Steal from Agile to Increase Audit Analytics

To increase the amount and depth of the analytics performed, steal some agile methods, and apply them to your audits.

If you’re not familiar with agile methods, check out the first 5 topics listed here (just click Next at the bottom of each page; the topics are quick to the point and full of pictures).

Briefly, agile projects are performed in cycles, or iterations, rather than in a long, linear-waterfall fashion, which is: do all planning, then field work, then reporting. Each iteration of the project creates some value and includes feedback, which is used in the next iteration to increase the value of the project.

Continue reading →

Advertisement

Behind Locked Doors: Conclusion

Most of the team deployed to the 2 departments and started emptying wastebaskets in the ‘wastebasket audit‘ exercise, collecting all the trash in large carts on wheels.

Two others were posted as look-outs in the main hallways outside the target department.

I carried my black bag of tools and approached THE door.

I pulled out my favorite flat-head screwdriver. Originally, I was going to remove the closing arm at the top of the door and then pry the hinge pins out of the hinges.

This is the fifth and final post in a series. See the previous post, Behind Locked Doors: Part 4. Start with Behind Locked Doors: Part 1.

Continue reading →

Behind Locked Doors: Part 4

I had to get that database fast.

After a long security team meeting, garnished with lots of pepperoni and green olive pizza, we divided the staff into 2 teams.  Team A started scanning and probing the target department’s servers in search of vulnerabilities that would provide us with admin access over the network.

Team B started planning a physical intrusion in case Team A failed.

After a couple hours, I was notified that the vulnerability team came up short. None of the identified vulnerabilities could be used to escalate our permissions.

A member of the physical intrusion team called maintenance and requested help from a specific maintenance guy: Zeke. The security team member said that we “needed Zeke’s help locating an electrical breaker panel” in a certain department.

This is the fourth post in a series. See Behind Locked Doors: Part 3. The next post will be the conclusion.

Continue reading →

Behind Locked Doors: Part 3

A couple days after I provided Leeda with access to the suspect’s email, her number flashed on my phone again.

I picked up the phone and said, “Hi, Leeda. Find anything interesting in that guy’s email?” I  knew she wouldn’t tell me much, but I pried anyway. It was second nature.

I could hear the Internal Audit manager’s smile when she said,”Nice try, Mack. You know that street only goes one way, and you’re headed in the wrong direction.”

This is the third post in a series. See Behind Locked Doors: Part 2.

Continue reading →

Easiest Way to Steal Confidential Data

A lot of company data is lying around unprotected, making it very easy to steal. No, I’m not talking about picking up other people’s documents at the printer. Stealing printouts isn’t hard, but it can be risky, especially if the printer is a busy one. Besides, it has 2 other problems:

• Your chances of picking up confidential data are low at any given time.
• The person will look for the printout and wonder what happened to it.

There’s a much better way that is fast, easy, simple, raises no suspicion, and is basically impossible to detect, if you do it correctly. Can you think of what it is?

Continue reading →