Sister CISA CISSP:

Steps to an Easy Audit


February 8, 2010  2:21 PM

More Adventures In Auditing



Posted by: Arian Eigen Heald
Adventures in Auditing, Eigen's Rules of Thumb, Start Laughing Now, Steps to an Easy Audit, TCM (Truly Clueless Management)

Not long ago (needless to say I can't mention time or client name) I was asked by a medium-sized business to investigate some problems they were having with spam, malware, and "weird stuff" on their network. Their network contained at least 200 users spread out over multiple sites. I asked to...

May 23, 2009  10:25 AM

When a Control is NOT a Control or, “It’s Good Enough”



Posted by: Arian Eigen Heald
Admins and Auditors, Compliance, IT audit, Steps to an Easy Audit

I run into an awful lot of engineers who hate paperwork (I feel the same way.) They are busy fixing problems, building new application support and dealing with upper managers who have no idea what they're asking for, clueless users and now I come along to top it off asking for a bunch of...


February 24, 2009  9:50 PM

Six Questions to Ask A New Software Vendor



Posted by: Arian Eigen Heald
software development, Steps to an Easy Audit

During the "sales romance," when software vendors are showing off the bells and whistles of their product to the ooohs and aahhhs of management, it's a challenge sometimes to be the "wet blanket" of security reality. All too often, executives make software purchases without any regard as to...


September 19, 2008  7:37 PM

Auditing MS SQL – Roles, and Why They Matter



Posted by: Arian Eigen Heald
Admins and Auditors, Compliance, Database, Database security, Development, IT audit, Microsoft Windows, Security, SQL Server, Steps to an Easy Audit, Tools & Tricks of the Trade, Tools for Auditing and Security

SQL "Server" runs on top of MS Windows, and it has groups inside of it that are not seen on the Windows server or even the Windows Domain. That's why we have to check and make sure that inappropriate users don't have complete access to everything inside the database. Not everyone should be...


September 16, 2008  5:58 PM

FREE Tools for Auditing MS SQL Server



Posted by: Arian Eigen Heald
Admins and Auditors, Compliance, Database, Database security, free tools, IT audit, Microsoft Windows, PCI DSS, Security, SOX, SQL Server, Steps to an Easy Audit, Tools for Auditing and Security

There's a lot of really nice application tools to audit SQL databases out there. They have lots of bells and whistles and write out a really nice report with professional formatting. If you've got one of those, LUCKY YOU. But most of us Admins and Auditors have to scrounge for what we can find...


June 3, 2008  3:01 PM

Eigen’s 2008 InfoSecurity “Rules of Thumb”



Posted by: Arian Eigen Heald
Compliance, Eigen's Rules of Thumb, IT audit, Security, Steps to an Easy Audit, Tools & Tricks of the Trade, Tools for Auditing and Security

Rule #1 - You can pay now, or you can pay later, but if you choose to pay later, you will pay MORE. Rule #2 - You can outsource function, but you cannot outsource...

Bookmark and Share     0 Comments     RSS Feed     Email a friend


May 29, 2008  1:44 PM

Firewalls Part IV – Quis custodiet ipsos custodes?



Posted by: Arian Eigen Heald
Admins and Auditors, Compliance, IT audit, Security, Security Devices, Steps to an Easy Audit, Tools & Tricks of the Trade

Who guards the guardians? Good IT governance mandates oversight of all IT functions. The firewall tends to be neglected, because it appears to be such a back-office function that only engineers or admins actually see and work on. However, it is one of the most critical pieces of the IT...


May 26, 2008  12:05 PM

It’s Not Your Mother’s Firewall Anymore – Part III



Posted by: Arian Eigen Heald
Admins and Auditors, Compliance, IT audit, Security, Security Devices, Steps to an Easy Audit

When all is said and done, a configuring a firewall comes down to creating a set of rules. Firewalls are bi-directional - they control traffic going out (outbound) to the Internet (or the DMZ) and they control traffic coming in (inbound) to the network or the DMZ. You are configuring for WHO,...


May 15, 2008  5:54 PM

Steps to an Easy Audit (3) – Compensating Controls



Posted by: Arian Eigen Heald
Admins and Auditors, Compliance, Database security, IT audit, PCI DSS, Security, SOX, Steps to an Easy Audit, Tools & Tricks of the Trade, Tools for Auditing and Security

These two magic words should be in every network manager and system engineer's lexicon. It's your get-out-of-jail (not necessarily free) card with an IT Auditor. Every IT shop has an application, a device, a configuration that breaks good security rules and usually corporate policy, as well. ...


May 13, 2008  4:38 PM

Steps to an Easy Audit (2) – Where’s the Beef, ah, I mean, Data?



Posted by: Arian Eigen Heald
Compliance, Database, Database security, IT audit, PCI DSS, Security, SQL Server, Steps to an Easy Audit

Remember that commercial (I'm dating myself, I know) where the little old lady lifts the top of the burger bun and says, "Where's the beef?" All things considered, we have to ask the same sorts of questions about data. Usually we're...


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: