About a month ago, I received a letter saying that I could save a lot of money on my 15-year mortgage. It gave my current rate, the rate I could get if I refinanced, and the amount of the new payment.
Tag Archives: failure
Now I understand the purpose of SharePoint and company intranets is to share data, but even then, some data should be restricted to a limited number of people.
So I decided to check (before doing things like this, you better know How to Stay Out of Jail).
In my last post, I described Why Internal Auditors Should Care about Robotic Process Automation.
That might seem like a strange question, but a few managers and a VP have asked me just that recently. Here’s how I’ve answered it.
AuditMonkey has written about the Royal Bank of Scotland’s change management troubles.
Occasionally, I am wrong.
In my previous post, I described a data center failure that I discovered as the newly hired security manager of a prominent company.
In this post, I describe my next adventure.
NOTE: Some of the details below were changed a bit to protect the guilty. I tweaked their noses enough. :)
When I arrived at this company, it had no security department. Few security processes. Little security.
And the company also made two interesting mistakes when it hired me.
My friend lives in an upscale, assisted living facility and recently had thousands of dollars withdrawn from her accounts via ATM.
When the sprinkler system caused an interruption of the Miami-Seattle NFL game on Sunday, November 25, no one called it a hack. Neither am I.
But if you heard about the event prior to reading this, did it cross your mind that it could have been a hack? What about other unusual events?
If not, and you’re an IT auditor or a security pro, you should at least consider such things, at least briefly. If not, you might want to check your professional skepticism sensor.
Minutes later, one of the security techs met me at Lynn’s cube with a box that we quickly filled with the contents of her desk: files, CDs, DVDs, notedpads, books, etc. The other help desk analysts in adjacent cubes looked at us with silent questions on their faces.
I noticed that one of them was a new employee that had attended my security presentation in employee orientation last week, so he knew who I was. That meant rumors would spread quickly. While I never enjoyed walkouts, they reminded the staff that security incidents have consequences.
Others on my team had already imaged the old computer and had started imaging the new one across the network as soon as my meeting with Lynn began (by design, she was not told of the meeting beforehand). Both images would be sent off to the Forensics team.
I wonder sometimes how many controls fail due to personal issues instead of design and performance issues. In other words, do controls fail more because of communication, turf, and personal issues or is it that the control is poorly designed or not performed?