Most auditors and security analysts have never performed a wastebasket audit. Why do a trashcan audit?
Continue reading →
Like this:
Like Loading...
Filed under Audit, How to..., Security
Tagged as audit charter, audit monkey, copy room, dumpster diving, fraud, GOOJ, print room, privacy issue, recycle bin, Security, trashcan, visitor, waste of time, wastebasket audit
If you probe networks, systems, and applications, you need a GOOJ card to protect yourself and your job.
In How to Stay Out of Jail, I recommended that anyone who scans, probes, or pokes networks, systems, or devices should always carry a get-out-of-jail (GOOJ) card. I also provided some reasons why such a card is critical.
Continue reading →
Like this:
Like Loading...
Filed under Audit, How to..., Security, Technology
Tagged as administrative access, application, audit committee, configuration, cracking, dumpster diving, encryption, exploits, forced entry, GOOJ, impersonation, investigations, logging, monitoring, network, probe, scanner, Security, sniffer, social engineering, system, tools, vulnerabilities, weaknesses
If you work in information security or IT audit (and I don’t mean IT SOX audit), I’d advise you to carry a “get-out-of-jail” (GOOJ) card at all times. In short, get permission before you do your dirty work.
Continue reading →
Like this:
Like Loading...
Filed under Audit, Security
Tagged as assessment, dumpster diving, get-out-of-jail, GOOJ, hacking, pentesting, scanning, security configuration, sql injection, stay out of jail, tools, vulnerability
Audry Agle, a former CISO, offers 7 practical ideas for increasing security awareness below. I’ve summarized some of the points and added comments of my own in italics:
1. Appeal to personal lives – Helping people deal with security issues at home tells them you care about THEM, not just company systems and data.
Continue reading →
Like this:
Like Loading...
Filed under Security
Tagged as audry agle, celebrate security, clean desk, dumpster diving, intranet, marcus ranum, most popular security questions, newsletter, orientation program, personal security, Security, security awareness, stupid questions, tone at the top, training, wall of shame
Is it really true that one person’s trash is another person’s cash or treasure? It depends. When was the last time a trash can near you contained anything like this?
Continue reading →
Like this:
Like Loading...
Filed under Security, Security Scope, Written by Skyyler
Tagged as cash, cicrular file, confidential, dumpster diving, fun, laid off, layoff, post-it notes, Security, Security Scope, sensitive, shredder, social security, SSN, trash can, treasure, vulnerability, waste basket
ITauditSecurity 