August 7, 2009 3:47 PM
Posted by: Arian Eigen Heald
"How Do You Know?",
Adventures in Auditing,
Data Breaches,
Incident Response,
information securityI finally asked that deadly question: "What do your Incident Response Procedures say?" Whoops, there goes all the buddy-buddy geekiness: I have morphed into The Auditor Who Asks Questions.
"Umm, well, they pretty much say to do what we just did." I notice the vagueness of the reply,...
July 31, 2009 4:25 PM
Posted by: Arian Eigen Heald
Data Breaches,
Incident Response,
information security,
information security policyThe problem with being a "geek" is that we truly love to tinker, to fix, to improve, to test....etc. So when you announce to a bunch of us that a website on the network has been broken into, there's lots of leaping into action.
Which is exactly what you don't want to do. At all.
While...
July 15, 2009 8:47 PM
Posted by: Arian Eigen Heald
"How Do You Know?",
Digital Forensics,
Forensics,
Hardware & InfoSec,
information securityI'm attending an absolutely fascinating course on Digital Forensics provided by SANS. One of the things we will be doing is collecting data from hard drives for various practice exercises.
Imagine my amusement when the handout and appendixes recommend where to get used hard drives to practice...
June 26, 2009 2:03 PM
Posted by: Arian Eigen Heald
Admins and Auditors,
Compliance,
information security,
PCII just finished reading an absolutely terrific article from a sister auditor who is now on my short-list of must-reads. She's got a great name (Gunn) and a killer sense of humor (sorry, I could NOT resist).
June 15, 2009 12:23 PM
Posted by: Arian Eigen Heald
HTML email security,
information security,
Privacy,
privacy on the web,
web bugsI'm a big advocate of disabling HTML in email messages. The marketing people scream because they can't run their pretty code to sell products and convey appealing images. Other folks love being able to use those nice fonts you can't use with Rich Text for signatures.
But a pretty face can't...
June 3, 2009 3:36 PM
Posted by: Arian Eigen Heald
information security,
Privacy,
web bugsA study was just released by the University of California at Berkeley details just how much big business uses web tracking, and how little they appear to care about the privacy of users.
This really is not new information....
April 1, 2009 12:45 AM
Posted by: Arian Eigen Heald
Data Breaches,
information security,
Security DevicesHow many rules do you have in your firewall? How many rules allow access directly into your network? How many rules allow ANY/ANY?
The more rules you have in your firewall rulebase, the higher your risk of allowing attackers in. I'm not talking about opening access to your webserver in the...
March 28, 2009 1:45 AM
Posted by: Arian Eigen Heald
"How Do You Know?",
information securityThere are as many definitions of pentest and penetration testing as there are google search results. (Some 10,700,00 or so). The problem is, there doesn't seem to be a standard definition of what constitutes penetration testing.
As a result, there are hundreds of companies...
March 26, 2009 8:39 PM
Posted by: Arian Eigen Heald
Data Breaches,
information securityWith all the publicity going on about the Heartland breach, not much attention has been paid to what happened to CheckFree last December. The event is also much more challenging to explain to the...
