March 6, 2008 1:42 PM
Posted by: Arian Eigen Heald
Admins and Auditors,
Compliance,
IT audit,
Security,
SOXI finished an IT audit not too long ago with an organization that did not have any policies. They had an employee handbook, that had some declarative statements that employees signed off on during their first week on the job. They are a small company growing into a medium-sized one, and part of...
March 4, 2008 9:17 PM
Posted by: Arian Eigen Heald
Admins and Auditors,
Compliance,
Security,
SOX,
Tools for Auditing and SecurityA comment from Dr Chuvakin reminded me of how long I've been thinking about "checkbox security." As an auditor, I am certainly familiar with checkboxes, in fact, for my firm, I've written a number of them.
When I am going...
February 29, 2008 3:37 PM
Posted by: Arian Eigen Heald
Admins and Auditors,
Compliance,
IT audit,
Security,
Tearing My Hair OutVisa, in conjunction with the US Chamber of Commerce, has published an alert that identifies the leading causes of data breaches. Full details can be found at the Chamber’s website. The five leading causes of card-related breaches...
February 25, 2008 6:17 PM
Posted by: Arian Eigen Heald
Admins and Auditors,
Compliance,
IT audit,
Microsoft Windows,
SecurityOne of the junior members on my audit team likes to rag me about how often I harp on patching at various client sites. He started out by calling me "Captain Patch," but I pointed out that I like "Kernel" much better. Why have just a nickname when you can make a really good pun with it...
February 21, 2008 3:31 AM
Posted by: Arian Eigen Heald
Admins and Auditors,
Compliance,
IT audit,
SecurityWhen I go out on exams to client sites, I am often amazed that I find things in bad shape - terminated users on systems, unpatched servers, holes in firewalls, secret 5 on Cisco routers.....Why? Because it's not rocket science. Whether it's SOX, SAS 70 or PCI, auditors will be checking pretty...
