Last week I was meeting with one of our company’s Accounts Payable clerks, who told me she was not concerned about some upcoming General Ledger changes.
2 changes that were submitted by developers on her behalf.
2 changes she didn’t know anything about, so she didn’t consider them her problem.
This post is a Quote of the Weak post. For more info on these types of posts, see the Quote of the Weak topic under About.
Filed under Audit, Case Files, Quote of the Weak, Security, Security Scope
As an auditor, I am told all the time by the business that “we have a current project plan that is addressing that risk”, which implies that I shouldn’t waste everyone’s time writing up an audit issue regarding the problem.
It means that the risk isn’t as big as it appears.
Really?
Filed under Audit, Case Files, Humor/Irony, Quote of the Weak, Security
The other day I was in a meeting to discuss a new analytics project and discovered the team had no end goal.
When the discussion started with the software to be used, I knew they were already off track.
Filed under Audit, Case Files, Data Analytics, Humor/Irony, Quote of the Weak
We recently acquired a new data analysis tool in our department, which prompted some of our newbie auditors to share their misunderstanding of auditor judgment and basic data analysis.
A group of less experienced and newer auditors were selected to try out the new tool before it was rolled out department-wide.
 If you’re not familiar with my ‘Quote of the Weak’ series, I described it briefly in About. For a list of posts in this series, see here. If you haven’t seen one of these posts before, it’s because I haven’t had one in a while…
Filed under Audit, Data Analytics, Humor/Irony, Quote of the Weak, Technology
If you are in IT, audit, or security (or any other job requiring data analysis), you should NOT be cleaning data manually.
Let me share a recent experience with you….
A young IT auditor texted me at work and asked for some Active Directory user account data that I capture automatically every week, using some scheduled ACL scripts.
If you’re not familiar with my ‘Quote of the Weak’ series, I described it briefly in About. For a list of posts in this series, see here.
Filed under Audit, Case Files, Data Analytics, Excel, How to..., Quote of the Weak, Security, Technology
Over the years, I think that Skyyler and I have penned some pretty funny lines.
If you’re in the mood for some humor, read on and discover why these lines appeared in these posts.
Usually, we were making a serious point in a comical way.
Filed under Audit, Humor/Irony, Quote of the Weak, Security, Technology, Written by Skyyler
While commenting on AuditMonkey’s blog, I noted that because companies often don’t do the right thing, auditing is a noble profession.
Mainly because we can right some of those wrongs.
Then I said…
Filed under Audit, Humor/Irony, Quote of the Weak
According to the following article, the cloud is safer because the cloud data center is bigger than yours and has better fences. Oh, and passwords need to be hard to use so that others can’t use them.
Filed under Quote of the Weak, Security, Technology
I read a blog post that quoted a security professional saying, ‘culture is defined as the beliefs we accept without question.’ The blogger, also a security professional, went on to say that his goal is to generate a new security culture, a security culture that “everyone accepts and makes a natural part of their activities.”
That definitely got me going, so I left a comment that explained why I disagreed with that statement.
Filed under Quote of the Weak, Security
Here’s my take on the issues that I found with the following quote from SC Magazine (for more info, see Quote of the Weak (Securing Virtual Servers):
We don’t treat the virtualization servers any different than the physical servers when it comes to security. We treat them the same. Security is security.
Filed under Quote of the Weak, Security
Here’s one last call for comments on Quote of the Weak (Securing Virtual Servers). Be the first one to dive in. Be the first on your block.
Since no one has commented, does that mean 1) no one knows much about virtual security, 2) no one cares much about virtual security, or what? I never bite anyone’s head off.
I’ve give the topic a little more air and then I’ll explain my reaction to the quote I found.
Read it and reply here.
Don’t forget the good blog reader’s rule:
I came. I saw. I commented.
Update 9/9/10 —
I shared my thoughts and concerns in Securing Virtual Servers.
Update 10/29/10 —
Oh, I get it–you left virtual comments. Real funny.
Filed under Quote of the Weak, Security
When I read the following in SC Magazine, my brain identified and attempted to process so many issues at once that I experienced multiple memory and neural page faults and felt physical pain:
Filed under Quote of the Weak, Security
I’ve been absent from the blog lately due to a number of pressing projects, one which was rebuilding a friend’s Windows XP box after a trojan massacre (and I thought only auditors stabbed the wounded — you should have seen the legions on that box).
When I delivered the newly minted OS and applications, my friend informed me that another set of email spam was sent from her Hotmail account at 3:20 am that morning. She asked me whether I was working on the PC at the time. I told her that not only was her PC turned off at that time, it was unplugged.
Filed under Quote of the Weak, Security
I was at Menards getting ready for my new garden (see my other Menards adventure). As I was checking out, the cashier scanned a blueberry plant that was packaged in a large paper cup, with a small cluster of leaves poking out the top.
Filed under Quote of the Weak
Some people do not understand that both diamonds and the Internet are forever. I found this statement in a discussion on LinkedIn:
I am excited about 2 interviews next week even though I’m not fully qualified for either one.
Filed under Employment, Humor/Irony, Quote of the Weak, Security
Remember the quote about the “attacker’s perspective?” No one identified the issue in the original quote, but I described it in my update in the original post. Check it out.
Filed under Audit, Quote of the Weak
A colleague of mine is doing some testing for an audit director that changes her mind frequently on how to deal with audit findings. Occasionally, she is all about nailing control owners who do not have all their ducks groomed and in a row. At other times, she pushes Audit to work as hard as possible to pass all controls.
Filed under Audit, Humor/Irony, Quote of the Weak
A friend of mine heard this one and passed it on to me:
Auditors are those who get to the battlefield after the war is over and stab the wounded.
Filed under Humor/Irony, Quote of the Weak
I don’t like to pick bones with my fellow ISACAeans, but when I saw this in the Journal recently, I had to react. Can you pick out the problem?
Filed under Audit, Quote of the Weak
During the Olympics, an advertisement for a medication for treating major depressive disorder (MDD) caught my attention. It aired appropriately after I became depressed that Apollo Ohno was disqualified in the speed skating short track:
Filed under Audit, Humor/Irony, Quote of the Weak
While I realize many bloggers do “Quote of the Week,” it was Audit Monkey who gave me the idea. Here’s my very first quote:
Who uses special characters in passwords? Nobody does that.
Filed under Quote of the Weak, Security
ITauditSecurity 