Sister CISA CISSP:

Admins and Auditors


August 30, 2009  12:46 AM

Securing ALL Your Web Services



Posted by: Arian Eigen Heald
Admins and Auditors, information security, Tools for Auditing and Security

A number of commentators, notably IBM's Kris Lamb, have reported that malicious code is no longer limited, for the most part, to p0rn and other sleazy websites. Hackers are targeting the...

August 20, 2009  3:42 PM

Points to Ponder: Reviewing the “SoupNazi” Activities



Posted by: Arian Eigen Heald
Admins and Auditors, Data Breaches, information security, PCI

By now I'm sure you've heard that Albert Gonzalez is being charged with the attacks on Hannaford, Heartland, 7-Eleven, etc. In between all the excited reporting, are some points that admins and auditors ought to pay attention to. We ought to ponder how this attack is different from attacks in the...


August 17, 2009  7:20 PM

Blaming the Auditor for Bad Security



Posted by: Arian Eigen Heald
Admins and Auditors, Compliance, Data Breaches, IT Compliance - Policies, TCM (Truly Clueless Management)

Heartland Security has attempted to point the "Public Finger of Blame" at the hapless QSA auditor they used for PCI compliance, saying that the "QSA let us down." So who is in charge of security, Heartland or the auditor? Security is a corporate posture, not a pass/fail compliance test. You can...


July 24, 2009  3:26 PM

Adventures in Auditing #3, or “Why Do you Need to See That?”



Posted by: Arian Eigen Heald
Admins and Auditors, Compliance, IT Compliance - Policies, IT Security

It always pains me when I get this question from a client's IT staff. It usually means that auditing has never penetrated to that level, and people are used to doing pretty much what they please around the network. It usually goes with: "This is a development shop. Those are not production...


July 13, 2009  5:27 PM

Adventures in Auditing #1



Posted by: Arian Eigen Heald
Admins and Auditors, Adventures in Auditing, Compliance, Wireless

I'm still amazed that folks are going about their business believing that bad things won't happen. Is it human nature? I thought I'd share with you some of my latest adventures in traveling about and auditing various companies. Just when I think it's strange, it get stranger. I was doing an...


June 26, 2009  2:03 PM

The Tangled Ethics of the Payment Card Industry DSS



Posted by: Arian Eigen Heald
Admins and Auditors, Compliance, information security, PCI

I just finished reading an absolutely terrific article from a sister auditor who is now on my short-list of must-reads. She's got a great name (Gunn) and a killer sense of humor (sorry, I could NOT resist).


June 11, 2009  2:50 PM

Storm Clouds Ahead



Posted by: Arian Eigen Heald
Admins and Auditors, cloud computing, Cloud Security, PCI, Privacy

It seems like every big vendor is pushing for business to "use the cloud." Only now are we starting to see some questions arise in the general media about how secure cloud computing is. The short answer is: it's not. Intrinsically, whoever has physical ownership of your hardware has your data....


May 23, 2009  10:25 AM

When a Control is NOT a Control or, “It’s Good Enough”



Posted by: Arian Eigen Heald
Admins and Auditors, Compliance, IT audit, Steps to an Easy Audit

I run into an awful lot of engineers who hate paperwork (I feel the same way.) They are busy fixing problems, building new application support and dealing with upper managers who have no idea what they're asking for, clueless users and now I come along to top it off asking for a bunch of...


May 18, 2009  3:08 PM

Looking for Some Good (and FREE!) IT Policy Templates?



Posted by: Arian Eigen Heald
Admins and Auditors, free tools, information security policy, IT Compliance - Policies, security policies, Tools & Tricks of the Trade, Tools for Auditing and Security

Thanks to an email, I've come across a great website to offer you when it's time to go looking for some good policy templates. SANS, the be-all end-all of security training, has organized a website that offers us


May 12, 2009  9:46 AM

Security Maxims to Live By



Posted by: Arian Eigen Heald
Admins and Auditors, Eigen's Rules of Thumb, Start Laughing Now, TCM (Truly Clueless Management)

I happened across the Vulnerability Assessment Team website of the Argonne National Laboratory. The Security Manager there has a great sense of humor, and has devised some security maxims much like my


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: