Sister CISA CISSP:

ITKE grandparent


January 13, 2009  3:34 PM

The Purpose of Audit



Posted by: Arian Eigen Heald
Admins and Auditors, Data Breaches, Database security, IT audit

Bruce Schneier's last cryptogram contained a discussion about the purpose of audit. He was commenting on the fact that Barack Obama's phone records, passport file and aunt's immigration status was inappropriately accessed by employees...

January 8, 2009  6:10 PM

First GROAN of the New Year



Posted by: Arian Eigen Heald
Security, Tearing My Hair Out

I was doing an audit today (I know, the term "audit" should only be used in connection with a financial exam, but everybody but Public Accountants use it this way) and examining the users inside a SQL database that holds one heck of a lot. I wish more IT Auditors would start looking inside...


January 5, 2009  2:24 PM

Encrypting Company Laptops



Posted by: Arian Eigen Heald
Security

It is amazing to me that businesses are still issuing laptops to employees that do not have encryption. That being said, what do we mean when we say "the laptop is encrypted?" There are three scenarios for encrypting portable computers: 1. Windows File Encryption 2. Third-party file,...


January 1, 2009  4:40 AM

Picture This….with a Free Virus!



Posted by: Arian Eigen Heald
Security, TCM (Truly Clueless Management), Tearing My Hair Out

From Slashdot comes the painfully unsurprising news about digital picture frames. The software installation CD comes with a virus, W32.Sality.AE worm. WalMart and Amazon sold these items during the Christmas...


December 28, 2008  3:14 PM

Securing the Security Devices



Posted by: Arian Eigen Heald
"How Do You Know?", Admins and Auditors, Compliance, Hardware & InfoSec, IT audit, Security Devices, TCM (Truly Clueless Management), Tools & Tricks of the Trade, Tools for Auditing and Security

OK, so you've bought the glow-in-the-dark, meets all the compliance requirements and looks really shiny "security solution" from a vendor (one or many). Or maybe your management has bought it and presented it to you as a fait accompli. (Hope I'm spelling that fancy French right!) And of course...


December 24, 2008  7:14 PM

Getting What You Pay For…..2008



Posted by: Arian Eigen Heald
Admins and Auditors, Compliance, Database security, HIPAA, IT audit, SAS 70, Security, Tearing My Hair Out

In my travels as an auditor this year, I've visited 15 states and seen approximately 20 different networks, both LAN and WAN. I've audited hospitals, lotteries, racetracks, banks, small businesses, large online retailers, metal fabricators, telco service bureaus and health care service...


December 20, 2008  2:11 AM

Thank you, Federal Trade Commission…



Posted by: Arian Eigen Heald
Data Breaches, Database security, DataManagement, Identity theft, Security, Tearing My Hair Out

For saying the blindingly obvious: "Companies and schools should find new ways to authenticate the identities of customers, employees and students that do not involve social security numbers, a U.S. consumer protection agency said on Wednesday as part of recommendations to fight identity...


December 17, 2008  4:46 PM

Nobody is “Too Small” to Get Hacked



Posted by: Arian Eigen Heald
Admins and Auditors, Compliance, Data Breaches, Identity theft, Security

It's been an interesting week in "Breachland," with reports of breaches in all sorts of places: eyewear companies,


December 11, 2008  5:27 PM

More on ATMs – The Daily Store Owner Log



Posted by: Arian Eigen Heald
Automatic Theft Machines, DataManagement, Hardware & InfoSec, Identity theft, Security Devices, Stupid Technology

Did you know that a store that puts in an ATM for customer use also provides a daily log of transactions to the owner? The log includes the Bank name, last four numbers of the account, the customer name, and the transaction. So if I do an account balance request, that comes up in the log. ...


December 9, 2008  9:27 PM

Check out the New PCI Standards



Posted by: Arian Eigen Heald
PCI DSS, Security

The new PCI (Payment Card Industry) Data Security Standards, Release 1.2 came out in October, and are worth taking a look. They've added some updated recommendations (like getting rid of WEP entirely by 2010), and I especially liked some of the following features: Compensating...


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: