Sister CISA CISSP:

Compliance


December 24, 2008  7:14 PM

Getting What You Pay For…..2008



Posted by: Arian Eigen Heald
Admins and Auditors, Compliance, Database security, HIPAA, IT audit, SAS 70, Security, Tearing My Hair Out

In my travels as an auditor this year, I've visited 15 states and seen approximately 20 different networks, both LAN and WAN. I've audited hospitals, lotteries, racetracks, banks, small businesses, large online retailers, metal fabricators, telco service bureaus and health care service...

December 17, 2008  4:46 PM

Nobody is “Too Small” to Get Hacked



Posted by: Arian Eigen Heald
Admins and Auditors, Compliance, Data Breaches, Identity theft, Security

It's been an interesting week in "Breachland," with reports of breaches in all sorts of places: eyewear companies,


November 27, 2008  2:40 AM

Where The Thieves Are



Posted by: Arian Eigen Heald
Admins and Auditors, Compliance, Data Breaches, Identity theft, Security

The core requirements for committing the kind of data theft that leads to identity theft are ability, motivation and opportunity. Ability means having the skills to do the actions required. Start-up costs for data theft are low, with information readily available, computer...


November 25, 2008  2:57 PM

Data Breaches and Business Liability Part I



Posted by: Arian Eigen Heald
Compliance, Data Breaches, HIPAA, Identity theft, IT audit, PCI DSS, Security

The most significant financial impact of identity theft has yet to be examined. I believe that the risks to business and other institutions now include legal, reputation, financial and compliance risks that cannot be transferred. Victims of identity theft are looking to recoup their financial...


November 17, 2008  9:42 PM

Educating Users (Yes, I Know….)



Posted by: Arian Eigen Heald
Admins and Auditors, Compliance, Data Breaches, IT audit, Security

I can hear the collective eye-rolling from here. But guess what! New federal regulations are requiring security education from organizations as part of compliance: SEC regulations for financial institutions http://www.sec.gov/index.htm...

Bookmark and Share     1 Comment     RSS Feed     Email a friend


October 6, 2008  8:19 PM

Auditing iSeries



Posted by: Arian Eigen Heald
Admins and Auditors, AS/400, Compliance, IT audit, Security, Tools & Tricks of the Trade, Tools for Auditing and Security

IBM's system iSeries are some of the most solid server systems around. Formerly (and by some, still called) the AS400, those servers are at the top of the food chain for reliability and stability. DB2, the native database system for iSeries, is as solid as a rock, and powers many of the banking,...


October 2, 2008  7:39 PM

Security is a State of Mind



Posted by: Arian Eigen Heald
Compliance, Security, Tearing My Hair Out

An interesting new study commissioned by Cisco has just been released.CISCO Study The study focused on the behavior of people in...


September 24, 2008  5:36 PM

FREE Tool – Changing Local Administratior Passwords On Your Domain



Posted by: Arian Eigen Heald
Admins and Auditors, Compliance, free tools, IT audit, Security, Tools & Tricks of the Trade, Tools for Auditing and Security

I just love VBS. And I love the folks that share their tools, AND give us a nice interface AND allow us to push a report to a .csv file. So a BIG thank-you should go out to Jeffrey Hicks, who has his own site, anjd a helpful


September 19, 2008  7:37 PM

Auditing MS SQL – Roles, and Why They Matter



Posted by: Arian Eigen Heald
Admins and Auditors, Compliance, Database, Database security, Development, IT audit, Microsoft Windows, Security, SQL Server, Steps to an Easy Audit, Tools & Tricks of the Trade, Tools for Auditing and Security

SQL "Server" runs on top of MS Windows, and it has groups inside of it that are not seen on the Windows server or even the Windows Domain. That's why we have to check and make sure that inappropriate users don't have complete access to everything inside the database. Not everyone should be...


September 16, 2008  5:58 PM

FREE Tools for Auditing MS SQL Server



Posted by: Arian Eigen Heald
Admins and Auditors, Compliance, Database, Database security, free tools, IT audit, Microsoft Windows, PCI DSS, Security, SOX, SQL Server, Steps to an Easy Audit, Tools for Auditing and Security

There's a lot of really nice application tools to audit SQL databases out there. They have lots of bells and whistles and write out a really nice report with professional formatting. If you've got one of those, LUCKY YOU. But most of us Admins and Auditors have to scrounge for what we can find...


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: