Test how much you know about automation technologies by taking the job automation quiz at Financial Management magazine.
Category Archives: Free
While you may not be tasked with leading an investigation, you might need to work with those working on such an investigation. Either way, do you know the basics?
This quick, 5-question quiz from the Journal of Accountancy will indicate what you know AND what you don’t. And whether you get each answer right or wrong, the answers provide additional information. Continue reading
If you are NOT an auditor, and you don’t use PowerPivot, you’re in the same boat with the auditors mentioned above, and it is sinking.
In other words, if you use Excel, you should be learning Excel PowerPivot. It’s that big.
Let me explain why.
NOTE: I updated this post quite a bit with new info…
Or put another way, if you don’t acquire them in the next 1-5 years, you will no longer be an auditor.
Pretty bold statement, isn’t it?
If you’re a new IT auditor or want to become one, I’ve listed a number of my earlier posts for your consideration. If you’re an experienced auditor, here’s an overview of the profession through my eyes.
These posts will:
- Provide basic information regarding IT audit and security and links to other sources.
- Help you avoid some of the hidden pitfalls that control owners and auditors face.
- Give you ideas and approaches for some common and uncommon audits.
- Give you a few chuckles.
If you start at the top and read through each post, you’ll get a good taste of the positives and negatives of IT auditing. Since you can’t do it in one sitting, you could bookmark the list and work your way through it as you have time.
As I add more posts to the series, I’ll update this list.
I created this series because:
1) I often get asked by new AND EXPERIENCED auditors how to do these tasks,
2) when I review workpapers, I realize too many auditors are not aware of these functions,
I just found some more FREE CISSP review material and practice exams. One exam is 100 questions, the other 250.
Back in the 1960s, Abagnale posed as an Pan Am airline pilot, a pediatrician, an FBI agent, and a lawyer. He was a master at conning people and passing bad checks. He even conned his dad (see ‘First Con’ heading).
If you’re planning to take the CISA exam, you need to take ISACA‘s own CISA Self-Assessment exam (get it here).
The exam consists of 50 questions that allow exam candidates to “assess their knowledge of the CISA job practice areas and determine in which information security areas they may have strengths and weaknesses.”
Creating scripts (and editing them) is not as hard as many of you believe them to be.
Sure, it takes practice and time to learn the basics, but YOU can do it.
If you don’t learn scripting, you are NOT using ACL to it’s fullest, nor are you making the best use of your time.
- Basics of Web
- Basics of HTTP
- Detection of common web vulnerabilities:
- Basics of fingerprinting
- and more! (like Linux Host Review)
If you’ve been wondering how to add a computed field to an existing ACL table, you’re at the right place. I’ll take you through it step-by-step.
In ACL tip: What is a Computed Field?, I defined computed fields and provided 2 examples. I suggest you read that post before you dive into this one.
That post also explains expressions and functions, which you need to understand when creating computed fields. Both that post and this one are long ones, complete with graphics. You might want to print them both out first…
In this post, I’ll show you how to add the c_Region field that is described in the computed field post. It’s not as hard as it looks.
PSPad is a great text editor and search tool, so by default, it’s a great audit tool, and it’s free. It can also handle a million lines of text–literally. Are you interested yet? It is also a great file diff/compare tool I’ve ever seen.
PSPad works with text files, such as those ending in TXT or CSV, or any text-based file (like an ini file). It works with DOC files too.
I’ll explain how to do the following with PSPad:
- Search a file (find all lines containing X)
- List all occurrences/matches of a search term
- Export a list of occurrences
- Compare 2 documents (diff)
- Download & install PSPad
The Taddong Security Blog has a great list of vulnerable web applications you can play with to learn and test your web hacking knowledge and pen-testing tools, handcuffs not included. In other words, you can enter and stay at the playground without going to jail.
Some of them you download and install on your own systems, some of them you run as virtual machines (VMs) or ISOs on your systems, and others are available on the web for your malfeasance pleasure.
If you decide to use it, here’s a couple points to keep in mind:
Free ACL tutorials are available on YouTube, along with a lot of videos with talking heads. The tutorials walk you through how to do a couple tests, but I found the video resolution to be rather poor. Maybe it’s my equipment, maybe it’s the result of a company trying to adapt some tutorials they already have to another delivery method.
ACL is offering FREE training as part of their bootcamp series, which started in September 2011. The training consists of a video presentation that includes ACL demos. The best part is that you do NOT have to be a current ACL customer or even have a copy of ACL.
The purpose of the series, according to ACL, is to teach basic skills and deal with common problems that ACL users encounter. Each session lasts about 30-40 minutes, followed by a Q&A session. The bootcamp is led by Shane Grimm (see his blog comment here).
If you want to learn about web hacking, Security Monkey* highlights 2 videos and 2 books on the subject. The videos are very basic and over an hour long, and are free for the viewing.
If you’re looking for FREE audit work plans, AuditNet.org is probably your best bet.
You can get a free account that allows you to access a limited number of work plans, usually basic ones. A premium account gives you access to all content . See their Subscription Plans for more info, and note that they call work plans ‘audit templates’.
If you have an ACL support agreement, you may be able to access AuditNet for FREE!
Last time I looked, over 100 work plans were free, and a total of 2600 were available.
The videos are listed below and can be viewed at www.logicalsecurity.com/resources/resources_videos.html.
So what’s the catch? Make sure you read this entire post before you leap!
In case you missed it, the Internet Storm Center had a great post the other day, asking readers:
Lenny Zeltser not only created some great security cheatsheets, he compiled a list of some good reference guides developed by others.
Why should you trust his FREE cheatsheets? Lenny leads a security consulting practice, teaches malware analysis, explores security topics at conferences and in articles, and volunteers as an incident handler at the Internet Storm Center.
So whether you want to learn more about specific security practices or just have a quick reference, you’ll want these cheatsheets.
Matasano Security has released an upgrade to Flint, a FREE web application that examines firewall configurations. “Flint examines firewalls, quickly computes the effect of all the configuration rules, and then spots problems.”
According to Matasano, once you upload a firewall configuration, Flint:
Ready for another free Dummies ebook? Now you can register for and download a free copy of Data Backup Dummies.
According to i365 (formerly EVault), the ebook describes how to:
If you hurry (limited time offer), you can register for and download a free copy of Data Leakage for Dummies from Sophos.
I found a website where a group from the Business School of the University of Colorado Denver is offering free online training for ACL running Benford’s Law analysis on data.
This training was offerred for a limited time and has been discontinued. Free training does still exist (but not on Benford), so see my posts regarding Free ACL Bootcamp Training and ACL Tutorials on YouTube. Also check out the most popular post on this blog, Teach Yourself ACL.
You have to have a copy of ACL (for more info, see Teach Yourself ACL), but otherwise it’s free. The group is doing a study (learning techniques?) and are offering the training for a limited time (at least until the end of February 2010).
In Top 100 Network Security Tools and Easy Windows Scanner, I described a few Windows tools that every auditor or security analyst should know or know about. In this post, I highlight some of my other favorite Windows tools (both security and general utility software). ALL OF THEM ARE FREE.
12/26/14 Update: These are STILL my favorite programs. The only one I don’t use anymore is CutePDF Writer, which I replaced with the FREE Sumntra PDF
Foxit Reader (I no longer recommend FOXit). But if you only want a PDF printer, CutePDF is still a great solution.
I also added 2 new tools: PSPad and File Splitter (see my links at the bottom).
Mimosa Systems, the company that created a robust email archive solution for Exchange and Sharepoint, is offering a free ebook (for Dummies) on email archiving.
The ebook describes the retention requirements that companies are subject to. If your company sells to the federal government, you especially need to be aware of these requirements. I’d also recommend reading this ebook if you thinking of moving to Exchange.