Sister CISA CISSP:

Compliance


July 1, 2008  3:08 PM

Making Software Developers Clean Up Their Act



Posted by: Arian Eigen Heald
Admins and Auditors, Compliance, Data Breaches, Database, Database security, Development, IT audit, Security, Tools & Tricks of the Trade

In the course of many audits and pentests, I can't tell you how many times I have found flaws and openings based on bad development practices. It's downright painful. And yet software keeps coming out with the same problems. I know WHY this is happening, but I can't stop it. YOU can. Have...

June 19, 2008  1:03 PM

Verizon Four Year Study on Data Breaches – Well Worth Reading



Posted by: Arian Eigen Heald
Compliance, Data Breaches, Identity theft, Security

A Boston Globe article caught my eye. Although it's not news to me (or probably you), here is more than anecdotal evidence that many medium and small businesses are still not making...


June 12, 2008  7:18 PM

SAS 70 Reports – Are They Worthwhile?



Posted by: Arian Eigen Heald
Admins and Auditors, Compliance, IT audit, SAS 70

I noticed a recent post on the boards questioning the value of SAS 70 Reports. Given that I do about 15 a year, I thought I'd venture an answer to that question. First, it's important to understand what a SAS 70 is NOT: It's not a checklist; It's not a certification; It's not a...


June 3, 2008  3:01 PM

Eigen’s 2008 InfoSecurity “Rules of Thumb”



Posted by: Arian Eigen Heald
Compliance, Eigen's Rules of Thumb, IT audit, Security, Steps to an Easy Audit, Tools & Tricks of the Trade, Tools for Auditing and Security

Rule #1 - You can pay now, or you can pay later, but if you choose to pay later, you will pay MORE. Rule #2 - You can outsource function, but you cannot outsource...

Bookmark and Share     0 Comments     RSS Feed     Email a friend


May 29, 2008  1:44 PM

Firewalls Part IV – Quis custodiet ipsos custodes?



Posted by: Arian Eigen Heald
Admins and Auditors, Compliance, IT audit, Security, Security Devices, Steps to an Easy Audit, Tools & Tricks of the Trade

Who guards the guardians? Good IT governance mandates oversight of all IT functions. The firewall tends to be neglected, because it appears to be such a back-office function that only engineers or admins actually see and work on. However, it is one of the most critical pieces of the IT...


May 26, 2008  12:05 PM

It’s Not Your Mother’s Firewall Anymore – Part III



Posted by: Arian Eigen Heald
Admins and Auditors, Compliance, IT audit, Security, Security Devices, Steps to an Easy Audit

When all is said and done, a configuring a firewall comes down to creating a set of rules. Firewalls are bi-directional - they control traffic going out (outbound) to the Internet (or the DMZ) and they control traffic coming in (inbound) to the network or the DMZ. You are configuring for WHO,...


May 23, 2008  12:20 AM

It’s Not Your Mother’s Firewall Anymore – Part I



Posted by: Arian Eigen Heald
Compliance, Eigen's Rules of Thumb, IT audit, Networking, Security, Security Devices

In the northern part of Maine, (north of Portland, where I live) folks go about their business without locking their doors or even leaving their cars running while they go into the store. (When it's -10 degrees, it's good to have the car run a little more). This describes the fundamental trust the...


May 15, 2008  5:54 PM

Steps to an Easy Audit (3) – Compensating Controls



Posted by: Arian Eigen Heald
Admins and Auditors, Compliance, Database security, IT audit, PCI DSS, Security, SOX, Steps to an Easy Audit, Tools & Tricks of the Trade, Tools for Auditing and Security

These two magic words should be in every network manager and system engineer's lexicon. It's your get-out-of-jail (not necessarily free) card with an IT Auditor. Every IT shop has an application, a device, a configuration that breaks good security rules and usually corporate policy, as well. ...


May 13, 2008  4:38 PM

Steps to an Easy Audit (2) – Where’s the Beef, ah, I mean, Data?



Posted by: Arian Eigen Heald
Compliance, Database, Database security, IT audit, PCI DSS, Security, SQL Server, Steps to an Easy Audit

Remember that commercial (I'm dating myself, I know) where the little old lady lifts the top of the burger bun and says, "Where's the beef?" All things considered, we have to ask the same sorts of questions about data. Usually we're...


May 8, 2008  3:21 PM

Steps to an Easy Audit: Standardizing Patch Management



Posted by: Arian Eigen Heald
Compliance, IT audit, Security, Steps to an Easy Audit, Tools for Auditing and Security

Many of my clients ask me what is the best way to deal with applications and operating systems that need to be patched frequently (like Microsoft’s monthly “Patch Tuesday”). Industry best practices have emerged in some simple steps that can work in almost any size organization: 1. ...


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: