Sister CISA CISSP:

IT Compliance – Policies

1

August 17, 2009  7:20 PM

Blaming the Auditor for Bad Security



Posted by: Arian Eigen Heald
Admins and Auditors, Compliance, Data Breaches, IT Compliance - Policies, TCM (Truly Clueless Management)

Heartland Security has attempted to point the "Public Finger of Blame" at the hapless QSA auditor they used for PCI compliance, saying that the "QSA let us down." So who is in charge of security, Heartland or the auditor? Security is a corporate posture, not a pass/fail compliance test. You can...

July 24, 2009  3:26 PM

Adventures in Auditing #3, or “Why Do you Need to See That?”



Posted by: Arian Eigen Heald
Admins and Auditors, Compliance, IT Compliance - Policies, IT Security

It always pains me when I get this question from a client's IT staff. It usually means that auditing has never penetrated to that level, and people are used to doing pretty much what they please around the network. It usually goes with: "This is a development shop. Those are not production...


May 18, 2009  3:08 PM

Looking for Some Good (and FREE!) IT Policy Templates?



Posted by: Arian Eigen Heald
Admins and Auditors, free tools, information security policy, IT Compliance - Policies, security policies, Tools & Tricks of the Trade, Tools for Auditing and Security

Thanks to an email, I've come across a great website to offer you when it's time to go looking for some good policy templates. SANS, the be-all end-all of security training, has organized a website that offers us


1

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: