the ever-so-easy to say acronym: SSAE 16. (Statement on Standards for Attestation Engagements No. 16, Reporting on Controls at a Service Organization.) What a mouthful! In April of this year, the AICPA (American Institute of Certified Public...


April 20, 2010  3:26 PM

The Only Way Out is Through



Posted by: Arian Eigen Heald
Admins and Auditors, data security

Nobody "likes" government regulations. But imagine what it would be like to live without them. What if there were no banking regulations - who would check to see if my money was safe? The bank? I've worked in banks. The answer would be "no." Not without oversight. Banks have internal auditors,...


April 7, 2010  3:16 PM

A Free Tool Both Admins and Auditors Will Like



Posted by: Arian Eigen Heald
Admins and Auditors, data security, free tools, information security

For an admin, making the auditor happy is NOT the goal in life. It's to keep things running, squeeze in improvements, implement new products and do it with a work force that is always too small. For an auditor, getting information to build a complete report, with all the test information, means...


January 11, 2010  12:06 AM

Stealing VMWare Data Made “Easy”



Posted by: Arian Eigen Heald
Admins and Auditors, data security, information security, virtual

I came across an article on a sister TechTarget site for VMWARE. Its' title immediately got my attention: How to steal...

Bookmark and Share     2 Comments     RSS Feed     Email a friend


December 22, 2009  7:09 PM

The Forest or The Trees – Part 2



Posted by: Arian Eigen Heald
Admins and Auditors, Tearing My Hair Out

In a previous article, I talked about the issues faced by IT Security and financial auditors, in trying to come together. Financial auditors only care about financial systems and...


December 4, 2009  10:46 PM

The Forest or The Trees; Why Can’t We Have Both?



Posted by: Arian Eigen Heald
Admins and Auditors, Tearing My Hair Out

It often seems as if IT Security and auditors will never meet in the middle. As a person with one foot in either side of the fence, I'm often amazed how two groups with fundamentally the same goals can't seem to agree. Usually, when this happens, I'm an auditor sitting with IT Security people,...


November 30, 2009  8:17 PM

Consensus Audit Controls Released – That are Actually Useful!



Posted by: Arian Eigen Heald
Admins and Auditors, Tools for Auditing and Security

If you're like me, if you see/or hear about one more "set of controls," "baselines," "standards" or "frameworks," you'll tear your hair out. And scream For my money, the


September 25, 2009  3:41 PM

Things You Can Do to Help An Investigation



Posted by: Arian Eigen Heald
Admins and Auditors, Digital Forensics, information security

Sooner or later, you will be called upon, as an Admin or an Auditor, to assist or address a possible fraud or event pertaining to someone's computer, laptop, pda or smartphone. People can be very anxious and over-react when an event is happening. Or, just as difficult, proceed to do nothing,...


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: