A lot of company data is lying around unprotected, making it very easy to steal. No, I’m not talking about picking up other people’s documents at the printer. Stealing printouts isn’t hard, but it can be risky, especially if the printer is a busy one. Besides, it has 2 other problems:
- Your chances of picking up confidential data are low at any given time.
- The person will look for the printout and wonder what happened to it.
There’s a much better way that is fast, easy, simple, raises no suspicion, and is basically impossible to detect, if you do it correctly. Can you think of what it is?
I recently found a Sarbanes-Oxley (SOX) Space Lazer (sic) on a network security diagram. No kidding. The following items also appeared:
- Interstate 495
- Wang 5000
- Peanut butter
- Printer of evil
- Gene Hackman
- Automated Retirement Party Flyer Generation Appliance
Here’s my list of IT/security basics that I think IT auditors ought to know. If you can’t understand and audit these items, you do not know enough about technology to avoid having the wool pulled over your irises (not matter how good an auditor you are). The list is in no particular order.
If you’re a CISA or CISSP and you don’t know the following, I think you have some work to do.