Sister CISA CISSP:

ITKE grandparent


April 20, 2010  3:26 PM

The Only Way Out is Through



Posted by: Arian Eigen Heald
Admins and Auditors, data security

Nobody "likes" government regulations. But imagine what it would be like to live without them. What if there were no banking regulations - who would check to see if my money was safe? The bank? I've worked in banks. The answer would be "no." Not without oversight. Banks have internal auditors,...

April 15, 2010  6:49 PM

Adobe Reader at the Forefront of Malware Delivery



Posted by: Arian Eigen Heald
Data Breaches, data security, information security, malware management

Statistics from a new study by F-Secure indicate that Adobe Reader has surpassed Microsoft Office products as a vector for malware delivery 2009. F-Secure has also pointed out that you can embed movies and songs, JavaScript, and...


April 7, 2010  3:16 PM

A Free Tool Both Admins and Auditors Will Like



Posted by: Arian Eigen Heald
Admins and Auditors, data security, free tools, information security

For an admin, making the auditor happy is NOT the goal in life. It's to keep things running, squeeze in improvements, implement new products and do it with a work force that is always too small. For an auditor, getting information to build a complete report, with all the test information, means...


March 17, 2010  8:26 PM

What Constitutes “A Lot of Money?”



Posted by: Arian Eigen Heald
Data Breaches, data security, information security

There's always a lot of discussion on the Internet about how much "security" (by which they usually mean IT security) costs, and whether it's a good ROI. (Return on Investment - another candidate for Acronym dismemberment.) There's a lot of factors to consider, but for small to medium sized...


March 12, 2010  12:59 PM

Update on Wyndham Hotel Breaches – “Only 37″



Posted by: Arian Eigen Heald
Data Breaches, data security, information security

Comes the latest news via CSOOnline: Wyndham Hotels and Resorts experienced a computer security incident in late 2009. As a result of that incident, an unauthorized user may have gained access to credit card...


February 26, 2010  7:25 PM

Health Care Breaches and Third Party Associates



Posted by: Arian Eigen Heald
Data Breaches, DataManagement, Identity theft, information security, information security policy, medical identity theft

The Department of Health and Human Services has posted a list of the covered entities, (i.e., those that come under HIPAA regulations) that have reported health information data breaches...


February 25, 2010  6:39 PM

Universities and Colleges Are Being Hammered



Posted by: Arian Eigen Heald
Data Breaches, data security, Database security, information security

I've visited any number of schools, higher education and universities in the last five years that have been suffering from the "Open Campus" syndrome. Fundamentally, it's an attitude on the part of students, teachers/professors and management that their environment won't be "really" damaged by...


February 17, 2010  2:58 AM

Beware the “Smoker Door!”



Posted by: Arian Eigen Heald
Adventures in Auditing, Data Center, Eigen's Rules of Thumb, Hardware & InfoSec, information security policy, Penetration testing, Physical Security, Start Laughing Now, Tools & Tricks of the Trade

When doing a physical security audit, there's always the "security by walking around" phase. I find PCs with no screensavers, passwords under keyboards and keys labeled "server room." Consider the cigarette smoker. Every company has them. (Better, by far, than the cigar smokers, in my opinion.)...


February 10, 2010  7:47 PM

Printers & Copiers & Data Theft, Oh My



Posted by: Arian Eigen Heald
Data Breaches, data security, Hardware & InfoSec

It's worthwhile to consider the printers, copiers and scanners (or all 3 together - multi-function devices) on your network. How many of your printers allow open access? Open ports? Can I telnet to your printers? Why worry? Why bother? Well, if you google


January 11, 2010  12:06 AM

Stealing VMWare Data Made “Easy”



Posted by: Arian Eigen Heald
Admins and Auditors, data security, information security, virtual

I came across an article on a sister TechTarget site for VMWARE. Its' title immediately got my attention: How to steal...

Bookmark and Share     2 Comments     RSS Feed     Email a friend


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: