Search Results for: quote of the weak

Quote of the Weak – Clean Data Manually

If you are in IT, audit, or security (or any other job requiring data analysis), you should NOT be cleaning data manually. Let me share a recent experience with you…. A young IT auditor texted me at work and asked … Continue reading

2 Comments

Filed under Audit, Case Files, Data Analytics, Excel, How to..., Quote of the Weak, Security, Technology

Quote of the Weak: Cloud & Passwords

According to the following article, the cloud is safer because the cloud data center is bigger than yours and has better fences. Oh, and passwords need to be hard to use so that others can’t use them.

Leave a comment

Filed under Quote of the Weak, Security, Technology

Quote of the Weak (Securing Virtual Servers)

When I read the following in SC Magazine, my brain identified and attempted to process so many issues at once that I experienced multiple memory and neural page faults and felt physical pain:

Leave a comment

Filed under Quote of the Weak, Security

Quote of the Weak (Trojan=Password)

I’ve been absent from the blog lately due to a number of pressing projects, one which was rebuilding a friend’s Windows XP box after a trojan massacre (and I thought only auditors stabbed the wounded — you should have seen … Continue reading

2 Comments

Filed under Quote of the Weak, Security

Quote of the Weak (Blueberries?)

I was at Menards getting ready for my new garden (see my other Menards adventure). As I was checking out, the cashier scanned a blueberry plant that was packaged in a large paper cup, with a small cluster of leaves … Continue reading

Leave a comment

Filed under Quote of the Weak

Quote of the Weak (Unqualified Opinion)

Some people do not understand that both diamonds and the Internet are forever. I found this statement in a discussion on LinkedIn: I am excited about 2 interviews next week even though  I’m not fully qualified for either one.

Leave a comment

Filed under Employment, Humor/Irony, Quote of the Weak, Security

Updated: Quote of the Weak (Attacker’s Perspective)

Remember the quote about the “attacker’s perspective?” No one identified the issue in the original quote, but I described it in my update in the original post. Check it out.

Leave a comment

Filed under Audit, Quote of the Weak

Quote of the Weak (Pass the control)

A colleague of mine is doing some testing for an audit director that changes her mind frequently on how to deal with audit findings. Occasionally, she is all about nailing control owners who do not have all their ducks groomed … Continue reading

Leave a comment

Filed under Audit, Humor/Irony, Quote of the Weak

Quote of the Weak (Stab the Wounded)

A friend of mine heard this one and passed it on to me: Auditors are those who get to the battlefield after the war is over and stab the wounded.

2 Comments

Filed under Humor/Irony, Quote of the Weak

Quote of the Weak (Attacker’s Perspective)

I don’t like to pick bones with my fellow ISACAeans, but when I saw this in the Journal recently, I had to react. Can you pick out the problem?

4 Comments

Filed under Audit, Quote of the Weak

Quote of the Weak (Children under 18)

During the Olympics, an advertisement for a medication for treating major depressive disorder (MDD) caught my attention. It aired appropriately after I became depressed that Apollo Ohno was disqualified in the speed skating short track:

Leave a comment

Filed under Audit, Humor/Irony, Quote of the Weak

Quote of the Weak (Special Characters)

While I realize many bloggers do “Quote of the Week,” it was Audit Monkey who gave me the idea. Here’s my very first quote: Who uses special characters in passwords? Nobody does that.

Leave a comment

Filed under Quote of the Weak, Security

Quotes of the Weak (NOT)

Over the years, I think that Skyyler and I have penned some pretty funny lines. If you’re in the mood for some humor, read on and discover why these lines appeared in these posts. Usually, we were making a serious … Continue reading

8 Comments

Filed under Audit, Humor/Irony, Quote of the Weak, Security, Technology, Written by Skyyler

Randomly Generate Weak Passwords

I was at a client’s site looking for more contract work when the manager of the department started telling me about their great IT security website on their Intranet. She clicks on their random generator password page and shows me … Continue reading

4 Comments

Filed under Humor/Irony, Security, Security Scout

Quote of the Strong (Get Permission)

Since I started Quote of the Weak, I haven’t heard that many good quotes we can share a chuckle over. So, in contrast, here’s a great quote of the strong:

Leave a comment

Filed under Audit, Security

Bank’s Change Management Troubles

AuditMonkey has written about the Royal Bank of Scotland’s change management troubles.

5 Comments

Filed under Audit, Technology

Auditing is a Noble Profession

While commenting on AuditMonkey’s blog, I noted that because companies often don’t do the right thing, auditing is a noble profession. Mainly because we can right some of those wrongs. Then I said…

Leave a comment

Filed under Audit, Humor/Irony, Quote of the Weak

If Your Password Disappears, Look 4 it

If you enter a password into a login box and your password disappears, look for it! I’m serious, because it happened again today. Not to me, but to my colleague.

Leave a comment

Filed under Security, Security Scout

Top 10 Reasons NOT to Virtualize

Trend Micro’s Dave Asprey has posted 10 reasons not to virtualize. I generally disagree with all of them (as I’ll explain later), but I think he missed the REAL #1 reason not to virtualize…

Leave a comment

Filed under Technology, Top 10

How Virtualization Changes Audits

If you haven’t determined how server virtualization changes your audit plans, you better get moving. I’m not just talking about a virtualization audit (more on that later), but the audits that you typically do every year or on a multi-year … Continue reading

2 Comments

Filed under Audit, How to..., Security, Technology

SiteMap

Check out these categories to find posts that you’re interested in. ACL Audit Blogging CISACase Files Employment Free Free Download How to… Humor/Irony Scripting (ACL) Security Security Scope Security Scout Quote of the Weak Top 10 Uncategorized Popular Posts Teach … Continue reading

3 Comments

Filed under

Securing Virtual Servers

Here’s my take on the issues that I found with the following quote from SC Magazine (for more info, see Quote of the Weak (Securing Virtual Servers): We don’t treat the virtualization servers any different than the physical servers when it … Continue reading

Leave a comment

Filed under Quote of the Weak, Security

Last Call for Comments – Virtual Security

Here’s one last call for comments on  Quote of the Weak (Securing Virtual Servers). Be the first one to dive in. Be the first on your block. Since no one has commented, does that mean 1) no one knows much about … Continue reading

Leave a comment

Filed under Quote of the Weak, Security

Throw Password Rules Under the Bus?

I ran across Tom Olzak’s post where he quotes from an SANS article by Daniel Wesemann, Password rules: Change them every 25 years. I disagree with both of them on a few points. First, Olzak notes in his introductory paragraph … Continue reading

2 Comments

Filed under Security

About

Hi, welcome to my blog! Blog Focus This blog focuses on technology, information security, and IT audit, but certainly not in that order. Miscellaneous tangents will appear occasionally. My goals for this blog: Tackle audit and security issues, often from … Continue reading

45 Comments

Filed under

Steal from Agile to Increase Audit Analytics

To increase the amount and depth of the analytics performed, steal some agile methods, and apply them to your audits. If you’re not familiar with agile methods, check out the first 5 topics listed here (just click Next at the … Continue reading

Leave a comment

Filed under Audit, Data Analytics, How to..., Technology, Written by Skyyler

Create a Team for Audit Analytics? Part 3

In the previous post, Create a Team for Audit Analytics? Part 2, I explored the pros and cons of expecting all auditors to develop a level of data and analytic proficiency. These auditors would continue to do audit testing that involves … Continue reading

7 Comments

Filed under Audit, Data Analytics, How to..., Technology, Written by Skyyler

Deleting ACL Table Covers A Multitude of Sins

I’m not sure why, but sometimes deleting an ACL table or two covers a multitude of sins, errors, or just plain weird behavior. No, I don’t get any error messages. That’s the strange part. I’m talking about strange ACL behavior … Continue reading

Leave a comment

Filed under ACL, How to..., Scripting (ACL)

How to get an IT Audit job with little or no experience

I get asked all the time, “How do I get a job in IT audit with little or no experience?” When Michael Onuoha asked me this question (see here), I thought I’d share my response with my readers. You’ll find these … Continue reading

26 Comments

Filed under Audit, Certification, Employment, How to..., Technology

Data Center Failure: Going Behind Door #2

In my previous post, I described a data center failure that I discovered as the newly hired security manager of a prominent company. In this post, I describe my next adventure. NOTE: Some of the details below were changed a … Continue reading

1 Comment

Filed under Case Files, Security, Security Scout

ACL Error: Not all Fields Imported via Script

Recently, I  ran an import script to import a delimited file into ACL, but the last 10 fields were not imported. And I didn’t know it right away, because I received no error message. In addition (or should I say, … Continue reading

3 Comments

Filed under ACL, Scripting (ACL), Written by Skyyler

How to Perform Population Validation

Do you perform appropriate population validation of the data you rely on in an audit? Population validation is simply gaining confidence that the data you are using in your audit contains all the appropriate data for your audit objectives (e.g., … Continue reading

9 Comments

Filed under Audit, How to...

ACL: Edit Scripts Easily

As soon as you create an ACL script, you often have to add to it or edit it. There’s an easy way to do it.

6 Comments

Filed under ACL, Data Analytics, How to..., Scripting (ACL), Written by Skyyler

Biggest Problem in Computer Security

What’s the biggest problem in computer security, according to valsmith at carnal0wnage.attackresearch.com? Well, it’s… Staffing. As the author admits, the post leans toward self-promotion of the company, but it makes many good points and deserves a read and a good … Continue reading

Leave a comment

Filed under Audit, Security

ACL tip: Prefix Computed Fields with c_

It’s a best practice to prefix all computed fields with “c_” (e.g., c_Region) for the following reasons: 1) Computed fields are not original data, and you should always keep this in mind. You should scrutinize the values in computed fields … Continue reading

Leave a comment

Filed under ACL, Data Analytics, Written by Skyyler