January 8, 2009 6:10 PM
Posted by: Arian Eigen Heald
Security,
Tearing My Hair OutI was doing an audit today (I know, the term "audit" should only be used in connection with a financial exam, but everybody but Public Accountants use it this way) and examining the users inside a SQL database that holds one heck of a lot. I wish more IT Auditors would start looking inside...
January 5, 2009 2:24 PM
Posted by: Arian Eigen Heald
SecurityIt is amazing to me that businesses are still issuing laptops to employees that do not have encryption. That being said, what do we mean when we say "the laptop is encrypted?"
There are three scenarios for encrypting portable computers:
1. Windows File Encryption
2. Third-party file,...
January 1, 2009 4:40 AM
Posted by: Arian Eigen Heald
Security,
TCM (Truly Clueless Management),
Tearing My Hair OutFrom Slashdot comes the painfully unsurprising news about digital picture frames. The software installation CD comes with a virus, W32.Sality.AE worm.
WalMart and Amazon sold these items during the Christmas...
December 28, 2008 3:14 PM
Posted by: Arian Eigen Heald
"How Do You Know?",
Admins and Auditors,
Compliance,
Hardware & InfoSec,
IT audit,
Security Devices,
TCM (Truly Clueless Management),
Tools & Tricks of the Trade,
Tools for Auditing and SecurityOK, so you've bought the glow-in-the-dark, meets all the compliance requirements and looks really shiny "security solution" from a vendor (one or many).
Or maybe your management has bought it and presented it to you as a fait accompli. (Hope I'm spelling that fancy French right!) And of course...
December 24, 2008 7:14 PM
Posted by: Arian Eigen Heald
Admins and Auditors,
Compliance,
Database security,
HIPAA,
IT audit,
SAS 70,
Security,
Tearing My Hair OutIn my travels as an auditor this year, I've visited 15 states and seen approximately 20 different networks, both LAN and WAN. I've audited hospitals, lotteries, racetracks, banks, small businesses, large online retailers, metal fabricators, telco service bureaus and health care service...
December 20, 2008 2:11 AM
Posted by: Arian Eigen Heald
Data Breaches,
Database security,
DataManagement,
Identity theft,
Security,
Tearing My Hair OutFor saying the blindingly obvious:
"Companies and schools should find new ways to authenticate the identities of customers, employees and students that do not involve social security numbers, a U.S. consumer protection agency said on Wednesday as part of recommendations to fight identity...
December 17, 2008 4:46 PM
Posted by: Arian Eigen Heald
Admins and Auditors,
Compliance,
Data Breaches,
Identity theft,
SecurityIt's been an interesting week in "Breachland," with reports of breaches in all sorts of places: eyewear companies,
December 11, 2008 5:27 PM
Posted by: Arian Eigen Heald
Automatic Theft Machines,
DataManagement,
Hardware & InfoSec,
Identity theft,
Security Devices,
Stupid TechnologyDid you know that a store that puts in an ATM for customer use also provides a daily log of transactions to the owner? The log includes the Bank name, last four numbers of the account, the customer name, and the transaction.
So if I do an account balance request, that comes up in the log. ...
December 9, 2008 9:27 PM
Posted by: Arian Eigen Heald
PCI DSS,
SecurityThe new PCI (Payment Card Industry) Data Security Standards, Release 1.2 came out in October, and are worth taking a look. They've added some updated recommendations (like getting rid of WEP entirely by 2010), and I especially liked some of the following features:
Compensating...
