Sister CISA CISSP:

IT audit


May 8, 2008  3:21 PM

Steps to an Easy Audit: Standardizing Patch Management



Posted by: Arian Eigen Heald
Compliance, IT audit, Security, Steps to an Easy Audit, Tools for Auditing and Security

Many of my clients ask me what is the best way to deal with applications and operating systems that need to be patched frequently (like Microsoft’s monthly “Patch Tuesday”). Industry best practices have emerged in some simple steps that can work in almost any size organization: 1. ...

May 1, 2008  5:16 PM

Tips for Admins: How (NOT) to Have an Good IT Audit



Posted by: Arian Eigen Heald
Admins and Auditors, Compliance, IT audit, Security, Tools & Tricks of the Trade

Over the years, I've gotten used to the people I "visit" trying really hard not to make faces when I'm introduced. Nobody likes to see an auditor roll in the door. I try to make it as easy as possible, and whatever I can to fit into the schedules of busy engineers and managers. But I've also...


April 24, 2008  9:10 PM

How Mature Are You?



Posted by: Arian Eigen Heald
Admins and Auditors, Compliance, IT audit, Security, Security Metrics

I know it's a leading question, but I think we've got to start asking ourselves where we are when it comes to information security and managing risks to our organizations. Continuing my quest for how to measure good security, I ran across an excellent article on the Information Systems Audit and...


April 22, 2008  6:09 PM

Using Your IDS as a Boat Anchor



Posted by: Arian Eigen Heald
Admins and Auditors, Compliance, Data Breaches, IT audit, Security, TCM (Truly Clueless Management), Tearing My Hair Out, Tools for Auditing and Security

Setting up your Intrusion Detection System to send you email alerts designed by the consultants who put it in and thinking you are secure is the equivalent of wrapping a chain around the server and tossing it in when you go fishing. It will do just as much, if not more good in the lake as it will...


April 14, 2008  8:48 PM

Yes, We Have No Bananas



Posted by: Arian Eigen Heald
Compliance, DataManagement, IT audit, Security, Security Metrics, Tearing My Hair Out

I've been reading a fascinating book by Andrew Jaquith, Security Metrics - Replacing Fear, Uncertainty and Doubt. This book takes...


April 10, 2008  8:01 PM

Dear Network Administrator – Please Change Your Password Like Everyone Else!



Posted by: Arian Eigen Heald
Admins and Auditors, Compliance, IT audit, Microsoft Windows, Security, Tearing My Hair Out

I have a nifty little .vbs script I wrote last year. I send it to the network administrators before I come on site, ask them to run it and send me the results. It tells me username, login ID, description, length of password, last login date, acct locked, etc. It also tells me when the...


April 9, 2008  3:13 AM

Time for an “Auditor” Admin-level ID or the End of Auditor Shoulder-Surfing



Posted by: Arian Eigen Heald
Admins and Auditors, Compliance, IT audit, Security, Tools for Auditing and Security

One of the biggest time wasters I experience during an IT audit is have to ask an administrator to: a. Run tools/scripts for me in order to access information b. "Shoulder-surfing" with an admin in order to collect information/screen shots. It's a waste of my time, since I know where to go...


March 26, 2008  11:00 AM

Let’s Talk About PCI (Payment Card Industry) DSS (Data Security Standards)



Posted by: Arian Eigen Heald
Compliance, Identity theft, IT audit, PCI DSS, Security

I'm going to assume that you have some baseline knowledge about the DSS, the 12 areas of coverage, different Tier Levels and other requirements for compliance. If not, visit here and bone up. There is a lot of pro and con going on in the...


March 11, 2008  2:38 PM

Identity Theft: A BIG issue for IT Auditors and DBAs



Posted by: Arian Eigen Heald
Admins and Auditors, Database security, Identity theft, IT audit, Security

The year 2007 was a banner one for personal data theft, especially credit card info (think TJMaxx) and individual personal data being lost all over the place. Big and small, the number is in the millions. The Identity Theft Resource Center estimates the number of lost or stolen personal information...


March 6, 2008  1:42 PM

Security Policies: Five Basic Mistakes and Five More



Posted by: Arian Eigen Heald
Admins and Auditors, Compliance, IT audit, Security, SOX

I finished an IT audit not too long ago with an organization that did not have any policies. They had an employee handbook, that had some declarative statements that employees signed off on during their first week on the job. They are a small company growing into a medium-sized one, and part of...


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: