SONY stored Passwords in Password Directory

And in unprotected documents.

Lots of passwords. Lots of documents. Lots of easy access.

Continue reading

Leave a comment

Filed under Audit, Humor/Irony, Security

FREE CISSP Cert Webcasts from ISC2

ISC2, the organization that awards the CISSP certification, provides 11 FREE webcasts about the 10 CISSP security domains.

Continue reading

Leave a comment

Filed under Certification, Security

Hiring Auditors Who Can Think

Nthinkorman Marks, of the Institute of Internal Auditors, likes to hire auditors who can think.

You should too.

How does he do it?

Continue reading

3 Comments

Filed under Audit, Employment, How to...

Don’t Use GRC app to do Workpapers!

eat internal audit dog foodI consulted with a company that implemented a new GRC package, and unfortunately they are using an application designed for GRC to do audit workpapers.

That wasn’t the only move that was questionable…

Continue reading

8 Comments

Filed under Audit, Security, Security Scout, Technology

Free CISSP Review Material, Practice Exams

I just found some more FREE CISSP review material and practice exams. One exam is 100 questions, the other 250.

Continue reading

6 Comments

Filed under Certification, Free, Free Download, Security

Server Audit for the Dauntless

dauntless server auditIf you’re looking for an insightful server audit, and you’re dauntless, you might want to jump on this train.

First, why do you need to be dauntless?

Because you’re going to need to obtain your data from a number of different sources; the bigger your company, the more likely you’ll need to call on and question more than a handful of people.

Because comparing and tracking all the servers that are on one list, but not another can be a challenge.

Because it his highly LIKELY that you WILL find something and the server team will not be happy.

Continue reading

2 Comments

Filed under Audit, Security, How to..., Technology

Bank’s Change Management Troubles

AuditMonkey has written about the Royal Bank of Scotland’s change management troubles.

Continue reading

5 Comments

Filed under Audit, Technology