Sister CISA CISSP:

Compliance


March 18, 2008  6:53 PM

More on Medical Identity Theft – New California Law Requires Breach Notification



Posted by: Arian Eigen Heald
Compliance, HIPAA, Identity theft, Security

Can you tell I got behind on my hardcopy reading? I just caught Rebecca Herold's fine article in the Computer Security Alert of 2/2008 (a CSI monthly newsletter well worth getting, bye the bye, for the quality of the articles) concerning one of the...

March 6, 2008  1:42 PM

Security Policies: Five Basic Mistakes and Five More



Posted by: Arian Eigen Heald
Admins and Auditors, Compliance, IT audit, Security, SOX

I finished an IT audit not too long ago with an organization that did not have any policies. They had an employee handbook, that had some declarative statements that employees signed off on during their first week on the job. They are a small company growing into a medium-sized one, and part of...


March 4, 2008  9:17 PM

Compliance is Only a “Gentleman’s C”



Posted by: Arian Eigen Heald
Admins and Auditors, Compliance, Security, SOX, Tools for Auditing and Security

A comment from Dr Chuvakin reminded me of how long I've been thinking about "checkbox security." As an auditor, I am certainly familiar with checkboxes, in fact, for my firm, I've written a number of them. When I am going...


February 29, 2008  3:37 PM

It Makes Me Tear My Hair Out #1



Posted by: Arian Eigen Heald
Admins and Auditors, Compliance, IT audit, Security, Tearing My Hair Out

Visa, in conjunction with the US Chamber of Commerce, has published an alert that identifies the leading causes of data breaches. Full details can be found at the Chamber’s website. The five leading causes of card-related breaches...


February 25, 2008  6:17 PM

Call me “Kernel” Patch



Posted by: Arian Eigen Heald
Admins and Auditors, Compliance, IT audit, Microsoft Windows, Security

One of the junior members on my audit team likes to rag me about how often I harp on patching at various client sites. He started out by calling me "Captain Patch," but I pointed out that I like "Kernel" much better. Why have just a nickname when you can make a really good pun with it...


February 21, 2008  3:31 AM

Security by Auditor: Don’t Make Me Do It



Posted by: Arian Eigen Heald
Admins and Auditors, Compliance, IT audit, Security

When I go out on exams to client sites, I am often amazed that I find things in bad shape - terminated users on systems, unpatched servers, holes in firewalls, secret 5 on Cisco routers.....Why? Because it's not rocket science. Whether it's SOX, SAS 70 or PCI, auditors will be checking pretty...


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: