Search Results for: quote of the weak

by ITauditSecurity | February 11, 2019 · 6:45 am

Quote of the Weak – Clean Data Manually

If you are in IT, audit, or security (or any other job requiring data analysis), you should NOT be cleaning data manually. Let me share a recent experience with you…. A young IT auditor texted me at work and asked … Continue reading →

Filed under Audit, Case Files, Data Analytics, Excel, How to..., Quote of the Weak, Security, Technology

Tagged as analysis, clean, data, drive, excel, experience, formula, manual, map, network, transform, user ID

by ITauditSecurity | November 16, 2012 · 7:54 pm

Quote of the Weak: Cloud & Passwords

According to the following article, the cloud is safer because the cloud data center is bigger than yours and has better fences. Oh, and passwords need to be hard to use so that others can’t use them.

Leave a comment

Filed under Quote of the Weak, Security, Technology

Tagged as advisor, cloud, data center, defense, inconvenient, password, rachel elson, Schwab, technology trend

by ITauditSecurity | August 2, 2010 · 6:45 am

Quote of the Weak (Securing Virtual Servers)

When I read the following in SC Magazine, my brain identified and attempted to process so many issues at once that I experienced multiple memory and neural page faults and felt physical pain:

Leave a comment

Filed under Quote of the Weak, Security

Tagged as reality, SC Magazine, Security, security is security, server, virtual, VM

by ITauditSecurity | May 14, 2010 · 6:12 am

Quote of the Weak (Trojan=Password)

I’ve been absent from the blog lately due to a number of pressing projects, one which was rebuilding a friend’s Windows XP box after a trojan massacre (and I thought only auditors stabbed the wounded — you should have seen … Continue reading →

Filed under Quote of the Weak, Security

Tagged as compromise, email, online banking, password, reload, spam, trojan, virus

by ITauditSecurity | April 25, 2010 · 7:41 am

Quote of the Weak (Blueberries?)

I was at Menards getting ready for my new garden (see my other Menards adventure). As I was checking out, the cashier scanned a blueberry plant that was packaged in a large paper cup, with a small cluster of leaves … Continue reading →

Leave a comment

Filed under Quote of the Weak

Tagged as blueberry, differences, job, menards, obvious, tools, unaware

by ITauditSecurity | April 14, 2010 · 7:24 am

Quote of the Weak (Unqualified Opinion)

Some people do not understand that both diamonds and the Internet are forever. I found this statement in a discussion on LinkedIn: I am excited about 2 interviews next week even though I’m not fully qualified for either one.

Leave a comment

Filed under Employment, Humor/Irony, Quote of the Weak, Security

Tagged as data, Facebook, forever, google, linkedin, privacy policy, Quote of the Weak, terms of service, unqualified opinion

by ITauditSecurity | April 6, 2010 · 7:08 am

Updated: Quote of the Weak (Attacker’s Perspective)

Remember the quote about the “attacker’s perspective?” No one identified the issue in the original quote, but I described it in my update in the original post. Check it out.

Leave a comment

Filed under Audit, Quote of the Weak

Tagged as attacker

by ITauditSecurity | March 26, 2010 · 8:01 am

Quote of the Weak (Pass the control)

A colleague of mine is doing some testing for an audit director that changes her mind frequently on how to deal with audit findings. Occasionally, she is all about nailing control owners who do not have all their ducks groomed … Continue reading →

Leave a comment

Filed under Audit, Humor/Irony, Quote of the Weak

Tagged as exception, fail, finding, pass, review, validate

by ITauditSecurity | March 19, 2010 · 7:46 am

Quote of the Weak (Stab the Wounded)

A friend of mine heard this one and passed it on to me: Auditors are those who get to the battlefield after the war is over and stab the wounded.

Filed under Humor/Irony, Quote of the Weak

Tagged as auditors, battlefield, Christel Fouche, Quote of the Weak, stab the wounded

by ITauditSecurity | March 3, 2010 · 8:12 am

Quote of the Weak (Attacker’s Perspective)

I don’t like to pick bones with my fellow ISACAeans, but when I saw this in the Journal recently, I had to react. Can you pick out the problem?

Filed under Audit, Quote of the Weak

Tagged as accidental ignorant, antivirus, attacker, cisa, God, isaca, isaca journal, misconfigure, mistake, nanny camera, natural disaster, Quote of the Weak, risk factor, security risk assessment

by ITauditSecurity | March 1, 2010 · 8:20 am

Quote of the Weak (Children under 18)

During the Olympics, an advertisement for a medication for treating major depressive disorder (MDD) caught my attention. It aired appropriately after I became depressed that Apollo Ohno was disqualified in the speed skating short track:

Leave a comment

Filed under Audit, Humor/Irony, Quote of the Weak

Tagged as apollo ohno, children under 18, cymbalta, depression, disqualified, olympics, Quote of the Weak

by ITauditSecurity | February 16, 2010 · 8:35 am

Quote of the Weak (Special Characters)

While I realize many bloggers do “Quote of the Week,” it was Audit Monkey who gave me the idea. Here’s my very first quote: Who uses special characters in passwords? Nobody does that.

Leave a comment

Filed under Quote of the Weak, Security

Tagged as audit monkey, complexity, password, Quote of the Weak, special characters, what's the fuss

by ITauditSecurity | October 13, 2015 · 11:00 am

Quotes of the Weak (NOT)

Over the years, I think that Skyyler and I have penned some pretty funny lines. If you’re in the mood for some humor, read on and discover why these lines appeared in these posts. Usually, we were making a serious … Continue reading →

Filed under Audit, Humor/Irony, Quote of the Weak, Security, Technology, Written by Skyyler

Tagged as carcass, err, funny, nasty, quote, shredder, toenail, weak

by ITauditSecurity | August 23, 2010 · 6:28 am

Randomly Generate Weak Passwords

I was at a client’s site looking for more contract work when the manager of the department started telling me about their great IT security website on their Intranet. She clicks on their random generator password page and shows me … Continue reading →

Filed under Humor/Irony, Security, Security Scout

Tagged as generator, letter, number, password, policy, random, Security Scout, special character, strong, weak

by ITauditSecurity | February 25, 2010 · 10:10 am

Quote of the Strong (Get Permission)

Since I started Quote of the Weak, I haven’t heard that many good quotes we can share a chuckle over. So, in contrast, here’s a great quote of the strong:

Leave a comment

Filed under Audit, Security

Tagged as Chris Carboni, GOOJ, handler's diary, hash, permission, quote, sans, strong, weak

by ITauditSecurity | November 24, 2014 · 8:34 am

Bank’s Change Management Troubles

AuditMonkey has written about the Royal Bank of Scotland’s change management troubles.

Filed under Audit, Technology

Tagged as auditmonkey, bank of scotland, change management, computerweekly, failure, fine, IT, trouble, UK

by ITauditSecurity | September 23, 2013 · 6:00 am

Auditing is a Noble Profession

While commenting on AuditMonkey’s blog, I noted that because companies often don’t do the right thing, auditing is a noble profession. Mainly because we can right some of those wrongs. Then I said…

Leave a comment

Filed under Audit, Humor/Irony, Quote of the Weak

by ITauditSecurity | February 11, 2013 · 6:00 am

If Your Password Disappears, Look 4 it

If you enter a password into a login box and your password disappears, look for it! I’m serious, because it happened again today. Not to me, but to my colleague.

Leave a comment

Filed under Security, Security Scout

Tagged as active, change, chat, disappear, email, look, open, password, URL, window

by ITauditSecurity | March 12, 2012 · 7:00 am

Top 10 Reasons NOT to Virtualize

Trend Micro’s Dave Asprey has posted 10 reasons not to virtualize. I generally disagree with all of them (as I’ll explain later), but I think he missed the REAL #1 reason not to virtualize…

Leave a comment

Filed under Technology, Top 10

Tagged as 10, application, blog, chris chesley, cloud security, configure, cost, Dave Asprey, environment, expertise, manage, money, not, reasons, red flag, Security, smoke, top, trend micro, vendor, virtual

by ITauditSecurity | February 16, 2012 · 10:42 pm

How Virtualization Changes Audits

If you haven’t determined how server virtualization changes your audit plans, you better get moving. I’m not just talking about a virtualization audit (more on that later), but the audits that you typically do every year or on a multi-year … Continue reading →

Filed under Audit, How to..., Security, Technology

Tagged as access, admin, Audit, backup, change, citrix, configuration, disaster, ESX, expertise, guest, host, hyper-v, policy, recovery, risk, Security, server, snapshot, Unix, user, virtual, VMWare, Windows, Xen

by ITauditSecurity | September 3, 2011 · 9:07 am

SiteMap

Check out these categories to find posts that you’re interested in. ACL Audit Blogging CISACase Files Employment Free Free Download How to… Humor/Irony Scripting (ACL) Security Security Scope Security Scout Quote of the Weak Top 10 Uncategorized Popular Posts Teach … Continue reading →

Filed under

by ITauditSecurity | September 9, 2010 · 8:30 pm

Securing Virtual Servers

Here’s my take on the issues that I found with the following quote from SC Magazine (for more info, see Quote of the Weak (Securing Virtual Servers): We don’t treat the virtualization servers any different than the physical servers when it … Continue reading →

Leave a comment

Filed under Quote of the Weak, Security

Tagged as ethicalhacker, etsy, harden, machines, monitor, Quote of the Weak, risk, Security, server, servers, sprawl, traffic, virtual, VM, VMWare, vulnerability

by ITauditSecurity | August 23, 2010 · 7:33 pm

Last Call for Comments – Virtual Security

Here’s one last call for comments on Quote of the Weak (Securing Virtual Servers). Be the first one to dive in. Be the first on your block. Since no one has commented, does that mean 1) no one knows much about … Continue reading →

Leave a comment

Filed under Quote of the Weak, Security

by ITauditSecurity | March 31, 2010 · 7:16 am

Throw Password Rules Under the Bus?

I ran across Tom Olzak’s post where he quotes from an SANS article by Daniel Wesemann, Password rules: Change them every 25 years. I disagree with both of them on a few points. First, Olzak notes in his introductory paragraph … Continue reading →

Filed under Security

Tagged as 30 60 90, brute force, change, complex, daniel wesemann, encrypted, hashed, keylogger, passphrase, password, phishing, sans, sharing, shoulder surf, social engineering, strong, tom olzak, two-factor, write down

by ITauditSecurity | March 11, 2009 · 9:15 pm

About

Hi, welcome to my blog! Blog Focus This blog focuses on technology, information security, and IT audit, but certainly not in that order. Miscellaneous tangents will appear occasionally. My goals for this blog: Tackle audit and security issues, often from … Continue reading →

Filed under

by skyyleracl | May 22, 2018 · 6:45 am

Steal from Agile to Increase Audit Analytics

To increase the amount and depth of the analytics performed, steal some agile methods, and apply them to your audits. If you’re not familiar with agile methods, check out the first 5 topics listed here (just click Next at the … Continue reading →

Leave a comment

Filed under Audit, Data Analytics, How to..., Technology, Written by Skyyler

Tagged as agile, analytics, Audit, data, feedback, guidelines, iteration, lessons learned, linear, management, meeting, plan, problem, profiling, progress, schedule, stand-up, steal, summary, validation, value, waterfall

by skyyleracl | March 20, 2018 · 6:45 am

Create a Team for Audit Analytics? Part 3

In the previous post, Create a Team for Audit Analytics? Part 2, I explored the pros and cons of expecting all auditors to develop a level of data and analytic proficiency. These auditors would continue to do audit testing that involves … Continue reading →

Filed under Audit, Data Analytics, How to..., Technology, Written by Skyyler

Tagged as agile, analytics, Audit, cons, dedicated, department, everyone, flexible, growth, hybrid, increase, left behind, management, proficiency, pros, skills, team, virtual

by ITauditSecurity | August 29, 2017 · 7:45 am

Deleting ACL Table Covers A Multitude of Sins

I’m not sure why, but sometimes deleting an ACL table or two covers a multitude of sins, errors, or just plain weird behavior. No, I don’t get any error messages. That’s the strange part. I’m talking about strange ACL behavior … Continue reading →

Leave a comment

Filed under ACL, How to..., Scripting (ACL)

Tagged as acl, delete, error message, log, problem, restart, sin, table

by ITauditSecurity | March 21, 2017 · 11:00 am

How to get an IT Audit job with little or no experience

I get asked all the time, “How do I get a job in IT audit with little or no experience?” When Michael Onuoha asked me this question (see here), I thought I’d share my response with my readers. You’ll find these … Continue reading →

Filed under Audit, Certification, Employment, How to..., Technology

Tagged as big 4, cisa, experience, inexperienced, it auditor, project, volunteer

by ITauditSecurity | October 13, 2014 · 11:00 am

Data Center Failure: Going Behind Door #2

In my previous post, I described a data center failure that I discovered as the newly hired security manager of a prominent company. In this post, I describe my next adventure. NOTE: Some of the details below were changed a … Continue reading →

Filed under Case Files, Security, Security Scout

Tagged as ceiling, data center, drop, failure, mack was here, security manager, server, tape

by skyyleracl | August 11, 2014 · 11:00 am

ACL Error: Not all Fields Imported via Script

Recently, I ran an import script to import a delimited file into ACL, but the last 10 fields were not imported. And I didn’t know it right away, because I received no error message. In addition (or should I say, … Continue reading →

Filed under ACL, Scripting (ACL), Written by Skyyler

Tagged as acl, datetime, delimited, error, field, format, import, log, script

by ITauditSecurity | October 28, 2013 · 5:55 am

How to Perform Population Validation

Do you perform appropriate population validation of the data you rely on in an audit? Population validation is simply gaining confidence that the data you are using in your audit contains all the appropriate data for your audit objectives (e.g., … Continue reading →

Filed under Audit, How to...

Tagged as 5 whys, alter, comfort, confidence, data, duplicates, manipulate, observe, population, question, rely, SME, sox, spider sense, validate, validation

by skyyleracl | September 2, 2013 · 7:00 am

ACL: Edit Scripts Easily

As soon as you create an ACL script, you often have to add to it or edit it. There’s an easy way to do it.

Filed under ACL, Data Analytics, How to..., Scripting (ACL), Written by Skyyler

Tagged as as, easy, edit, export, extract, field, first, import, join, records, script, table, ten, width

by ITauditSecurity | January 7, 2013 · 6:00 am

Biggest Problem in Computer Security

What’s the biggest problem in computer security, according to valsmith at carnal0wnage.attackresearch.com? Well, it’s… Staffing. As the author admits, the post leans toward self-promotion of the company, but it makes many good points and deserves a read and a good … Continue reading →

Leave a comment

Filed under Audit, Security

Tagged as analyst, big 4, budget, certification, cisa, CISSP, compliance, computer, consultants, CPEs, data mining, demand, documentation, exam, exploit, IS, little 4, lone ranger, management, penetration, problem, sans, Security, skills, sox, supply, valsmith

by skyyleracl | February 17, 2012 · 7:00 am

ACL tip: Prefix Computed Fields with c_

It’s a best practice to prefix all computed fields with “c_” (e.g., c_Region) for the following reasons: 1) Computed fields are not original data, and you should always keep this in mind. You should scrutinize the values in computed fields … Continue reading →

Leave a comment

Filed under ACL, Data Analytics, Written by Skyyler