August 20, 2009 3:42 PM
Posted by: Arian Eigen Heald
Admins and Auditors,
Data Breaches,
information security,
PCIBy now I'm sure you've heard that Albert Gonzalez is being charged with the attacks on Hannaford, Heartland, 7-Eleven, etc. In between all the excited reporting, are some points that admins and auditors ought to pay attention to. We ought to ponder how this attack is different from attacks in the...
August 17, 2009 7:20 PM
Posted by: Arian Eigen Heald
Admins and Auditors,
Compliance,
Data Breaches,
IT Compliance - Policies,
TCM (Truly Clueless Management)Heartland Security has attempted to point the "Public Finger of Blame" at the hapless QSA auditor they used for PCI compliance, saying that the "QSA let us down." So who is in charge of security, Heartland or the auditor?
Security is a corporate posture, not a pass/fail compliance test. You can...
July 24, 2009 3:26 PM
Posted by: Arian Eigen Heald
Admins and Auditors,
Compliance,
IT Compliance - Policies,
IT SecurityIt always pains me when I get this question from a client's IT staff. It usually means that auditing has never penetrated to that level, and people are used to doing pretty much what they please around the network. It usually goes with:
"This is a development shop. Those are not production...
July 13, 2009 5:27 PM
Posted by: Arian Eigen Heald
Admins and Auditors,
Adventures in Auditing,
Compliance,
WirelessI'm still amazed that folks are going about their business believing that bad things won't happen. Is it human nature? I thought I'd share with you some of my latest adventures in traveling about and auditing various companies. Just when I think it's strange, it get stranger.
I was doing an...
June 26, 2009 2:03 PM
Posted by: Arian Eigen Heald
Admins and Auditors,
Compliance,
information security,
PCII just finished reading an absolutely terrific article from a sister auditor who is now on my short-list of must-reads. She's got a great name (Gunn) and a killer sense of humor (sorry, I could NOT resist).
June 11, 2009 2:50 PM
Posted by: Arian Eigen Heald
Admins and Auditors,
cloud computing,
Cloud Security,
PCI,
PrivacyIt seems like every big vendor is pushing for business to "use the cloud." Only now are we starting to see some questions arise in the general media about how secure cloud computing is.
The short answer is: it's not. Intrinsically, whoever has physical ownership of your hardware has your data....
May 23, 2009 10:25 AM
Posted by: Arian Eigen Heald
Admins and Auditors,
Compliance,
IT audit,
Steps to an Easy AuditI run into an awful lot of engineers who hate paperwork (I feel the same way.) They are busy fixing problems, building new application support and dealing with upper managers who have no idea what they're asking for, clueless users and now I come along to top it off asking for a bunch of...
May 18, 2009 3:08 PM
Posted by: Arian Eigen Heald
Admins and Auditors,
free tools,
information security policy,
IT Compliance - Policies,
security policies,
Tools & Tricks of the Trade,
Tools for Auditing and SecurityThanks to an email, I've come across a great website to offer you when it's time to go looking for some good policy templates.
SANS, the be-all end-all of security training, has organized a website that offers us
May 12, 2009 9:46 AM
Posted by: Arian Eigen Heald
Admins and Auditors,
Eigen's Rules of Thumb,
Start Laughing Now,
TCM (Truly Clueless Management)I happened across the Vulnerability Assessment Team website of the Argonne National Laboratory. The Security Manager there has a great sense of humor, and has devised some security maxims much like my
