New IT Auditors Should Start Here

If you’re a new IT auditor or want to become one, I’ve listed a number of my earlier posts for your consideration. If you’re an experienced auditor, here’s an overview of the profession through my eyes.

These posts will:

1. Provide basic information regarding IT audit and security and links to other sources.
2. Help you avoid some of the hidden pitfalls that control owners and auditors face.
3. Give you ideas and approaches for some common and uncommon audits.
4. Give you a few chuckles.

If you start at the top and read through each post, you’ll get a good taste of the positives and negatives of IT auditing. Since you can’t do it in one sitting, you could bookmark the list and work your way through it as you have time.

Continue reading →

Application Hacking Playground

The Taddong Security Blog has a great list of vulnerable web applications you can play with to learn and test your web hacking knowledge and pen-testing tools, handcuffs not included. In other words, you can enter and stay at the playground without going to jail.

Some of them you download and install on your own systems, some of them you run as virtual machines (VMs) or ISOs on your systems, and others are available on the web for your malfeasance pleasure.

Continue reading →

Master List of ACL Articles and Tips

To make these posts easier to find (and link to), here’s a list of all the ACL posts on this blog in alphabetical order, and by most popular.
I’ll add other posts as they are written.

Continue reading →

Convert Report Headings into List

Occasionally you might need to convert the headings from an Microsoft Excel spreadsheet (which are horizontal) into a list (which is vertical) so you can email it to someone or include the list in documentation.

You don’t need to retype the list or even cut and paste each heading, cell by cell. My method takes a few steps, but I think it’s a lot faster and certainly more accurate. It also works with other applications than Excel. (You can also use the same method to copy a horizontal row of cell values into a vertical row (convert a row into a column), but more on that later.)

Update: Actually, I found a MUCH easier way to do it–convert rows into columns and vice versa. See these simple instructions at http://www.howtogeek.com/howto/12366/convert-a-row-to-a-column-in-excel-the-easy-way/ Continue reading →

Audit Tips for the New Year

Here’s a couple tips for making your IT audits a bit easier in the new year.

First, for those systems that don’t record the creation or deletion date of user accounts (or folders, permissions, or whatever), get a list of all accounts from IT in January. Then when you do the audit later in the year, get a new list and compare it with the January list. The new and deleted accounts will jump out at you.

Continue reading →

7 Cloud Computing Pet Peeves

Neil MacDonald’s 7 pet peeves about cloud computing is not your usual rant list. He makes some great points in very few words.

Read the article here and let me know what you think.

Leave a comment.

Risk: Look Both Ways

On my walk to work, I cross a lot of 1-way streets. I always look both ways. Sometimes, when a friend or colleague is walking with me, I get teased me about this. I always reply with this question: Have you ever driven down a 1-way street the wrong way? For some reason, I never get a reply and another subject surfaces.

When I crossed one of those streets the other day, I realized that some people look at audit/security/risk the same way. They only look one way because of the people or rules or controls or norms that govern the activity. They fail to think outside of the cubicle and look the other way–the path seldom traveled.

Continue reading →