Audit Tips for the New Year

Here’s a couple tips for making your IT audits a bit easier in the new year.

First, for those systems that don’t record the creation or deletion date of user accounts (or folders, permissions, or whatever), get a list of all accounts from IT in January. Then when you do the audit later in the year, get a new list and compare it with the January list. The new and deleted acounts will jump out at you.

Continue reading →

ACL Tutorials on YouTube

Free ACL tutorials are available on YouTube, along with a lot of videos with talking heads. The tutorials walk you through how to do a couple tests, but I found the video resolution to be rather poor. Maybe it’s my equipment, maybe it’s the result of a company trying to adapt some tutorials they already have to another delivery method.

Continue reading →

Free ACL Bootcamp Training – from ACL!

ACL is offering FREE training as part of their bootcamp series, which started in September 2011. The training consists of a video presentation that includes ACL demos. The best part is that you do NOT have to be a current ACL customer or even have a copy of ACL.

The purpose of the series, according to ACL, is to teach basic skills and deal with common problems that ACL users encounter. Each session lasts about 30-40 minutes, followed by a Q&A session.

Continue reading →

Firewalls vs. Fire Hydrants

I recently stumbled across an article discussing how to choose an outside IT auditor by Kevin Beaver that stated, “With a few exceptions, auditors aren’t highly technical”–and may not need to know the difference between firewalls and fire hydrants.

If you know me, you know non-technicality of many IT auditors really bangs my keyboard (see the CISA posts listed below). An IT auditor who doesn’t have technical knowledge about IT is like a person who washes dishes without water.

Continue reading →

Web Hacking 101

If you want to learn about web hacking, Security Monkey* highlights 2 videos and 2 books on the subject.  The videos are very basic and over an hour long, and are free for the viewing.

The videos were presented by Dan Guido at Polytechnic Institute of New York University, a private technology university in Brooklyn, New York.

Continue reading →

7 Cloud Computing Pet Peeves

Neil MacDonald’s 7 pet peeves about cloud computing is not your usual rant list. He makes some great points in very few words.

Read the article here and let me know what you think.

Leave a comment.

What IT Auditors Ought to Know – and Don’t!

Here’s my list of IT/security basics that I think IT auditors to ought to know. If you can’t understand and audit these items, you do not know enough about technology to avoid having the wool pulled over your irises (not matter how good an auditor you are). The list is in no particular order.

Continue reading →

Shine Your Shoes Like a Pro

Open letter to you-know-who: Shine your shoes.

I know lots of things don’t matter much in life, and this might be one of them, but it doesn’t take much effort to put some polish on your shoes. It makes your shoes happy, it helps them last longer, and you look better too, which can translate into more confidence on your part. And being taken more seriously by others, especially people older than you.

Continue reading →

Why People Get Scammed

People get scammed every 22 seconds with a typo-infested email or otherwise stupid hyperlink tricks for the following reasons:

1. Texting and chat have so corrupted the grammar and spelling of so many people that many don’t remember how communication skills were cherished prior to the birth of Al Gore, the Internet, and mobile devices. Continue reading →

No Comment? Sock it to ME

If you have a comment or criticism, sock it to me. I can take it. I want it.

Some of you have been great commentors and I appreciate it. For those of you who haven’t commented or have held back a bit, check out my reply to one of my critics (the Cow):

Continue reading →

Are U Fooled by This Spam Technique?

Akismet flagged a comment as spam and I had not seen the spam technique used before, so I was fooled. I reviewed the comment and approved it, but the name, Michael G. Redmond, made me wonder a bit more (Redmond, WA is the home of Microsoft). So I goggled it. Oops. I remarked the comment as spam. Why?

Continue reading →

Bruce Schneier Useless Fun Facts

If you have any idea of who Bruce Schneier is, you have to check out http://www.schneierfacts.com/. It is useless funny facts about Bruce a la Chuck Norris. Try not to LOL.

Continue reading →

Linking to Other People’s Accounts

When you use a shared PC, sometimes you get to share other people’s passwords.  Especially when people are kind of led to believe they’re safe.

I was wandering around the security landscape last week and was at a client’s business which is quite large and has kiosk PCs for employees and visitors to use to access the open Internet (they lock social networking and other stuff down pretty tight on the business network, so usually you see lines of people tapping away at the rows of kiosk PCs).

Continue reading →

Stupid Spam Comments 2

Like most bloggers, I get really stupid spam comments. Fortunately, the spam filter or widget, Akismet, has caught everyone one I’ve received so far. As a result of the filter, I was able to make my blog more comment-friendly (I’d love to tell you all about it, but that would only invite more spam, and I like bacon a bit more).

Continue reading →

Top 7 Reasons for Security Certification

Here’s my top 7 reasons for getting a security certification:

1. It opens the hiring door. Or more simply stated, employers are looking for them. More and more, if you’re not certified, your resume won’t get past Human Resources. When they scan your application and resume, you’ll end up in the digital delete bucket if the screening software doesn’t see those special letters (CISSP, GIAC, CISA, CCSP, CISM, etc.). Continue reading →