New IT Auditors Should Start Here

If you’re a new IT auditor or want to become one, I’ve listed a number of my earlier posts for your consideration. If you’re an experienced auditor, here’s an overview of the profession through my eyes.

These posts will:

1. Provide basic information regarding IT audit and security and links to other sources.
2. Help you avoid some of the hidden pitfalls that control owners and auditors face.
3. Give you ideas and approaches for some common and uncommon audits.
4. Give you a few chuckles.

If you start at the top and read through each post, you’ll get a good taste of the positives and negatives of IT auditing. Since you can’t do it in one sitting, you could bookmark the list and work your way through it as you have time.

Continue reading →

The Simplest, Cheapest, and Most Effective Disaster Recovery Plan Ever

About a decade ago, I personally witnessed the handover of the simplest, cheapest, and most effective disaster recover plan ever.

Let me first give you a little background….

I worked for a great IT director, who moved to another company, much bigger, and brought me with him.

In the new company, he again was responsible for all IT, and he brought me along to manage security and disaster recovery.

If I named this company, at least 25% of you would recognize it, even those of you around the world–true story, too.

Continue reading →

Mack Falls Prey to Phishing Email

It finally happened: I fell prey to a phishing email.

I actually clicked a link.

At work, no less. Not good.

Continue reading →

Dilbert Does Big Data

If you like Dilbert cartoons or big data, you might enjoy Dilbert’s adventures in data analysis, data mining, data privacy, security, and dealing with a dumb manager.

Continue reading →

How to Describe What an IT Auditor Does?

If you’re an IT auditor, how do you describe your job to those who don’t understand technology or auditing? Even more interesting, how do others describe your activities?

Here’s what I say, but I’m not satisfied with it:

I review computer systems and networks to determine whether they are secure and that access to those systems is limited to the appropriate people.

I review the policies and procedures that describe how those systems are used and determine whether those documents make sense, are up-t0-date, and are followed.

Continue reading →

Quotes of the Weak (NOT)

Over the years, I think that Skyyler and I have penned some pretty funny lines.

If you’re in the mood for some humor, read on and discover why these lines appeared in these posts.

Usually, we were making a serious point in a comical way.

Continue reading →

SONY stored Passwords in Password Directory

And in unprotected documents.

Lots of passwords. Lots of documents. Lots of easy access.

Continue reading →