At a company I worked at recently, I ran across a Sharepoint site and wondered whether I could download data that I wasn’t supposed to see.
Now I understand the purpose of SharePoint and company intranets is to share data, but even then, some data should be restricted to a limited number of people.
So I decided to check (before doing things like this, you better know How to Stay Out of Jail).
If you’re looking for an IT Audit job, here’s how to use LinkedIn to get noticed.
In a nutshell, you need to enhance your LinkedIn profile so that everyone knows you’re working hard at learning IT auditor skills.
If you’re already working as an IT auditor, use these suggestions to get noticed more and move ahead (or into another company with more opportunities).
Have you been following the “Optimizing Script Performance” series on the ACL Blog? aclkevin has been offering some great tips.
In case you missed them:
PSPad is a great text editor and search tool, so by default, it’s a great audit tool, and it’s free. It can also handle a million lines of text–literally. Are you interested yet? It is also a great file diff/compare tool I’ve ever seen.
PSPad works with text files, such as those ending in TXT or CSV, or any text-based file (like an ini file). It works with DOC files too.
I’ll explain how to do the following with PSPad:
- Search a file (find all lines containing X)
- List all occurrences/matches of a search term
- Export a list of occurrences
- Compare 2 documents (diff)
- Download & install PSPad
I recently downloaded the contents of a Lotus Notes Domino database to Excel without any access to the database. If you’ll recall, I do audit consulting, and was performing an audit at a Fortune 100 company.
A while back when I worked in IT security, an internal attacker popped up on our radar…
I answered the phone and heard a tech from the anti-malware team say, “I think we have a problem, Mack. Got some time to come down and see what I found?”
Here’s a couple tips for making your IT audits a bit easier in the new year.
First, for those systems that don’t record the creation or deletion date of user accounts (or folders, permissions, or whatever), get a list of all accounts from IT in January. Then when you do the audit later in the year, get a new list and compare it with the January list. The new and deleted accounts will jump out at you.
I was visiting a friend at large, public company doing some benchmarking when we had to schedule several meetings with IT to gather data. My friend “Meako” starting entering attendees into his online calendar to see whether we could get some important meetings scheduled during the next week.