Category Archives: Free

My Favorite ACL Tricks

Here’s a couple of my favorite ACL tricks & treats that I use frequently to get me through the day a little faster and a little less frustrated.

These tricks are the kind that they don’t teach you in class or in tutorials (at least I’ve never learned any of them there; maybe I was in the bathroom during that session); I either figured them out on my own or had someone say, “Let me show you something.”


The Command Line

When I train someone in ACL, the command line is one of the first bonus items to which I draw their attention. The command line allows you to run individual ACL commands without using the ACL menu or scripts.

To open the command line: in the menu bar, click Window, Command Line. This will appear:

You can run most ACL commands from the command line, such as OPEN a table, ASSIGN a variable value, and lots more (the commands can be entered in lower/upper/camel case, but I use uppercase in this post to help them stand out).

My 2 most frequently used command are listed below.

DISPLAY – list the fields in a table, along with their start position, length, and more.

To run this command, 1) open the table you want to run this command against, and 2) enter the command in yellow in the command line, and press Enter.

Note that the last line shows you a computed field and the formula behind it.

DISPLAY VARIABLES – list all currently active variables, their type/format, and their values.

To run the following command, just enter it in the command line, and press Enter.

Note that user-defined variables (v_record and v_table) are shown, along with system variables (OUTPUTFOLDER and WRITE1). If you’re not familiar with ACL system variables, look them up in the ACL help file (it will be worth your time).

Note that 2 of the variables are character (C) type and 2 are numeric (N).

This command is extremely helpful when you are troubleshooting variables.

Bonus: Instead of DISPLAY, you can type DIS; instead of DISPLAY VARIABLES, you can type DIS VAR. Much shorter!

Bonus #2: Another useful use of the command line is to enter variable values. For example, if you have a NOTIFY command at the end of a script that will send an email if v_Run_Notify = “Y”, you can enter v_Run_Notify = “N” in the command line and press Enter to change the variable value and prevent the NOTIFY command from running while you test changes to your script.

Open a Table You Can’t Find

Sometimes I can’t find a table because I don’t remember (or know) which ACL folder it is hiding in (the folder in your project, not a Windows folder on your hard drive).

If you know the name of the table, you can just type OPEN <tablename> and press Enter (where <tablename> is the name of the table you want to open). When I don’t remember the table name or I’m too lazy to type it out, I copy the name from the ACL log or a script that uses it, and copy it to the command line.

When the table opens, you can then see what folder the table was hiding in (the folder is not shown in screenshot below).

Clear the Command Line

When you use the command line a lot, you have to clear it before entering another command. Instead of backspacing and deleting the text, or highlighting and deleting the text, just click the X at the far right.

Likewise, instead of pressing Enter after entering a command, you can click the checkmark.

Table History

When you’re working on a big project that contains many different tables, sometimes it’s hard to remember how that table was created. Or you haven’t opened the ACL project in a while, or you have to troubleshoot or review a project someone else created.

So what table(s) were used to create that table, and what filters/joins were used to create it? How many records did the original table contain?

I used to hunt through the ACL log or the scripts to find all that info, but for the most part, it’s all in the table history.

To access a table’s history, 1) open the table you’re interested in, and 2) from the menu bar, select Tools, Table History. You’ll see something like this:

The first line shows the original table (PcardTransactions) and the FILTER used. The second line shows the filtered data (all fields) was extracted to a new table (PCardUSA).

The third line shows number of records in the original table (Input) and the fourth line shows the number of resulting records (Output) in the extracted table.

If a JOIN was used, the table history would list the primary and secondary tables as well as the JOIN command parameters used.

The other nice thing is that you can take a screenshot of the table history and use it for documentation or evidence.

Bonus: Instead of selecting Tools, History from the menu, you can type DIS HIS in the command line, and press ENTER. Same results!

If you have some ACL tricks up your sleeve, let me know.

5 Comments

Filed under ACL, Audit, Data Analytics, Free, How to..., Scripting (ACL)

How to get a Data Science job with little or no experience

data scientistWhen you’re trying to get a data science job, you need experience, but to get experience, you need a job, right? Not always, and this is the case for many jobs, not just data science.

But in data science, you can generate the experience you need yourself.

You might have seen one of my earlier posts, How to get an IT Audit job with little or no experience. Let me say from the beginning that getting an IT audit job with no experience is easier than a data science job with no experience. But according to an article from KDnuggets, it can be done. And like everything else, it takes hard work.

The article defines data science as “an interdisciplinary field that focuses on solving problems and gathering information.” 

Continue reading

Leave a comment

Filed under Audit, Blogging, Data Analytics, Data Science, Employment, Free, How to..., Technology

Job Automation Quiz

automation quiz

Test how much you know about automation technologies by taking the job automation quiz at Financial Management magazine.

Continue reading

Leave a comment

Filed under Audit, Free, Security, Technology

FREE Fraud Investigation Quiz

Quiz yourself to discover how much you know about fraud investigations.free quiz

While you may not be tasked with leading an investigation, you might need to work with those working on such an investigation. Either way, do you know the basics?

This quick, 5-question quiz from the Journal of Accountancy will indicate what you know AND what you don’t. And whether you get each answer right or wrong, the answers provide additional information. Continue reading

4 Comments

Filed under Audit, fraud, Free

Real Auditors Use Excel PowerPivot

powerpivot iconIf you’re an auditor and you are not yet using Excel PowerPivot, you are missing the next greatest thing since spreadsheets arrived.

If you are NOT an auditor, and you don’t use PowerPivot, you’re in the same boat with the auditors mentioned above, and it is sinking.

In other words, if you use Excel, you should be learning Excel PowerPivot. It’s that big.

Let me explain why.

NOTE: I updated this post quite a bit with new info…

Continue reading

13 Comments

Filed under Audit, Data Analytics, Excel, Free, Technology

Auditors, Do Data Analytics or Die

If you’re an auditor, you need data analytic skills or you will die.

Or put another way, if you don’t acquire them in the next 1-5 years, you will no longer be an auditor.

Pretty bold statement, isn’t it?

Continue reading

10 Comments

Filed under Audit, Data Analytics, Employment, Free, Technology, Written by Skyyler

New IT Auditors Should Start Here

new-auditorIf you’re a new IT auditor or want to become one, I’ve listed a number of my earlier posts for your consideration. If you’re an experienced auditor, here’s an overview of the profession through my eyes.

These posts will:

  1. Provide basic information regarding IT audit and security and links to other sources.
  2. Help you avoid some of the hidden pitfalls that control owners and auditors face.
  3. Give you ideas and approaches for some common and uncommon audits.
  4. Give you a few chuckles.

If you start at the top and read through each post, you’ll get a good taste of the positives and negatives of IT auditing. Since you can’t do it in one sitting, you could bookmark the list and work your way through it as you have time.

Continue reading

15 Comments

Filed under Audit, Certification, Employment, Excel, Free, How to..., Humor/Irony, Technology

Safely Check Bad URLs

If you’re looking for a way to safely check URLs for bad content, Lenny Zeltser had a great list of free online tools for you.

Continue reading

Leave a comment

Filed under Free, How to..., Security, Technology

Excel: Basic Data Analytics

basic data analytics1Here’s a list of my basic data analytic procedures for Excel.

As I add more posts to the series, I’ll update this list.

I created this series because:

1) I often get asked by new AND EXPERIENCED auditors how to do these tasks,

2) when I review workpapers, I realize too many auditors are not aware of these functions,

Continue reading

26 Comments

Filed under Audit, Data Analytics, Free, How to..., Security

Free CISSP Review Material, Practice Exams

I just found some more FREE CISSP review material and practice exams. One exam is 100 questions, the other 250.

Continue reading

6 Comments

Filed under Certification, Free, Free Download, Security

Review of ACL Excel Add-in, Now FREE! (NOT)

In case you missed it, ACL released the next version of their Acerno product, renamed it ACL Excel Add-in, and made it FREE!  2021 UPDATE – it doesn’t look like it’s free any more; requires ACL subscription.

UPDATE – I’m guessing that since this product never caught on, they only give it away to subscribers – go figure.

So I thought I’d update my review.

For my original review of Acerno, see A Review of ACL Acerno. It still seems that I’m the only one who ever took the time to review the product (versus marketing blurbs, which are all over the ‘net), which appears to be a statement regarding its popularity.

Despite the poor popularity, since they updated it AND made it free, I decided to dive in for another look.

Note: This add-in is not just for auditors! Any one who regularly reviews data should consider using this simple, EASY-to-use software.

Please take the new & improved poll at the bottom of this post (also free).

Continue reading

4 Comments

Filed under ACL, Audit, Data Analytics, Excel, Free, Free Download

FREE Frank (Catch Me If You Can) Abagnale video

pan am pilot frank abagnale catch me if you canFrank Abagnale, the real-life con artist depicted in the Catch Me if You Can movie, talks about his life as a fraudster in a free video.

Back in the 1960s, Abagnale posed as an Pan Am airline pilot, a pediatrician, an FBI agent, and a lawyer. He was a master at conning people and passing bad checks. He even conned his dad (see ‘First Con’ heading).

Continue reading

2 Comments

Filed under Audit, Free, Security

Free File-Splitter Program

Splits text filesWhen I ‘m trying to work with text files that are so big I can’t even open them with programs like Excel, Notepad, or PSPad, I reach for the FREE file-splitter program.

Continue reading

5 Comments

Filed under Audit, Free, How to..., Technology, Written by Skyyler

FREE Global Security Resource Guide

ISC2.org, the organization that grants the CISSP certification, has a great, online, FREE global security resource guide.

No membership, certification, or log-in required!

Update 1-11-14: See Kim White’s comment below about availability of this resource. If it is made public, I will link to the new version. The “remove this post now” comment makes me wonder if it’s coming back for public consumption*. – Mack

Continue reading

2 Comments

Filed under Audit, Free, Security

Free CISA Prep: Self-Assessment Exam

cisa study guide, tipsIf you’re planning to take the CISA exam, you need to take ISACA‘s own CISA Self-Assessment exam (get it here).

The exam consists of 50 questions that allow exam candidates to “assess their knowledge of the CISA job practice areas and determine in which information security areas they may have strengths and weaknesses.”

Continue reading

2 Comments

Filed under Audit, Certification, Free, Security

ACL: How to Create Your Own Scripts

Creating scripts (and editing them) is not as hard as many of you believe them to be.

Sure, it takes practice and time to learn the basics, but YOU can do it.

If you don’t learn scripting, you are NOT using ACL to it’s fullest, nor are you making the best use of your time.

Continue reading

5 Comments

Filed under ACL, Data Analytics, Free, Free Download, Scripting (ACL), Written by Skyyler

FREE Infosec & Web Pentesting Education

Security Monkey posted that PentesterLab has some great resources that provide training on pentesting, like:
  • Basics of Web
  • Basics of HTTP
  • Detection of common web vulnerabilities:
  • Basics of fingerprinting
  • and more! (like Linux Host Review)

Continue reading

Leave a comment

Filed under Audit, Free, Free Download, Security

FREE CISA Glossary

cisa study guide, tipsISACA has a free glossary of IT, audit, and security terms that is not only helpful in studying for the CISA exam, but is a good reference guide for new and experienced auditors.

Continue reading

3 Comments

Filed under Audit, Free, Security, Technology

ACL: How to Add a Computed Field

If you’ve been wondering how to add a computed field to an existing ACL table, you’re at the right place. I’ll take you through it step-by-step.

In ACL tip: What is a Computed Field?, I defined computed fields and provided 2 examples. I suggest you read that post before you dive into this one.

That post also explains expressions and functions, which you need to understand when creating computed fields. Both that post and this one are long ones, complete with graphics. You might want to print them both out first…

In this post, I’ll show you how to add the c_Region field that is described in the computed field post. It’s not as hard as it looks.

Continue reading

18 Comments

Filed under ACL, Data Analytics, Free, Free Download, How to..., Written by Skyyler

PSPad: Great Text File Audit Tool

PSPad is a great text editor and search tool, so by default, it’s a great audit tool, and it’s free. It can also handle a million lines of text–literally. Are you interested yet? It is also a great file diff/compare tool I’ve ever seen.

PSPad works with text files, such as those ending in TXT or CSV, or any text-based file (like an ini file). It works with DOC files too.

I’ll explain how to do the following with PSPad:

  • Search a file (find all lines containing X)
  • List all occurrences/matches of a search term
  • Export a list of occurrences
  • Compare 2 documents (diff)
  • Download & install PSPad

Continue reading

Leave a comment

Filed under Audit, Free, How to..., Security

Application Hacking Playground

handcuffsThe Taddong Security Blog has a great list of vulnerable web applications you can play with to learn and test your web hacking knowledge and pen-testing tools, handcuffs not included. In other words, you can enter and stay at the playground without going to jail.

Some of them you download and install on your own systems, some of them you run as virtual machines (VMs) or ISOs on your systems, and others are available on the web for your malfeasance pleasure.

Continue reading

2 Comments

Filed under Free, Security

LinkedIn Hack: Don’t Just Change Password, Reconfigure

LinkedIn Hacked

We all know that LinkedIn was hacked and lost at least 6.5 million hashed passwords, or at least that’s how many were was posted. Besides changing passwords, is anyone thinking about their LinkedIn lock-down/security settings? What about other social media? See further below instructions for locking down LinkedIn, Facebook, Twitter, and Google+.

Continue reading

3 Comments

Filed under Free, Security

FREE CISA Study Guide

cisa study guide, tipsWhen I was studying for the CISA, I created a 40-page study guide for myself that you can download for free.

If you decide to use it, here’s a couple points to keep in mind:

Continue reading

70 Comments

Filed under Audit, Certification, Free, Technology

Master List of ACL Articles and Tips

To make these posts easier to find (and link to), here’s a list of all the ACL posts on this blog in alphabetical order, and by most popular.
I’ll add other posts as they are written.

Continue reading

4 Comments

Filed under ACL, Audit, Data Analytics, Excel, Free, How to..., Scripting (ACL), Technology, Top 10

Free ACL Bootcamp Training – from ACL!

ACL is offering FREE training as part of their bootcamp series, which started in September 2011. The training consists of a video presentation that includes ACL demos. The best part is that you do NOT have to be a current ACL customer or even have a copy of ACL.

The purpose of the series, according to ACL, is to teach basic skills and deal with common problems that ACL users encounter. Each session lasts about 30-40 minutes, followed by a Q&A session. The bootcamp is led by Shane Grimm (see his blog comment here).

Continue reading

1 Comment

Filed under ACL, Audit, Data Analytics, Free

Web Hacking 101

If you want to learn about web hacking, Security Monkey* highlights 2 videos and 2 books on the subject.  The videos are very basic and over an hour long, and are free for the viewing.

The videos were presented by Dan Guido at Polytechnic Institute of New York University, a private technology university in Brooklyn, New York.

Continue reading

Leave a comment

Filed under Free, Security, Technology

Get FREE Audit Work Plans at AuditNet

If you’re looking for FREE audit work plans, AuditNet.org is probably your best bet.

You can get a free account that allows you to access a limited number of work plans, usually basic ones. A premium account gives you access to all content . See their Subscription Plans for more info, and note that they call work plans ‘audit templates’.

If you have an ACL support agreement, you may be able to access AuditNet for FREE!

Last time I looked, over 100 work plans were free, and a total of 2600 were available.

Continue reading

7 Comments

Filed under ACL, Audit, Free, How to..., Security

Free CEH/Shon Harris Videos

Shon Harris is offering FREE Certified Ethical Hacking (CEH) videos for online viewing. According to Harris, all the videos together are over 25 hours long.

The videos are listed below and can be viewed at www.logicalsecurity.com/resources/resources_videos.html.

So what’s the catch? Make sure you read this entire post before you leap!

Leave a comment

Filed under Audit, Free, How to..., Security

Free/Cheap Monitoring Tools (SANS)

In case you missed it, the Internet Storm Center had a great post the other day, asking readers:

Continue reading

Leave a comment

Filed under Free, Security

IT Policy & PCI Compliance for Dummies Ebooks

Here’s 2 more free Dummies ebooks from Qualys. Registration required. Must be a lot of dummies out there…

Other free Dummies books.

Leave a comment

Filed under Audit, Free, How to..., Security

Free Vulnerability Management for Dummies Ebook

Here’s another one. Register and download from Qualys here.

Other free Dummies books.

Leave a comment

Filed under Free, How to..., Security

Great Security Cheatsheets (Free)

Lenny Zeltser not only created some great security cheatsheets, he compiled a list of some good reference guides developed by others.

Why should you trust his FREE cheatsheets? Lenny leads a security consulting practice, teaches malware analysis, explores security topics at conferences and in articles, and volunteers as an incident handler at the Internet Storm Center.

So whether you want to learn more about specific security practices or just have a quick reference, you’ll want these cheatsheets.

Continue reading

Leave a comment

Filed under Audit, Free, How to..., Security

Free PIX Firewall Checker

Matasano Security has released an upgrade to Flint, a FREE web application that examines firewall configurations. “Flint examines firewalls, quickly computes the effect of all the configuration rules, and then spots problems.”

According to Matasano, once you upload a firewall configuration, Flint:

Continue reading

Leave a comment

Filed under Free, Security

Free Data Backup for Dummies Ebook

Ready for another free Dummies ebook? Now you can register for and download a free copy of Data Backup Dummies.

According to i365 (formerly EVault), the ebook describes how to:

Continue reading

1 Comment

Filed under Free, How to..., Security

Free Data Leakage for Dummies Ebook

If you hurry (limited time offer), you can register for and download a free copy of Data Leakage for Dummies from Sophos.

Continue reading

Leave a comment

Filed under Free, How to..., Security

Free ACL Benford’s Law Training (Online)

I found a website where a group from the Business School of the University of Colorado Denver is offering free online training for ACL running Benford’s Law analysis on data.

This training was offerred for a limited time and has been discontinued. Free training does still exist (but not on Benford), so see my posts regarding  Free ACL Bootcamp Training and ACL Tutorials on YouTube. Also check out the most popular post on this blog, Teach Yourself ACL.

You have to have a copy of ACL (for more info, see Teach Yourself ACL), but otherwise it’s free. The group is doing a study (learning techniques?) and are offering the training for a limited time (at least until the end of February 2010).

Continue reading

4 Comments

Filed under ACL, Audit, Data Analytics, Free

My Favorite Windows Software

In Top 100 Network Security Tools and Easy Windows Scanner, I described a few Windows tools that every auditor or security analyst should know or know about. In this post, I highlight some of my other favorite Windows tools (both security and general utility software). ALL OF THEM ARE FREE.

12/26/14 Update: These are STILL my favorite programs. The only one I don’t use anymore is CutePDF Writer,  which I replaced with the FREE Sumntra PDF  Foxit Reader (I no longer recommend FOXit). But if you only want a PDF printer, CutePDF is still a great solution.

I also added 2 new tools: PSPad and File Splitter (see my links at the bottom).

Continue reading

2 Comments

Filed under Audit, Free, How to..., Security, Technology

Free Email Archiving for Dummies Ebook

Mimosa Systems, the company that created a robust email archive solution for Exchange and Sharepoint, is offering a free ebook (for Dummies) on email archiving.

The ebook describes the retention requirements that companies are subject to. If your company sells to the federal government, you especially need to be aware of these requirements. I’d also recommend reading this ebook if you thinking of moving to Exchange.

Continue reading

Leave a comment

Filed under Free, How to..., Security

Teach Yourself ACL

You can teach yourself how to use Audit Command Language (ACL), the data analytics software from www.highbond.com. ACL is used by internal auditors and others to:

Continue reading

44 Comments

Filed under ACL, Audit, Data Analytics, Free, Free Download, How to..., Scripting (ACL), Technology, Written by Skyyler

Fun CPEs for CISSPs

Don Donzal, who created www.ethicalhacker.net and ChicagoCon (link now appears defunct), lists 10 ways for CISSPs to earn CPEs (Continuing Professional Education credits) and having fun doing it. Check out his entire article here. He wrote it in 2005, but it hasn’t aged much.

NOTE: I crossed through some of the links to now-defunct sites….remember, this was written in 2009….

Continue reading

1 Comment

Filed under Free, Security