A group of less experienced and newer auditors were selected to try out the new tool before it was rolled out department-wide.
Category Archives: Quote of the Weak
Let me share a recent experience with you….
A young IT auditor texted me at work and asked for some Active Directory user account data that I capture automatically every week, using some scheduled ACL scripts.
Over the years, I think that Skyyler and I have penned some pretty funny lines.
If you’re in the mood for some humor, read on and discover why these lines appeared in these posts.
Usually, we were making a serious point in a comical way.
While commenting on AuditMonkey’s blog, I noted that because companies often don’t do the right thing, auditing is a noble profession.
Mainly because we can right some of those wrongs.
Then I said…
According to the following article, the cloud is safer because the cloud data center is bigger than yours and has better fences. Oh, and passwords need to be hard to use so that others can’t use them.
I read a blog post that quoted a security professional saying, ‘culture is defined as the beliefs we accept without question.’ The blogger, also a security professional, went on to say that his goal is to generate a new security culture, a security culture that “everyone accepts and makes a natural part of their activities.”
That definitely got me going, so I left a comment that explained why I disagreed with that statement.
Here’s my take on the issues that I found with the following quote from SC Magazine (for more info, see Quote of the Weak (Securing Virtual Servers):
We don’t treat the virtualization servers any different than the physical servers when it comes to security. We treat them the same. Security is security.
Here’s one last call for comments on Quote of the Weak (Securing Virtual Servers). Be the first one to dive in. Be the first on your block.
Since no one has commented, does that mean 1) no one knows much about virtual security, 2) no one cares much about virtual security, or what? I never bite anyone’s head off.
I’ve give the topic a little more air and then I’ll explain my reaction to the quote I found.
Read it and reply here.
Don’t forget the good blog reader’s rule:
I came. I saw. I commented.
Update 9/9/10 —
I shared my thoughts and concerns in Securing Virtual Servers.
Update 10/29/10 —
Oh, I get it–you left virtual comments. Real funny.
When I read the following in SC Magazine, my brain identified and attempted to process so many issues at once that I experienced multiple memory and neural page faults and felt physical pain:
I’ve been absent from the blog lately due to a number of pressing projects, one which was rebuilding a friend’s Windows XP box after a trojan massacre (and I thought only auditors stabbed the wounded — you should have seen the legions on that box).
When I delivered the newly minted OS and applications, my friend informed me that another set of email spam was sent from her Hotmail account at 3:20 am that morning. She asked me whether I was working on the PC at the time. I told her that not only was her PC turned off at that time, it was unplugged.
Remember the quote about the “attacker’s perspective?” No one identified the issue in the original quote, but I described it in my update in the original post. Check it out.
A colleague of mine is doing some testing for an audit director that changes her mind frequently on how to deal with audit findings. Occasionally, she is all about nailing control owners who do not have all their ducks groomed and in a row. At other times, she pushes Audit to work as hard as possible to pass all controls.
A friend of mine heard this one and passed it on to me:
Auditors are those who get to the battlefield after the war is over and stab the wounded.
During the Olympics, an advertisement for a medication for treating major depressive disorder (MDD) caught my attention. It aired appropriately after I became depressed that Apollo Ohno was disqualified in the speed skating short track: