Here’s my list of IT/security basics that I think IT auditors ought to know. If you can’t understand and audit these items, you do not know enough about technology to avoid having the wool pulled over your irises (not matter how good an auditor you are). The list is in no particular order.
If you’re a CISA or CISSP and you don’t know the following, I think you have some work to do.
Continue reading →
Like this:
Like Loading...
Filed under Audit, How to..., Security, Technology
Tagged as active directory, Audit, complexity, database, DHCP, DNS, IP, know, password, permissions, ping, printer, share, URL, whack, wireless, WPA
While I realize many bloggers do “Quote of the Week,” it was Audit Monkey who gave me the idea. Here’s my very first quote:
Who uses special characters in passwords? Nobody does that.
Continue reading →
Like this:
Like Loading...
The lead security study group (group 17) from the International Telecommunication Union provides a paper containing general suggestions for writing secure applications. In the paper, each item is hyperlinked to additional information.
Continue reading →
Like this:
Like Loading...
Filed under Security
Tagged as algorithm, application, boundary condition, buffer overflow, business, change management, code, complexity, cryptography, digital certificate, fuzzer, International Telcommunication Union, ITU, program, resource allocation, secure, Security, software, telecommunication, testing, vulnerabi, vulnerability
ITauditSecurity 