Why a Wastebasket Audit?

Most auditors and security analysts have never performed a wastebasket audit. Why do a trashcan audit?

Continue reading →

What Needs to be on a GOOJ Card?

If you probe networks, systems, and applications, you need a GOOJ card to protect yourself and your job.

In How to Stay Out of Jail, I recommended that anyone who scans, probes, or pokes networks, systems, or devices should always carry a get-out-of-jail (GOOJ) card. I also provided some reasons why such a card is critical.

Continue reading →

How to Stay Out of Jail

If you work in information security or IT audit (and I don’t mean IT SOX audit), I’d advise you to carry a “get-out-of-jail” (GOOJ) card at all times. In short, get permission before you do your dirty work.

Continue reading →

Security Awareness Perfect 7

Audry Agle, a former CISO, offers 7 practical ideas for increasing security awareness below. I’ve summarized some of the points and added comments of my own in italics:

1. Appeal to personal lives – Helping people deal with security issues at home tells them you care about THEM, not just company systems and data.

Continue reading →

Another One’s Treasure

Is it really true that one person’s trash is another person’s cash or treasure? It depends. When was the last time a trash can near you contained anything like this?

Continue reading →