Sister CISA CISSP:

ITKE grandparent


August 31, 2010  6:23 PM

From the Council of Gov’t CIOs to the Feds: Address the Risks of Cloud Computing



Posted by: Arian Eigen Heald
cloud computing, Cloud Security, Data Center, information security, Privacy, privacy on the web

Last week the Chief Information Officers Council, a government body established by legislation in 1996, comes a Privacy Recommendations Paper from the Council to all government departments and agencies. So this paper carries a little extra...

August 26, 2010  1:33 AM

Smart Phone Photographs Can Expose Much More than The Picture



Posted by: Arian Eigen Heald
data security, Privacy, privacy on the web

Would you publish a digital photograph from your smart phone on the Internet if it could tell everyone where you lived, or where you were when you took it? Unless GPS capability is specifically turned off (for phones that have it - think iPhone, Palm and Blackberry) photographs that are posted...


August 20, 2010  8:34 PM

Myths About Reputation Risk



Posted by: Arian Eigen Heald
Data Breaches, data security, Privacy

I received some entertaining feedback on my previous blog, so I thought I'd share some of the comments I've heard over the last few years about business reputations: 1. "My data is outsourced (hosted, in the cloud, etc) at a third party company. If they lose my data, or get broken into, it's...


June 25, 2010  5:11 PM

A Freebie for Auditing Your Web Application for SQL flaws



Posted by: Arian Eigen Heald
Admins and Auditors, Data Breaches, Database security, free tools, SQL Injection

I ran across a mention of this tool in a SANS newsbite. Scrawl latest version requires information Scrawlr, developed by the HP Web Security Research Group in coordination with the MSRC, is short for SQL...


June 21, 2010  7:56 PM

SAS 70, SSAE 16, What’s in a Website Name?



Posted by: Arian Eigen Heald
Admins and Auditors, IT audit

Some dozen websites have the words "SAS 70" as part, or all of, their domain name on the web. Given the departure of the SAS 70 audit by 2011, I commented recently that they must not be having any fun. An anonymous reader ("CPA") wrote in to chastise me, to wit: Does anyone think that......


June 18, 2010  9:16 PM

The SAS 70 is Going Away – But…



Posted by: Arian Eigen Heald
Admins and Auditors, IT audit

It is being replaced (of course!) by the ever-so-easy to say acronym: SSAE 16. (Statement on Standards for Attestation Engagements No. 16, Reporting on Controls at a Service Organization.) What a mouthful! In April of this year, the AICPA (American Institute of Certified Public...


June 14, 2010  3:42 PM

Where IS the Data, Exactly?



Posted by: Arian Eigen Heald
Adventures in Auditing, cloud computing, Cloud Security, data security

After a nice vacation in the north woods of Maine, I returned to the excitement of my first "cloud computing" audit event. In doing a SAS 70 for a client, I discovered that they had outsourced a new application. No news there. When data is hosted by the provider, along with the application, all...


May 21, 2010  3:18 PM

First Dance in the Cloud



Posted by: Arian Eigen Heald
cloud computing, Cloud Security, Data Breaches, Data Center

Well, it finally happened: I got asked to audit information that is stored in a cloud by a third-party vendor. I've acquired the controls, such as password polices, presented in a browser to my client. Several questions came immediately to mind: 1. Given that web browsers are still...


May 5, 2010  7:29 PM

Fighting A Trojan – Part 1



Posted by: Arian Eigen Heald
data security, malware management

Last week I came up against a piece of malware that is still "eating my lunch." And I don't know where I got it. I was researching a DNS problem I have, going through Google and reviewing various topics. So I can tell you somewhat where I went, but I got too busy too fast to identify the website...


April 26, 2010  4:29 PM

Paying Attention To Statistics



Posted by: Arian Eigen Heald
Data Breaches, Database security

We get a lot of information about what security issues are important from various sources on the Internet. Most of them we know about from one source or another. But here's one that jumped right out at me: According to the Privacy Rights Organization, of the top 10 data breaches in 2009,...


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: