Here’s a look back at the most popular blog posts of 2021 according to the number of times readers opened those posts. It’s been a long time since I’ve done a best blogs post…
Some of these posts are oldies, and yet they are still pulling in plenty of traffic. Check out the list, and see if you missed any of them, especially new readers.
Filed under ACL, Audit, Blogging, Certification, Data Analytics, Employment, Excel, Free, Free Download, How to..., Security, Technology
Quiz yourself to discover how much you know about fraud investigations.
While you may not be tasked with leading an investigation, you might need to work with those working on such an investigation. Either way, do you know the basics?
This quick, 5-question quiz from the Journal of Accountancy will indicate what you know AND what you don’t. And whether you get each answer right or wrong, the answers provide additional information. Continue reading
If you’re a new IT auditor or want to become one, I’ve listed a number of my earlier posts for your consideration. If you’re an experienced auditor, here’s an overview of the profession through my eyes.
These posts will:
If you start at the top and read through each post, you’ll get a good taste of the positives and negatives of IT auditing. Since you can’t do it in one sitting, you could bookmark the list and work your way through it as you have time.
Filed under Audit, Certification, Employment, Excel, Free, How to..., Humor/Irony, Technology
If you’re looking for a way to safely check URLs for bad content, Lenny Zeltser had a great list of free online tools for you.
Filed under Free, How to..., Security, Technology
If you’re looking for FREE practice questions for the CISA exam, I found a good resource.
The site provides over 900 questions for you to test yourself.
Filed under Audit
Several of my friends passed the CISSP exam recently, and told me that it isn’t as technical as I told them it would be.
They said it was more of a security manager certification.
Filed under Certification, Security
ISC2, the organization that awards the CISSP certification, provides 1 FREE webcast about the 10 CISSP security domains, as well as several FREE webcasts about the CISSP concentrations.
Filed under Certification, Security
I just found some more FREE CISSP review material and practice exams. One exam is 100 questions, the other 250.
Filed under Certification, Free, Free Download, Security
In case you missed it, ACL released the next version of their Acerno product, renamed it ACL Excel Add-in, and made it FREE! 2021 UPDATE – it doesn’t look like it’s free any more; requires ACL subscription.
UPDATE – I’m guessing that since this product never caught on, they only give it away to subscribers – go figure.
So I thought I’d update my review.
For my original review of Acerno, see A Review of ACL Acerno. It still seems that I’m the only one who ever took the time to review the product (versus marketing blurbs, which are all over the ‘net), which appears to be a statement regarding its popularity.
Despite the poor popularity, since they updated it AND made it free, I decided to dive in for another look.
Note: This add-in is not just for auditors! Any one who regularly reviews data should consider using this simple, EASY-to-use software.
Please take the new & improved poll at the bottom of this post (also free).
Filed under ACL, Audit, Data Analytics, Excel, Free, Free Download
Frank Abagnale, the real-life con artist depicted in the Catch Me if You Can movie, talks about his life as a fraudster in a free video.
Back in the 1960s, Abagnale posed as an Pan Am airline pilot, a pediatrician, an FBI agent, and a lawyer. He was a master at conning people and passing bad checks. He even conned his dad (see ‘First Con’ heading).
If you’re planning to take the CISA exam, you need to take ISACA‘s own CISA Self-Assessment exam (get it here).
The exam consists of 50 questions that allow exam candidates to “assess their knowledge of the CISA job practice areas and determine in which information security areas they may have strengths and weaknesses.”
Filed under Audit, Certification, Free, Security
Creating scripts (and editing them) is not as hard as many of you believe them to be.
Sure, it takes practice and time to learn the basics, but YOU can do it.
If you don’t learn scripting, you are NOT using ACL to it’s fullest, nor are you making the best use of your time.
Filed under ACL, Data Analytics, Free, Free Download, Scripting (ACL), Written by Skyyler
Filed under Audit, Free, Free Download, Security
ISACA has a free glossary of IT, audit, and security terms that is not only helpful in studying for the CISA exam, but is a good reference guide for new and experienced auditors.
Filed under Audit, Free, Security, Technology
PSPad is a great text editor and search tool, so by default, it’s a great audit tool, and it’s free. It can also handle a million lines of text–literally. Are you interested yet? It is also a great file diff/compare tool I’ve ever seen.
PSPad works with text files, such as those ending in TXT or CSV, or any text-based file (like an ini file). It works with DOC files too.
I’ll explain how to do the following with PSPad:
The Taddong Security Blog has a great list of vulnerable web applications you can play with to learn and test your web hacking knowledge and pen-testing tools, handcuffs not included. In other words, you can enter and stay at the playground without going to jail.
Some of them you download and install on your own systems, some of them you run as virtual machines (VMs) or ISOs on your systems, and others are available on the web for your malfeasance pleasure.
We all know that LinkedIn was hacked and lost at least 6.5 million hashed passwords, or at least that’s how many were was posted. Besides changing passwords, is anyone thinking about their LinkedIn lock-down/security settings? What about other social media? See further below instructions for locking down LinkedIn, Facebook, Twitter, and Google+.
When I was studying for the CISA, I created a 40-page study guide for myself that you can download for free.
If you decide to use it, here’s a couple points to keep in mind:
Filed under Audit, Certification, Free, Technology
Free ACL tutorials are available on YouTube, along with a lot of videos with talking heads. The tutorials walk you through how to do a couple tests, but I found the video resolution to be rather poor. Maybe it’s my equipment, maybe it’s the result of a company trying to adapt some tutorials they already have to another delivery method.
Filed under ACL, Data Analytics, Free, How to...
ACL is offering FREE training as part of their bootcamp series, which started in September 2011. The training consists of a video presentation that includes ACL demos. The best part is that you do NOT have to be a current ACL customer or even have a copy of ACL.
The purpose of the series, according to ACL, is to teach basic skills and deal with common problems that ACL users encounter. Each session lasts about 30-40 minutes, followed by a Q&A session. The bootcamp is led by Shane Grimm (see his blog comment here).
Filed under ACL, Audit, Data Analytics, Free
If you want to learn about web hacking, Security Monkey* highlights 2 videos and 2 books on the subject. The videos are very basic and over an hour long, and are free for the viewing.
The videos were presented by Dan Guido at Polytechnic Institute of New York University, a private technology university in Brooklyn, New York.
Filed under Free, Security, Technology
If you’re looking for FREE audit work plans, AuditNet.org is probably your best bet.
You can get a free account that allows you to access a limited number of work plans, usually basic ones. A premium account gives you access to all content . See their Subscription Plans for more info, and note that they call work plans ‘audit templates’.
If you have an ACL support agreement, you may be able to access AuditNet for FREE!
Last time I looked, over 100 work plans were free, and a total of 2600 were available.
Shon Harris is offering FREE Certified Ethical Hacking (CEH) videos for online viewing. According to Harris, all the videos together are over 25 hours long.
The videos are listed below and can be viewed at www.logicalsecurity.com/resources/resources_videos.html.
So what’s the catch? Make sure you read this entire post before you leap!
In case you missed it, the Internet Storm Center had a great post the other day, asking readers:
Here’s another one. Register and download from Qualys here.
Other free Dummies books.
Getting ready to take the CISA, CISM, CISSP, CIA, PMP, MCSE, or other certification exams? Here’s what you need to do to pass those tests:
Filed under Audit, Certification, How to..., Security, Technology
Matasano Security has released an upgrade to Flint, a FREE web application that examines firewall configurations. “Flint examines firewalls, quickly computes the effect of all the configuration rules, and then spots problems.”
According to Matasano, once you upload a firewall configuration, Flint:
Ready for another free Dummies ebook? Now you can register for and download a free copy of Data Backup Dummies.
According to i365 (formerly EVault), the ebook describes how to:
If you hurry (limited time offer), you can register for and download a free copy of Data Leakage for Dummies from Sophos.
What does it take to get started in information security? Can you teach yourself security?
This field requires you to understand how PCs, mobile devices, applications, servers, protocols, and networks operate. It helps to have a lot of curiosity and a good sense of where trouble lurks. And don’t forget Unix/Linux (more on that later).
I started as a PC support guy, became a server administrator, managed a network, and then became a security analyst. For me, it was a natural progression, but that’s the “old school” way of doing it. Security training was scarce, and there were few to no institutions offering training specific to that area. Also, the internet was still growing, and there were few security websites or blogs to learn from.
In Top 100 Network Security Tools and Easy Windows Scanner, I described a few Windows tools that every auditor or security analyst should know or know about. In this post, I highlight some of my other favorite Windows tools (both security and general utility software). ALL OF THEM ARE FREE.
12/26/14 Update: These are STILL my favorite programs. The only one I don’t use anymore is CutePDF Writer, which I replaced with the FREE Sumntra PDF
Foxit Reader (I no longer recommend FOXit). But if you only want a PDF printer, CutePDF is still a great solution.I also added 2 new tools: PSPad and File Splitter (see my links at the bottom).
Filed under Audit, Free, How to..., Security, Technology
Mimosa Systems, the company that created a robust email archive solution for Exchange and Sharepoint, is offering a free ebook (for Dummies) on email archiving.
The ebook describes the retention requirements that companies are subject to. If your company sells to the federal government, you especially need to be aware of these requirements. I’d also recommend reading this ebook if you thinking of moving to Exchange.
You can teach yourself how to use Audit Command Language (ACL), the data analytics software from www.highbond.com. ACL is used by internal auditors and others to:
Filed under ACL, Audit, Data Analytics, Free, Free Download, How to..., Scripting (ACL), Technology, Written by Skyyler
Don Donzal, who created www.ethicalhacker.net and ChicagoCon (link now appears defunct), lists 10 ways for CISSPs to earn CPEs (Continuing Professional Education credits) and having fun doing it. Check out his entire article here. He wrote it in 2005, but it hasn’t aged much.
NOTE: I crossed through some of the links to now-defunct sites….remember, this was written in 2009….
ITauditSecurity 