Search Results for: quote of the weak
Quote of the Weak: We Have a Plan to Address that Risk
As an auditor, I am told all the time by the business that “we have a current project plan that is addressing that risk”, which implies that I shouldn’t waste everyone’s time writing up an audit issue regarding the problem. … Continue reading
Filed under Audit, Case Files, Humor/Irony, Quote of the Weak, Security
Quote of the Weak: No end goal
The other day I was in a meeting to discuss a new analytics project and discovered the team had no end goal. When the discussion started with the software to be used, I knew they were already off track.
Filed under Audit, Case Files, Data Analytics, Humor/Irony, Quote of the Weak
Quote of the Weak – Auditor Judgment
We recently acquired a new data analysis tool in our department, which prompted some of our newbie auditors to share their misunderstanding of auditor judgment and basic data analysis. A group of less experienced and newer auditors were selected to … Continue reading
Filed under Audit, Data Analytics, Humor/Irony, Quote of the Weak, Technology
Quote of the Weak – Clean Data Manually
If you are in IT, audit, or security (or any other job requiring data analysis), you should NOT be cleaning data manually. Let me share a recent experience with you…. A young IT auditor texted me at work and asked … Continue reading
Filed under Audit, Case Files, Data Analytics, Excel, How to..., Quote of the Weak, Security, Technology
Quote of the Weak: Cloud & Passwords
According to the following article, the cloud is safer because the cloud data center is bigger than yours and has better fences. Oh, and passwords need to be hard to use so that others can’t use them.
Filed under Quote of the Weak, Security, Technology
Quote of the Weak (Securing Virtual Servers)
When I read the following in SC Magazine, my brain identified and attempted to process so many issues at once that I experienced multiple memory and neural page faults and felt physical pain:
Filed under Quote of the Weak, Security
Quote of the Weak (Trojan=Password)
I’ve been absent from the blog lately due to a number of pressing projects, one which was rebuilding a friend’s Windows XP box after a trojan massacre (and I thought only auditors stabbed the wounded — you should have seen … Continue reading
Filed under Quote of the Weak, Security
Quote of the Weak (Blueberries?)
I was at Menards getting ready for my new garden (see my other Menards adventure). As I was checking out, the cashier scanned a blueberry plant that was packaged in a large paper cup, with a small cluster of leaves … Continue reading
Filed under Quote of the Weak
Quote of the Weak (Unqualified Opinion)
Some people do not understand that both diamonds and the Internet are forever. I found this statement in a discussion on LinkedIn: I am excited about 2 interviews next week even though I’m not fully qualified for either one.
Filed under Employment, Humor/Irony, Quote of the Weak, Security
Updated: Quote of the Weak (Attacker’s Perspective)
Remember the quote about the “attacker’s perspective?” No one identified the issue in the original quote, but I described it in my update in the original post. Check it out.
Filed under Audit, Quote of the Weak
Quote of the Weak (Pass the control)
A colleague of mine is doing some testing for an audit director that changes her mind frequently on how to deal with audit findings. Occasionally, she is all about nailing control owners who do not have all their ducks groomed … Continue reading
Filed under Audit, Humor/Irony, Quote of the Weak
Quote of the Weak (Stab the Wounded)
A friend of mine heard this one and passed it on to me: Auditors are those who get to the battlefield after the war is over and stab the wounded.
Filed under Humor/Irony, Quote of the Weak
Quote of the Weak (Attacker’s Perspective)
I don’t like to pick bones with my fellow ISACAeans, but when I saw this in the Journal recently, I had to react. Can you pick out the problem?
Filed under Audit, Quote of the Weak
Quote of the Weak (Children under 18)
During the Olympics, an advertisement for a medication for treating major depressive disorder (MDD) caught my attention. It aired appropriately after I became depressed that Apollo Ohno was disqualified in the speed skating short track:
Filed under Audit, Humor/Irony, Quote of the Weak
Quote of the Weak (Special Characters)
While I realize many bloggers do “Quote of the Week,” it was Audit Monkey who gave me the idea. Here’s my very first quote: Who uses special characters in passwords? Nobody does that.
Filed under Quote of the Weak, Security
Quotes of the Weak (NOT)
Over the years, I think that Skyyler and I have penned some pretty funny lines. If you’re in the mood for some humor, read on and discover why these lines appeared in these posts. Usually, we were making a serious … Continue reading
Filed under Audit, Humor/Irony, Quote of the Weak, Security, Technology, Written by Skyyler
Quote: Not Concerned about General Ledger Changes
Last week I was meeting with one of our company’s Accounts Payable clerks, who told me she was not concerned about some upcoming General Ledger changes. 2 changes that were submitted by developers on her behalf. 2 changes she didn’t … Continue reading
Filed under Audit, Case Files, Quote of the Weak, Security, Security Scope
Randomly Generate Weak Passwords
I was at a client’s site looking for more contract work when the manager of the department started telling me about their great IT security website on their Intranet. She clicks on their random generator password page and shows me … Continue reading
Filed under Humor/Irony, Security, Security Scout
Bank’s Change Management Troubles
AuditMonkey has written about the Royal Bank of Scotland’s change management troubles.
Filed under Audit, Technology
Auditing is a Noble Profession
While commenting on AuditMonkey’s blog, I noted that because companies often don’t do the right thing, auditing is a noble profession. Mainly because we can right some of those wrongs. Then I said…
Filed under Audit, Humor/Irony, Quote of the Weak
If Your Password Disappears, Look 4 it
If you enter a password into a login box and your password disappears, look for it! I’m serious, because it happened again today. Not to me, but to my colleague.
Filed under Security, Security Scout
Top 10 Reasons NOT to Virtualize
Trend Micro’s Dave Asprey has posted 10 reasons not to virtualize. I generally disagree with all of them (as I’ll explain later), but I think he missed the REAL #1 reason not to virtualize…
Filed under Technology, Top 10
How Virtualization Changes Audits
If you haven’t determined how server virtualization changes your audit plans, you better get moving. I’m not just talking about a virtualization audit (more on that later), but the audits that you typically do every year or on a multi-year … Continue reading
Filed under Audit, How to..., Security, Technology
SiteMap
Check out these categories to find posts that you’re interested in. ACL Audit Blogging CISACase Files Employment Free Free Download How to… Humor/Irony Scripting (ACL) Security Security Scope Security Scout Quote of the Weak Top 10 Uncategorized Popular Posts Teach … Continue reading
Filed under
Securing Virtual Servers
Here’s my take on the issues that I found with the following quote from SC Magazine (for more info, see Quote of the Weak (Securing Virtual Servers): We don’t treat the virtualization servers any different than the physical servers when it … Continue reading
Filed under Quote of the Weak, Security
Last Call for Comments – Virtual Security
Here’s one last call for comments on Quote of the Weak (Securing Virtual Servers). Be the first one to dive in. Be the first on your block. Since no one has commented, does that mean 1) no one knows much about … Continue reading
Filed under Quote of the Weak, Security
Throw Password Rules Under the Bus?
I ran across Tom Olzak’s post where he quotes from an SANS article by Daniel Wesemann, Password rules: Change them every 25 years. I disagree with both of them on a few points. First, Olzak notes in his introductory paragraph … Continue reading
Filed under Security
About
Hi, welcome to my blog! Blog Focus This blog focuses on technology, information security, and IT audit, but certainly not in that order. Miscellaneous tangents will appear occasionally. My goals for this blog: Tackle audit and security issues, often from … Continue reading
Filed under
Steal from Agile to Increase Audit Analytics
To increase the amount and depth of the analytics performed, steal some agile methods, and apply them to your audits. If you’re not familiar with agile methods, check out the first 5 topics listed here (just click Next at the … Continue reading
Filed under Audit, Data Analytics, How to..., Technology, Written by Skyyler
Create a Team for Audit Analytics? Part 3
In the previous post, Create a Team for Audit Analytics? Part 2, I explored the pros and cons of expecting all auditors to develop a level of data and analytic proficiency. These auditors would continue to do audit testing that involves … Continue reading
Filed under Audit, Data Analytics, How to..., Technology, Written by Skyyler
How to get an IT Audit job with little or no experience
I get asked all the time, “How do I get a job in IT audit with little or no experience?” When Michael Onuoha asked me this question (see here), I thought I’d share my response with my readers. You’ll find these … Continue reading
Filed under Audit, Certification, Employment, How to..., Technology
Data Center Failure: Going Behind Door #2
In my previous post, I described a data center failure that I discovered as the newly hired security manager of a prominent company. In this post, I describe my next adventure. NOTE: Some of the details below were changed a … Continue reading
Filed under Case Files, Security, Security Scout
ACL Error: Not all Fields Imported via Script
Recently, I ran an import script to import a delimited file into ACL, but the last 10 fields were not imported. And I didn’t know it right away, because I received no error message. In addition (or should I say, … Continue reading
Filed under ACL, Scripting (ACL), Written by Skyyler
How to Perform Population Validation
Do you perform appropriate population validation of the data you rely on in an audit? Population validation is simply gaining confidence that the data you are using in your audit contains all the appropriate data for your audit objectives (e.g., … Continue reading
ACL: Edit Scripts Easily
As soon as you create an ACL script, you often have to add to it or edit it. There’s an easy way to do it.
Filed under ACL, Data Analytics, How to..., Scripting (ACL), Written by Skyyler
Biggest Problem in Computer Security
What’s the biggest problem in computer security, according to valsmith at carnal0wnage.attackresearch.com? Well, it’s… Staffing. As the author admits, the post leans toward self-promotion of the company, but it makes many good points and deserves a read and a good … Continue reading
ACL tip: Prefix Computed Fields with c_
It’s a best practice to prefix all computed fields with “c_” (e.g., c_Region) for the following reasons: 1) Computed fields are not original data, and you should always keep this in mind. You should scrutinize the values in computed fields … Continue reading
Filed under ACL, Data Analytics, Written by Skyyler
Blogging: Choose Great Titles and Intro Sentences
Using great titles and intro sentences are so critical to the success of your blog. Not only do they grab the attention of your reader, great titles and introductory sentences seduce search engines like Google into sending you even more … Continue reading
What Needs to be on a GOOJ Card?
If you probe networks, systems, and applications, you need a GOOJ card to protect yourself and your job. In How to Stay Out of Jail, I recommended that anyone who scans, probes, or pokes networks, systems, or devices should always … Continue reading
Filed under Audit, How to..., Security, Technology
ITauditSecurity 