Sister CISA CISSP:

DataCenter

1

November 5, 2008  12:01 AM

Still Up in the Cloud(s)



Posted by: Arian Eigen Heald
DataCenter, DataManagement, Security

Per my previous post, it seems that there is suddenly a lot of discussion in the security blogosphere about cloud computing and the security (or lack) thereof. Seems a number of people have taken note of Microsoft's entry (Azure) into Data Center business development. A lot of really good questions...

October 23, 2008  4:41 PM

Physical Security Part II



Posted by: Arian Eigen Heald
Admins and Auditors, DataCenter, Hardware & InfoSec, Security, Tools for Auditing and Security

The most secure Data Centers I've seen utilize electronic access cards of some type that have a good reporting mechanism, right down to which door. Of course, these systems don't do you a bit of good if no one looks at the logs, but that seems to be the exception, rather than the rule. Thank...


October 20, 2008  1:06 AM

Let’s Get Physical



Posted by: Arian Eigen Heald
Admins and Auditors, DataCenter, IT audit, Security, Tools & Tricks of the Trade

When I do an audit, or a penetration test, I start by walking around the building, both inside, outside, and sometimes even on the roof. In my travels, I'll leave my business card where I can gain unauthorized access. How often am I successful? 95% of the time. I mentally catalog the exterior...


July 29, 2008  11:16 AM

What NOT to call SAS 70 Reports



Posted by: Arian Eigen Heald
Admins and Auditors, Compliance, DataCenter, SAS 70, Security, SOX, Start Laughing Now

I ran across the new website "securityidiot.com" in my travels, and was reminded that it is so important to be able to laugh at yourself (and others!). It's so easy to turn a Bad Idea into Bad Technology, these days. Or worse, another new acronym. You should especially check out the rant on


July 7, 2008  11:38 PM

SAS 70 Reports – Why Should You Want One?



Posted by: Arian Eigen Heald
Compliance, DataCenter, IT audit, SAS 70, Security, Security Metrics, SOX

There seems to be a lot of mis-information about what a SAS 70 report is - just today I came across a post that referenced being "SAS 70 - compliant." There is no such thing. There is no pass/fail aspect to a SAS 70 because the Control Objectives and Control Procedures are designed by...


1

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: