October 23, 2008 4:41 PM
Posted by: Arian Eigen Heald
Admins and Auditors,
DataCenter,
Hardware & InfoSec,
Security,
Tools for Auditing and SecurityThe most secure Data Centers I've seen utilize electronic access cards of some type that have a good reporting mechanism, right down to which door. Of course, these systems don't do you a bit of good if no one looks at the logs, but that seems to be the exception, rather than the rule. Thank...
October 20, 2008 1:06 AM
Posted by: Arian Eigen Heald
Admins and Auditors,
DataCenter,
IT audit,
Security,
Tools & Tricks of the TradeWhen I do an audit, or a penetration test, I start by walking around the building, both inside, outside, and sometimes even on the roof. In my travels, I'll leave my business card where I can gain unauthorized access. How often am I successful? 95% of the time.
I mentally catalog the exterior...
July 29, 2008 11:16 AM
Posted by: Arian Eigen Heald
Admins and Auditors,
Compliance,
DataCenter,
SAS 70,
Security,
SOX,
Start Laughing NowI ran across the new website "securityidiot.com" in my travels, and was reminded that it is so important to be able to laugh at yourself (and others!). It's so easy to turn a Bad Idea into Bad Technology, these days. Or worse, another new acronym.
You should especially check out the rant on
July 7, 2008 11:38 PM
Posted by: Arian Eigen Heald
Compliance,
DataCenter,
IT audit,
SAS 70,
Security,
Security Metrics,
SOXThere seems to be a lot of mis-information about what a SAS 70 report is - just today I came across a post that referenced being "SAS 70 - compliant." There is no such thing. There is no pass/fail aspect to a SAS 70 because the Control Objectives and Control Procedures are designed by...
