Sister CISA CISSP:

Compliance


May 5, 2008  8:52 PM

Five Myths About Compliance



Posted by: Arian Eigen Heald
Compliance, Data Breaches, Security, Security Metrics

Compliance: The state of conformity of a regulated party (including a corporation, institution, individual or other legal entity) with a legislative or regulatory requirement or a recognized standard. 1. If we’re compliant, that means we’re secure. Would that...

May 1, 2008  5:16 PM

Tips for Admins: How (NOT) to Have an Good IT Audit



Posted by: Arian Eigen Heald
Admins and Auditors, Compliance, IT audit, Security, Tools & Tricks of the Trade

Over the years, I've gotten used to the people I "visit" trying really hard not to make faces when I'm introduced. Nobody likes to see an auditor roll in the door. I try to make it as easy as possible, and whatever I can to fit into the schedules of busy engineers and managers. But I've also...


April 24, 2008  9:10 PM

How Mature Are You?



Posted by: Arian Eigen Heald
Admins and Auditors, Compliance, IT audit, Security, Security Metrics

I know it's a leading question, but I think we've got to start asking ourselves where we are when it comes to information security and managing risks to our organizations. Continuing my quest for how to measure good security, I ran across an excellent article on the Information Systems Audit and...


April 22, 2008  6:09 PM

Using Your IDS as a Boat Anchor



Posted by: Arian Eigen Heald
Admins and Auditors, Compliance, Data Breaches, IT audit, Security, TCM (Truly Clueless Management), Tearing My Hair Out, Tools for Auditing and Security

Setting up your Intrusion Detection System to send you email alerts designed by the consultants who put it in and thinking you are secure is the equivalent of wrapping a chain around the server and tossing it in when you go fishing. It will do just as much, if not more good in the lake as it will...


April 14, 2008  8:48 PM

Yes, We Have No Bananas



Posted by: Arian Eigen Heald
Compliance, DataManagement, IT audit, Security, Security Metrics, Tearing My Hair Out

I've been reading a fascinating book by Andrew Jaquith, Security Metrics - Replacing Fear, Uncertainty and Doubt. This book takes...


April 10, 2008  8:01 PM

Dear Network Administrator – Please Change Your Password Like Everyone Else!



Posted by: Arian Eigen Heald
Admins and Auditors, Compliance, IT audit, Microsoft Windows, Security, Tearing My Hair Out

I have a nifty little .vbs script I wrote last year. I send it to the network administrators before I come on site, ask them to run it and send me the results. It tells me username, login ID, description, length of password, last login date, acct locked, etc. It also tells me when the...


April 9, 2008  3:13 AM

Time for an “Auditor” Admin-level ID or the End of Auditor Shoulder-Surfing



Posted by: Arian Eigen Heald
Admins and Auditors, Compliance, IT audit, Security, Tools for Auditing and Security

One of the biggest time wasters I experience during an IT audit is have to ask an administrator to: a. Run tools/scripts for me in order to access information b. "Shoulder-surfing" with an admin in order to collect information/screen shots. It's a waste of my time, since I know where to go...


April 4, 2008  4:44 PM

There’s a BIG Difference Between Hannaford and TJMaxx



Posted by: Arian Eigen Heald
Admins and Auditors, Compliance, Data Breaches, PCI DSS, Security, Wireless

One of my readers has commented about how badly Hannaford and TJMaxx have been treated by the media and Internet commentary because of their data breaches. From my perspective, concerning the data breaches, I can only speak as an auditor and an engineer, not having been inside either company's...


March 26, 2008  11:00 AM

Let’s Talk About PCI (Payment Card Industry) DSS (Data Security Standards)



Posted by: Arian Eigen Heald
Compliance, Identity theft, IT audit, PCI DSS, Security

I'm going to assume that you have some baseline knowledge about the DSS, the 12 areas of coverage, different Tier Levels and other requirements for compliance. If not, visit here and bone up. There is a lot of pro and con going on in the...


March 25, 2008  11:03 AM

“Synthetic” Identity Theft Part 2



Posted by: Arian Eigen Heald
Compliance, Database, DataManagement, Security

In Part 1, I discussed what "synthetic" identity is, and why it is not easily discovered. The primary problem ( in addition to all the other ones!) is the algorithms that allow for variance in the credit reporting agencies. The folks at ID...

Bookmark and Share     0 Comments     RSS Feed     Email a friend


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: