August 26, 2010  1:33 AM

Smart Phone Photographs Can Expose Much More than The Picture

Posted by: Arian Eigen Heald
data security, Privacy, privacy on the web

Would you publish a digital photograph from your smart phone on the Internet if it could tell everyone where you lived, or where you were when you took it? Unless GPS capability is specifically turned off (for phones that have it - think iPhone, Palm and Blackberry) photographs that are posted...

August 20, 2010  8:34 PM

Myths About Reputation Risk

Posted by: Arian Eigen Heald
Data Breaches, data security, Privacy

I received some entertaining feedback on my previous blog, so I thought I'd share some of the comments I've heard over the last few years about business reputations: 1. "My data is outsourced (hosted, in the cloud, etc) at a third party company. If they lose my data, or get broken into, it's...

June 25, 2010  5:11 PM

A Freebie for Auditing Your Web Application for SQL flaws

Posted by: Arian Eigen Heald
Admins and Auditors, Data Breaches, Database security, free tools, SQL Injection

I ran across a mention of this tool in a SANS newsbite. Scrawl latest version requires information Scrawlr, developed by the HP Web Security Research Group in coordination with the MSRC, is short for SQL...

June 21, 2010  7:56 PM

SAS 70, SSAE 16, What’s in a Website Name?

Posted by: Arian Eigen Heald
Admins and Auditors, IT audit

Some dozen websites have the words "SAS 70" as part, or all of, their domain name on the web. Given the departure of the SAS 70 audit by 2011, I commented recently that they must not be having any fun. An anonymous reader ("CPA") wrote in to chastise me, to wit: Does anyone think that......

June 18, 2010  9:16 PM

The SAS 70 is Going Away – But…

Posted by: Arian Eigen Heald
Admins and Auditors, IT audit

It is being replaced (of course!) by the ever-so-easy to say acronym: SSAE 16. (Statement on Standards for Attestation Engagements No. 16, Reporting on Controls at a Service Organization.) What a mouthful! In April of this year, the AICPA (American Institute of Certified Public...

June 14, 2010  3:42 PM

Where IS the Data, Exactly?

Posted by: Arian Eigen Heald
Adventures in Auditing, cloud computing, Cloud Security, data security

After a nice vacation in the north woods of Maine, I returned to the excitement of my first "cloud computing" audit event. In doing a SAS 70 for a client, I discovered that they had outsourced a new application. No news there. When data is hosted by the provider, along with the application, all...

May 5, 2010  7:29 PM

Fighting A Trojan – Part 1

Posted by: Arian Eigen Heald
data security, malware management

Last week I came up against a piece of malware that is still "eating my lunch." And I don't know where I got it. I was researching a DNS problem I have, going through Google and reviewing various topics. So I can tell you somewhat where I went, but I got too busy too fast to identify the website...

April 26, 2010  4:29 PM

Paying Attention To Statistics

Posted by: Arian Eigen Heald
Data Breaches, Database security

We get a lot of information about what security issues are important from various sources on the Internet. Most of them we know about from one source or another. But here's one that jumped right out at me: According to the Privacy Rights Organization, of the top 10 data breaches in 2009,...

April 20, 2010  3:26 PM

The Only Way Out is Through

Posted by: Arian Eigen Heald
Admins and Auditors, data security

Nobody "likes" government regulations. But imagine what it would be like to live without them. What if there were no banking regulations - who would check to see if my money was safe? The bank? I've worked in banks. The answer would be "no." Not without oversight. Banks have internal auditors,...

April 15, 2010  6:49 PM

Adobe Reader at the Forefront of Malware Delivery

Posted by: Arian Eigen Heald
Data Breaches, data security, information security, malware management

Statistics from a new study by F-Secure indicate that Adobe Reader has surpassed Microsoft Office products as a vector for malware delivery 2009. F-Secure has also pointed out that you can embed movies and songs, JavaScript, and...

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: