Sister CISA CISSP:

IMAP4

1

March 26, 2008  11:00 AM

Let’s Talk About PCI (Payment Card Industry) DSS (Data Security Standards)

Arian Eigen Heald Arian Eigen Heald Profile: Arian Eigen Heald
IMAP4

I'm going to assume that you have some baseline knowledge about the DSS, the 12 areas of coverage, different Tier Levels and other requirements for compliance. If not, visit here and bone up. There is a lot of pro and con going on in the...

March 25, 2008  11:03 AM

“Synthetic” Identity Theft Part 2

Arian Eigen Heald Arian Eigen Heald Profile: Arian Eigen Heald
IMAP4

In Part 1, I discussed what "synthetic" identity is, and why it is not easily discovered. The primary problem ( in addition to all the other ones!) is the algorithms that allow for variance in the credit reporting agencies. The folks at ID...

Bookmark and Share     0 Comments     RSS Feed     Email a friend


March 20, 2008  5:33 PM

“Synthetic” Identity Theft Part 1

Arian Eigen Heald Arian Eigen Heald Profile: Arian Eigen Heald
IMAP4

Most of the current options for addressing identity theft focus on the individual victim. We use credit freezes, fraud reports to the FTC, free credit reports and credit monitoring. But if "pieces" of my information were stolen, how would I know? My address, perhaps, or my birth date? Or one...


March 18, 2008  6:53 PM

More on Medical Identity Theft – New California Law Requires Breach Notification

Arian Eigen Heald Arian Eigen Heald Profile: Arian Eigen Heald
IMAP4

Can you tell I got behind on my hardcopy reading? I just caught Rebecca Herold's fine article in the Computer Security Alert of 2/2008 (a CSI monthly newsletter well worth getting, bye the bye, for the quality of the articles) concerning one of the...


March 13, 2008  8:26 PM

“Medical” Identity Theft – New (to me) and Scary

Arian Eigen Heald Arian Eigen Heald Profile: Arian Eigen Heald
IMAP4

A recent story in Government Technology magazine educated me on exactly what "medical identity theft" is and what the risks are. Although the article focused on Medicaid and Medicare fraud, the statistics and risks made for scary reading. And it...


March 11, 2008  2:38 PM

Identity Theft: A BIG issue for IT Auditors and DBAs

Arian Eigen Heald Arian Eigen Heald Profile: Arian Eigen Heald
IMAP4

The year 2007 was a banner one for personal data theft, especially credit card info (think TJMaxx) and individual personal data being lost all over the place. Big and small, the number is in the millions. The Identity Theft Resource Center estimates the number of lost or stolen personal information...


March 6, 2008  1:42 PM

Security Policies: Five Basic Mistakes and Five More

Arian Eigen Heald Arian Eigen Heald Profile: Arian Eigen Heald
IMAP4

I finished an IT audit not too long ago with an organization that did not have any policies. They had an employee handbook, that had some declarative statements that employees signed off on during their first week on the job. They are a small company growing into a medium-sized one, and part of...


March 4, 2008  9:17 PM

Compliance is Only a “Gentleman’s C”

Arian Eigen Heald Arian Eigen Heald Profile: Arian Eigen Heald
IMAP4

A comment from Dr Chuvakin reminded me of how long I've been thinking about "checkbox security." As an auditor, I am certainly familiar with checkboxes, in fact, for my firm, I've written a number of them. When I am going...


February 21, 2008  3:31 AM

Security by Auditor: Don’t Make Me Do It

Arian Eigen Heald Arian Eigen Heald Profile: Arian Eigen Heald
IMAP4

When I go out on exams to client sites, I am often amazed that I find things in bad shape - terminated users on systems, unpatched servers, holes in firewalls, secret 5 on Cisco routers.....Why? Because it's not rocket science. Whether it's SOX, SAS 70 or PCI, auditors will be checking pretty...


February 15, 2008  8:24 PM

What Makes a Good IT Auditor?

Arian Eigen Heald Arian Eigen Heald Profile: Arian Eigen Heald
IMAP4

I had a great discussion today with the head of auditing for a regional bank. He talked about the need for IT Auditors to understand the systems they were auditing. But how much knowledge of technical environments should an IT Auditor have? Quick answer: As much as possible. I have...


1

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: