February 9, 2010
After my quip about some auditors write more like e. e. cummings than auditors, I recalled my favorite poem of his. With apologies to cummings, I recast it into auditor worldspeak.
auditor lived in a pretty hard town
(with up so floating many tests down)
spring summer autumn winter
he sang his pass he danced his fail
Women and men(both little and small)
cared for auditor not at all
they sowed their isn’t they reaped their shame
fun swoon cars pain
managers guessed(but only a few
and down they forgot as up they grew
autumn winter spring summer)
that audit failed them more by more
when by now and tree by leaf
auditor laughed his joy he caught a thief
hand in jar and caught by logs
payroll’s any was but too small
someones lied their everyones
smiled their cryings and hid their dance
(sleep wake hope and then)they
said their nevers they stole their dream
wars pain none soon
(and only the CFO can begin to explain
how staffers are apt to forget to remember
with up so floating many tests down)
one day auditor fired i guess
(and HR stooped to slap his face)
guilty folk hurried him out the door
smirk by smirk and fix by fix
all by all and debt by debt
and more by more they hide their creep
someone and anyone tax by april
wish by cover and work by crime.
Women and men(both fat and cat)
summer autumn bitter spring
reaped their slothing and hung their brain
run ruin scars pain
February 8, 2010
I was excited to see the annual 401K statement from one of my former employers had arrived. I was expecting a high return on my current investment, just like last year.
Sure enough, the return was exponential. I smiled, but the smile soon turned into deep laughter.
Keep reading →
February 7, 2010
A Security Scout adventure…
My last post, Password, Password on the Wall, triggered a memory of another password issue I stumbled upon some time ago.
I had flown across the country to help a fellow system administrator upgrade some of his applications. At one point, we left the data center and ventured out to the factory floor to fix a botched client software installation.
Keep reading →
February 6, 2010
Okay, so you’re not up to a wastebasket audit? Too demeaning, too sneaky, too many sticky candy wrappers? How about a simple server share audit?
Many companies have shared drives, and then they have “over-shared” drives, those locations where anyone who needs a space to store files that they share with a couple departments. Or perhaps your company just doesn’t lock their shares according to the least privilege principle.
Keep reading →
Filed under Audit
Tags: Audit, confidential, demotion, easy, encryption, lawsuit, password, server, share, social security, SSN, PII, wastebasket audit, trade secret, intellectual property, sex, porn, nude, naked, theft, appraisal, xxx, medical history, least privilege, search, salary
February 5, 2010
A Security Scout adventure…
After a friend bought me lunch today, he showed me around his work place. During our walk, we stopped at the IT workbench area to see if the laptop he ordered for a new employee would be ready by Monday (I tagged along).
Keep reading →
February 4, 2010
This is the third article in a series on audit and security tools. The first article, How to Stay out of Jail, stresses that you need a GOOJ card before you use any security tools or techniques. The second article, What Needs to be on a GOOJ Card, outlines how to create a GOOJ card.
Key point: Never use security or cracker tools on networks or devices that you do not own unless you have permission in writing.
In this article, I describe a few security tools that I believe every auditor or security analyst should be familiar with, or at the very least, be aware of.
Keep reading →
Filed under Audit, Security
Tags: password, stay out of jail, sniffer, Fyodor, Gordon Lyon, Top 100 Network Security Tools, sectools.org, GOOJ card, cain, abel, wireshark, nmap, superscan, netstumbler, kismet
February 4, 2010
Mimosa Systems, the company that created a robust email archive solution for Exchange and Sharepoint, is offering a free ebook on email archiving here.
The ebook describes the retention requirements that companies are subject to. If your company sells to the federal government, you especially need to be aware of these requirements. I’d also recommend reading this ebook if you thinking of moving to Exchange.
NOTE: To get this ebook, you must sign up with your work email. Email addresses from Hotmail, Yahoo, and other personal accounts are not accepted.
I am not affiliated with Mimosa. I know a company that implemented this product in addition to their ediscovery product, and while it’s really expensive, they are good products.
February 2, 2010
If you belong to one of the companies that hasn’t converted to Office 2007 yet, beware–Office 2010 is coming.
An article in the Journal of Accountancy called, What’s New for CPAs in Office 2010, describes the following top changes coming in Excel 2010:
Keep reading →
February 1, 2010
Most auditors and security analysts have never performed a wastebasket audit. Why do a trashcan audit?
Keep reading →
Filed under Audit, Security
Tags: audit charter, audit monkey, copy room, dumpster diving, fraud, GOOJ, print room, privacy issue, Security, trashcan, visitor, waste of time, wastebasket audit
