April 7, 2010  3:16 PM

A Free Tool Both Admins and Auditors Will Like

Posted by: Arian Eigen Heald
Admins and Auditors, data security, free tools, information security

For an admin, making the auditor happy is NOT the goal in life. It's to keep things running, squeeze in improvements, implement new products and do it with a work force that is always too small. For an auditor, getting information to build a complete report, with all the test information, means...

March 17, 2010  8:26 PM

What Constitutes “A Lot of Money?”

Posted by: Arian Eigen Heald
Data Breaches, data security, information security

There's always a lot of discussion on the Internet about how much "security" (by which they usually mean IT security) costs, and whether it's a good ROI. (Return on Investment - another candidate for Acronym dismemberment.) There's a lot of factors to consider, but for small to medium sized...

March 12, 2010  12:59 PM

Update on Wyndham Hotel Breaches – “Only 37″

Posted by: Arian Eigen Heald
Data Breaches, data security, information security

Comes the latest news via CSOOnline: Wyndham Hotels and Resorts experienced a computer security incident in late 2009. As a result of that incident, an unauthorized user may have gained access to credit card...

February 26, 2010  7:25 PM

Health Care Breaches and Third Party Associates

Posted by: Arian Eigen Heald
Data Breaches, DataManagement, Identity theft, information security, information security policy, medical identity theft

The Department of Health and Human Services has posted a list of the covered entities, (i.e., those that come under HIPAA regulations) that have reported health information data breaches...

February 25, 2010  6:39 PM

Universities and Colleges Are Being Hammered

Posted by: Arian Eigen Heald
Data Breaches, data security, Database security, information security

I've visited any number of schools, higher education and universities in the last five years that have been suffering from the "Open Campus" syndrome. Fundamentally, it's an attitude on the part of students, teachers/professors and management that their environment won't be "really" damaged by...

February 17, 2010  2:58 AM

Beware the “Smoker Door!”

Posted by: Arian Eigen Heald
Adventures in Auditing, Data Center, Eigen's Rules of Thumb, Hardware & InfoSec, information security policy, Penetration testing, Physical Security, Start Laughing Now, Tools & Tricks of the Trade

When doing a physical security audit, there's always the "security by walking around" phase. I find PCs with no screensavers, passwords under keyboards and keys labeled "server room." Consider the cigarette smoker. Every company has them. (Better, by far, than the cigar smokers, in my opinion.)...

February 10, 2010  7:47 PM

Printers & Copiers & Data Theft, Oh My

Posted by: Arian Eigen Heald
Data Breaches, data security, Hardware & InfoSec

It's worthwhile to consider the printers, copiers and scanners (or all 3 together - multi-function devices) on your network. How many of your printers allow open access? Open ports? Can I telnet to your printers? Why worry? Why bother? Well, if you google

January 11, 2010  12:06 AM

Stealing VMWare Data Made “Easy”

Posted by: Arian Eigen Heald
Admins and Auditors, data security, information security, virtual

I came across an article on a sister TechTarget site for VMWARE. Its' title immediately got my attention: How to steal...

Bookmark and Share     2 Comments     RSS Feed     Email a friend

January 1, 2010  1:47 AM

Better Late Than Never…..

Posted by: Arian Eigen Heald
ACH Fraud, Banking Fraud, Data Breaches, data security, information security, Tearing My Hair Out

The Federal authorities and the American Banking Association have issued an alert to small and medium-sized businesses to use a dedicated PC for banking. "The alert advises businesses to dedicate a single computer for online banking activity that is never used for reading e-mail or surfing...

December 22, 2009  7:09 PM

The Forest or The Trees – Part 2

Posted by: Arian Eigen Heald
Admins and Auditors, Tearing My Hair Out

In a previous article, I talked about the issues faced by IT Security and financial auditors, in trying to come together. Financial auditors only care about financial systems and...

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: