May 23, 2009 10:25 AM
Posted by: Arian Eigen Heald
Admins and Auditors,
Compliance,
IT audit,
Steps to an Easy AuditI run into an awful lot of engineers who hate paperwork (I feel the same way.) They are busy fixing problems, building new application support and dealing with upper managers who have no idea what they're asking for, clueless users and now I come along to top it off asking for a bunch of...
February 24, 2009 9:50 PM
Posted by: Arian Eigen Heald
software development,
Steps to an Easy AuditDuring the "sales romance," when software vendors are showing off the bells and whistles of their product to the ooohs and aahhhs of management, it's a challenge sometimes to be the "wet blanket" of security reality.
All too often, executives make software purchases without any regard as to...
September 19, 2008 7:37 PM
Posted by: Arian Eigen Heald
Admins and Auditors,
Compliance,
Database,
Database security,
Development,
IT audit,
Microsoft Windows,
Security,
SQL Server,
Steps to an Easy Audit,
Tools & Tricks of the Trade,
Tools for Auditing and SecuritySQL "Server" runs on top of MS Windows, and it has groups inside of it that are not seen on the Windows server or even the Windows Domain. That's why we have to check and make sure that inappropriate users don't have complete access to everything inside the database. Not everyone should be...
September 16, 2008 5:58 PM
Posted by: Arian Eigen Heald
Admins and Auditors,
Compliance,
Database,
Database security,
free tools,
IT audit,
Microsoft Windows,
PCI DSS,
Security,
SOX,
SQL Server,
Steps to an Easy Audit,
Tools for Auditing and SecurityThere's a lot of really nice application tools to audit SQL databases out there. They have lots of bells and whistles and write out a really nice report with professional formatting. If you've got one of those, LUCKY YOU. But most of us Admins and Auditors have to scrounge for what we can find...
June 3, 2008 3:01 PM
Posted by: Arian Eigen Heald
Compliance,
Eigen's Rules of Thumb,
IT audit,
Security,
Steps to an Easy Audit,
Tools & Tricks of the Trade,
Tools for Auditing and SecurityRule #1 - You can pay now, or you can pay later, but if you choose to pay later, you will pay MORE.
Rule #2 - You can outsource function, but you cannot outsource...
May 29, 2008 1:44 PM
Posted by: Arian Eigen Heald
Admins and Auditors,
Compliance,
IT audit,
Security,
Security Devices,
Steps to an Easy Audit,
Tools & Tricks of the TradeWho guards the guardians? Good IT governance mandates oversight of all IT functions. The firewall tends to be neglected, because it appears to be such a back-office function that only engineers or admins actually see and work on.
However, it is one of the most critical pieces of the IT...
May 26, 2008 12:05 PM
Posted by: Arian Eigen Heald
Admins and Auditors,
Compliance,
IT audit,
Security,
Security Devices,
Steps to an Easy AuditWhen all is said and done, a configuring a firewall comes down to creating a set of rules. Firewalls are bi-directional - they control traffic going out (outbound) to the Internet (or the DMZ) and they control traffic coming in (inbound) to the network or the DMZ. You are configuring for WHO,...
May 15, 2008 5:54 PM
Posted by: Arian Eigen Heald
Admins and Auditors,
Compliance,
Database security,
IT audit,
PCI DSS,
Security,
SOX,
Steps to an Easy Audit,
Tools & Tricks of the Trade,
Tools for Auditing and SecurityThese two magic words should be in every network manager and system engineer's lexicon. It's your get-out-of-jail (not necessarily free) card with an IT Auditor.
Every IT shop has an application, a device, a configuration that breaks good security rules and usually corporate policy, as well. ...
May 13, 2008 4:38 PM
Posted by: Arian Eigen Heald
Compliance,
Database,
Database security,
IT audit,
PCI DSS,
Security,
SQL Server,
Steps to an Easy AuditRemember that commercial (I'm dating myself, I know) where the little old lady lifts the top of the burger bun and says, "Where's the beef?" All things considered, we have to ask the same sorts of questions about data.
Usually we're...
