Sister CISA CISSP:

ITKE grandparent


July 30, 2009  1:44 PM

Don’t Go Banking with your iPhone Just Yet



Posted by: Arian Eigen Heald
data security, information, mobile phone security

Articles are being released today about a flaw discovered by security researchers Charlie Miller and Collin Mulliner. They informed Apple a month ago about this flaw, but no fix had been issued. So they decided to go public at...

July 24, 2009  3:26 PM

Adventures in Auditing #3, or “Why Do you Need to See That?”



Posted by: Arian Eigen Heald
Admins and Auditors, Compliance, IT Compliance - Policies, IT Security

It always pains me when I get this question from a client's IT staff. It usually means that auditing has never penetrated to that level, and people are used to doing pretty much what they please around the network. It usually goes with: "This is a development shop. Those are not production...


July 22, 2009  3:09 PM

Adventures in Auditing #2



Posted by: Arian Eigen Heald
Compliance, data security, Physical Security

While doing a PCI exam not long ago, I visited a company that was very proud of it's security measures, and rightly so. They had done a lot of work to secure their environment. Sometimes it's the smallest things that we are so used to seeing that we stop "seeing" them. They become part of the...


July 13, 2009  5:27 PM

Adventures in Auditing #1



Posted by: Arian Eigen Heald
Admins and Auditors, Adventures in Auditing, Compliance, Wireless

I'm still amazed that folks are going about their business believing that bad things won't happen. Is it human nature? I thought I'd share with you some of my latest adventures in traveling about and auditing various companies. Just when I think it's strange, it get stranger. I was doing an...


June 30, 2009  5:12 PM

MasterCard Ups the Compliance Quality of PCI DSS



Posted by: Arian Eigen Heald
Compliance, PCI, PCI DSS

I've written before about how the Payment Card Industry's (PCI) Data Security Standard (DSS) has some loopholes that make it easy to look "compliant" and therefore "secure. In order to comply with the DSS requirments, merchants can do one of three options: 1. their own self-assessment report...


June 26, 2009  2:03 PM

The Tangled Ethics of the Payment Card Industry DSS



Posted by: Arian Eigen Heald
Admins and Auditors, Compliance, information security, PCI

I just finished reading an absolutely terrific article from a sister auditor who is now on my short-list of must-reads. She's got a great name (Gunn) and a killer sense of humor (sorry, I could NOT resist).


June 22, 2009  5:32 PM

Google Thyself



Posted by: Arian Eigen Heald
Google hacking, Identity theft, Privacy, privacy on the web

I have a series of Google Alerts set up to alert me daily on such interesting topics as data theft, data breach, etc., etc., and I have one set up for my full name, or any two parts thereof. I have, as it happens, a very unique name, and should someone...


June 11, 2009  2:50 PM

Storm Clouds Ahead



Posted by: Arian Eigen Heald
Admins and Auditors, cloud computing, Cloud Security, PCI, Privacy

It seems like every big vendor is pushing for business to "use the cloud." Only now are we starting to see some questions arise in the general media about how secure cloud computing is. The short answer is: it's not. Intrinsically, whoever has physical ownership of your hardware has your data....


May 23, 2009  10:25 AM

When a Control is NOT a Control or, “It’s Good Enough”



Posted by: Arian Eigen Heald
Admins and Auditors, Compliance, IT audit, Steps to an Easy Audit

I run into an awful lot of engineers who hate paperwork (I feel the same way.) They are busy fixing problems, building new application support and dealing with upper managers who have no idea what they're asking for, clueless users and now I come along to top it off asking for a bunch of...


May 21, 2009  6:19 PM

A Free Tool for Testing Your Firewalls and Routers



Posted by: Arian Eigen Heald
firewalls, routers, Security Devices, Tools & Tricks of the Trade, Tools for Auditing and Security

I see a LOT of firewall configuration files and router configuration files. It's the bane of my auditor's existence to read through a PIX firewall config (up to 500 pages of a text file). After the 35th page of text, you could drive a truck through that firewall while I tried to wake up. Plus,...


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: