I ran across Tom Olzak’s post where he quotes from an SANS article by Daniel Wesemann, Password rules: Change them every 25 years. I disagree with both of them on a few points.
First, Olzak notes in his introductory paragraph that
Tag Archives: social engineering
What Needs to be on a GOOJ Card?
If you probe networks, systems, and applications, you need a GOOJ card to protect yourself and your job.
In How to Stay Out of Jail, I recommended that anyone who scans, probes, or pokes networks, systems, or devices should always carry a get-out-of-jail (GOOJ) card. I also provided some reasons why such a card is critical.
Filed under Audit, How to..., Security, Technology
If Called, Don’t Answer
No, I’m not suggesting that you don’t answer your phone. Just be careful what you do or say when you are called or contacted.
What am I talking about? A principle I refer to as the CONTACT principle, which will keep your private information private:
Filed under Security, Security Scope
Fun CPEs for CISSPs
Don Donzal, who created www.ethicalhacker.net and ChicagoCon (link now appears defunct), lists 10 ways for CISSPs to earn CPEs (Continuing Professional Education credits) and having fun doing it. Check out his entire article here. He wrote it in 2005, but it hasn’t aged much.
NOTE: I crossed through some of the links to now-defunct sites….remember, this was written in 2009….
ITauditSecurity 