Tag Archives: encryption

Don’t Use GRC app to do Workpapers!

eat internal audit dog foodI consulted with a company that implemented a new GRC package, and unfortunately they are using an application designed for GRC to do audit workpapers.

That wasn’t the only move that was questionable…

Continue reading

11 Comments

Filed under Audit, Security, Security Scout, Technology

Twitter Hacked Again, Change Password

Twitter hacked againTwitter said that it was hacked again on Friday, 2/1/13, and attackers gained access to 250,000 accounts and passwords.

Twitter says the passwords were encrypted, the intrusion was limited, and and everyone’s taxes are going down soon (okay, I was kidding about the last one). It’s always hard to sort out what is true and how much of the truth is told, so regardless of what Twitter says, change your password.

Continue reading

1 Comment

Filed under Security

Teach Yourself Security

What does it take to get started in information security? Can you teach yourself security?

This field requires you to understand how PCs, mobile devices, applications, servers, protocols, and networks operate. It helps to have a lot of curiosity and a good sense of where trouble lurks. And don’t forget Unix/Linux (more on that later).

I started as a PC support guy, became a server administrator, managed a network, and then became a security analyst. For me, it was a natural progression, but that’s the “old school” way of doing it. Security training was scarce, and there were few to no institutions offering training specific to that area. Also, the internet was still growing, and there were few security websites or blogs to learn from.

Continue reading

1 Comment

Filed under How to..., Security

My Favorite Windows Software

In Top 100 Network Security Tools and Easy Windows Scanner, I described a few Windows tools that every auditor or security analyst should know or know about. In this post, I highlight some of my other favorite Windows tools (both security and general utility software). ALL OF THEM ARE FREE.

12/26/14 Update: These are STILL my favorite programs. The only one I don’t use anymore is CutePDF Writer,  which I replaced with the FREE Sumntra PDF  Foxit Reader (I no longer recommend FOXit). But if you only want a PDF printer, CutePDF is still a great solution.

I also added 2 new tools: PSPad and File Splitter (see my links at the bottom).

Continue reading

2 Comments

Filed under Audit, Free, How to..., Security, Technology

How to do an Easy Server Share Audit

Okay, so you’re not up to a wastebasket audit? Too demeaning, too sneaky, too many sticky candy wrappers? How about a simple server share audit?

Many companies have shared drives, and then they have “over-shared” drives, those locations where anyone who needs a space to store files that they share with a couple departments. Or perhaps your company just doesn’t lock their shares according to the least privilege principle.

Continue reading

1 Comment

Filed under Audit, How to...

IT Security Pioneers

SC Magazine had a good article back in November (I am a bit behind in my reading and my blogging) about industry pioneers in IT security. Listed below are quotes by a select few of the people the mag profiled. If you find their quotes interesting, or you are not familiar with them, I suggest you check out the article and perhaps do some extra reading about some of them.

I thought cryptography was a technique that did not require your trusting other people…” – Whitfield Diffie

Continue reading

Leave a comment

Filed under Security