Sister CISA CISSP:

Security


June 26, 2009  2:03 PM

The Tangled Ethics of the Payment Card Industry DSS



Posted by: Arian Eigen Heald
Admins and Auditors, Compliance, information security, PCI

I just finished reading an absolutely terrific article from a sister auditor who is now on my short-list of must-reads. She's got a great name (Gunn) and a killer sense of humor (sorry, I could NOT resist).

June 22, 2009  5:32 PM

Google Thyself



Posted by: Arian Eigen Heald
Google hacking, Identity theft, Privacy, privacy on the web

I have a series of Google Alerts set up to alert me daily on such interesting topics as data theft, data breach, etc., etc., and I have one set up for my full name, or any two parts thereof. I have, as it happens, a very unique name, and should someone...


June 11, 2009  2:50 PM

Storm Clouds Ahead



Posted by: Arian Eigen Heald
Admins and Auditors, cloud computing, Cloud Security, PCI, Privacy

It seems like every big vendor is pushing for business to "use the cloud." Only now are we starting to see some questions arise in the general media about how secure cloud computing is. The short answer is: it's not. Intrinsically, whoever has physical ownership of your hardware has your data....


May 23, 2009  10:25 AM

When a Control is NOT a Control or, “It’s Good Enough”



Posted by: Arian Eigen Heald
Admins and Auditors, Compliance, IT audit, Steps to an Easy Audit

I run into an awful lot of engineers who hate paperwork (I feel the same way.) They are busy fixing problems, building new application support and dealing with upper managers who have no idea what they're asking for, clueless users and now I come along to top it off asking for a bunch of...


May 21, 2009  6:19 PM

A Free Tool for Testing Your Firewalls and Routers



Posted by: Arian Eigen Heald
firewalls, routers, Security Devices, Tools & Tricks of the Trade, Tools for Auditing and Security

I see a LOT of firewall configuration files and router configuration files. It's the bane of my auditor's existence to read through a PIX firewall config (up to 500 pages of a text file). After the 35th page of text, you could drive a truck through that firewall while I tried to wake up. Plus,...


May 18, 2009  3:08 PM

Looking for Some Good (and FREE!) IT Policy Templates?



Posted by: Arian Eigen Heald
Admins and Auditors, free tools, information security policy, IT Compliance - Policies, security policies, Tools & Tricks of the Trade, Tools for Auditing and Security

Thanks to an email, I've come across a great website to offer you when it's time to go looking for some good policy templates. SANS, the be-all end-all of security training, has organized a website that offers us


May 14, 2009  2:28 PM

Turn it Off on the Road



Posted by: Arian Eigen Heald
laptop security, Security on the road, Travel

I travel a lot - about 40% of the time. I plug in to the Net from all sorts of places as a part of doing business. So I have some rules based on experience: 1. Turn off the WiFi adapter if it's not in use. Why broadcast the last hotel you stayed in, and allow bad people to try and attach to...


May 12, 2009  9:46 AM

Security Maxims to Live By



Posted by: Arian Eigen Heald
Admins and Auditors, Eigen's Rules of Thumb, Start Laughing Now, TCM (Truly Clueless Management)

I happened across the Vulnerability Assessment Team website of the Argonne National Laboratory. The Security Manager there has a great sense of humor, and has devised some security maxims much like my


April 15, 2009  7:01 PM

The Beginning of the End for PIN Codes



Posted by: Arian Eigen Heald
Automatic Theft Machines, Data Breaches, PCI DSS, Security Devices

Yesterday Wired released a story that reveals a startling detail about the TJMaxx data breach: hackers were able to cash in on stolen debit cards because they had a way to crack PINS. This "minor detail" was buried in an affadavit...


April 10, 2009  8:28 PM

A DAM Good Idea



Posted by: Arian Eigen Heald
Admins and Auditors, Database, DataManagement, Tools for Auditing and Security

(Sorry, I apologize for using an acronym, but I couldn't resist.) Whenever the subject comes up of logging activity in a database, immediately the complaints of "Too much overhead!" can be heard. Everybody thinks it's a good idea in theory, but from a practical standpoint, it adds a lot of...


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: