May 1, 2008 5:16 PM
Posted by: Arian Eigen Heald
Admins and Auditors,
Compliance,
IT audit,
Security,
Tools & Tricks of the TradeOver the years, I've gotten used to the people I "visit" trying really hard not to make faces when I'm introduced. Nobody likes to see an auditor roll in the door. I try to make it as easy as possible, and whatever I can to fit into the schedules of busy engineers and managers. But I've also...
April 24, 2008 9:10 PM
Posted by: Arian Eigen Heald
Admins and Auditors,
Compliance,
IT audit,
Security,
Security MetricsI know it's a leading question, but I think we've got to start asking ourselves where we are when it comes to information security and managing risks to our organizations.
Continuing my quest for how to measure good security, I ran across an excellent article on the Information Systems Audit and...
April 22, 2008 6:09 PM
Posted by: Arian Eigen Heald
Admins and Auditors,
Compliance,
Data Breaches,
IT audit,
Security,
TCM (Truly Clueless Management),
Tearing My Hair Out,
Tools for Auditing and SecuritySetting up your Intrusion Detection System to send you email alerts designed by the consultants who put it in and thinking you are secure is the equivalent of wrapping a chain around the server and tossing it in when you go fishing. It will do just as much, if not more good in the lake as it will...
April 14, 2008 8:48 PM
Posted by: Arian Eigen Heald
Compliance,
DataManagement,
IT audit,
Security,
Security Metrics,
Tearing My Hair OutI've been reading a fascinating book by Andrew Jaquith, Security Metrics - Replacing Fear, Uncertainty and Doubt. This book takes...
April 10, 2008 8:01 PM
Posted by: Arian Eigen Heald
Admins and Auditors,
Compliance,
IT audit,
Microsoft Windows,
Security,
Tearing My Hair OutI have a nifty little .vbs script I wrote last year. I send it to the network administrators before I come on site, ask them to run it and send me the results. It tells me username, login ID, description, length of password, last login date, acct locked, etc. It also tells me when the...
April 9, 2008 3:13 AM
Posted by: Arian Eigen Heald
Admins and Auditors,
Compliance,
IT audit,
Security,
Tools for Auditing and SecurityOne of the biggest time wasters I experience during an IT audit is have to ask an administrator to:
a. Run tools/scripts for me in order to access information
b. "Shoulder-surfing" with an admin in order to collect information/screen shots.
It's a waste of my time, since I know where to go...
March 26, 2008 11:00 AM
Posted by: Arian Eigen Heald
Compliance,
Identity theft,
IT audit,
PCI DSS,
SecurityI'm going to assume that you have some baseline knowledge about the DSS, the 12 areas of coverage, different Tier Levels and other requirements for compliance. If not, visit here and bone up.
There is a lot of pro and con going on in the...
March 11, 2008 2:38 PM
Posted by: Arian Eigen Heald
Admins and Auditors,
Database security,
Identity theft,
IT audit,
SecurityThe year 2007 was a banner one for personal data theft, especially credit card info (think TJMaxx) and individual personal data being lost all over the place. Big and small, the number is in the millions. The Identity Theft Resource Center estimates the number of lost or stolen personal information...
March 6, 2008 1:42 PM
Posted by: Arian Eigen Heald
Admins and Auditors,
Compliance,
IT audit,
Security,
SOXI finished an IT audit not too long ago with an organization that did not have any policies. They had an employee handbook, that had some declarative statements that employees signed off on during their first week on the job. They are a small company growing into a medium-sized one, and part of...
