Some Chief Audit Executives (CAEs) and audit managers tend to think that audit automation is a set-it-and-forget-it process. NOT.
In this post, I want to expand on a problem I mentioned in an earlier post , 10 Signs Mgmt Doesn’t Really Support Analytics.
Audit management too often thinks that once a process or an audit is automated, ALL auditor/staff hours previously spent performing that process can be reassigned elsewhere.
That is not the case at all.
Continue reading →
Like this:
Like Loading...
Filed under ACL, Audit, Data Analytics, Scripting (ACL), Security, Technology, Written by Skyyler
Tagged as analytics, asset, Audit, automation, CAE, dog food, fail, hours, inventory, maintenance, monitor, review, scripts, system ID, Technology, time, troublehshoot, updates
A new IT auditor needs some help dealing with database patching issues and how far you need to dive into technology during an IT audit.
Take a moment to read his comment and add your thoughts. I’ve put in my 2 cents. Let’s get a good discussion going.
I think any auditor can chime in, as audit scope and audit limitations are not unique to IT audit.
Dinesh’s comment appears in What IT Auditors Ought to Know – and Don’t!
Like this:
Like Loading...
Filed under Audit, How to..., Security, Technology
Tagged as Audit, comment, database, DBA, dinesh, downtime, grass root, IT, patch, patch management, supervision, Technology
Here’s my list of the top 10 reasons to be an IT auditor:
10. You have access to all systems, data, and people (with a business reason, of course). Employees rarely ignore you.
9. You can uncover fraud, mischief, ignorance, and just plain laziness. Either way, you “add value to the business” (yeah, I hate that term too, but it is what audit is about, and so appropriate).
Continue reading →
Like this:
Like Loading...
Filed under Audit, Humor/Irony, Technology, Top 10
Tagged as access, add value, analytics, fraud, funding, it audit, pay, problem, salary, support, Technology, Top 10
SC Magazine had a good article back in November (I am a bit behind in my reading and my blogging) about industry pioneers in IT security. Listed below are quotes by a select few of the people the mag profiled. If you find their quotes interesting, or you are not familiar with them, I suggest you check out the article and perhaps do some extra reading about some of them.
I thought cryptography was a technique that did not require your trusting other people…” – Whitfield Diffie
Continue reading →
Like this:
Like Loading...
Filed under Security
Tagged as Bruce Schneier, data, encryption, Fyodor, Howard Schmidt, IT, marcus ranum, Paul Sarbanes, Peter Stephenson, Phil Zimmermann, pioneer, SC Magazine, Security, Technology, Whitfield Diffie
Part 1 of an article at AuditNet notes that audit teams need to increase their use of technology, specifically data analytics, to continue adding value to their companies. The author contends that data analytics can provide more assurance at a lower cost than the traditional cyclical approach to auditing (while I noticed the author, John Verver, is a VP of ACL Services and has a vested interest in this, I agree with him).
Continue reading →
Like this:
Like Loading...
Lenny Zeltser suggest 5 steps that mid-market organizations can take down the security path:
- Identify key data flows
- Understand user interactions
- Examine the network perimeter
- Assess the servers and workstations
- Look at the applications
Continue reading →
Like this:
Like Loading...
Filed under Security
Tagged as application, Audit, baby steps, check the box, checklist, classify, configuration, crash, customer information, data flow, database, famous recipe, hack, home computer, insider, internet facing, lenny zeltser, mitigation, outsider, patch, perimeter, plan, risk, Security, server, sox, Technology, time card, USB drive, users, vendor, workstation
Keir Thomas, author of several books on Ubuntu, including the Ubuntu Pocket Guide and Reference, declares that Firefox has lost its way. He says that the fox is slow and Slashdot users are complaining about it heavily.
Continue reading →
Like this:
Like Loading...
Filed under Security
Tagged as 15 must see sights in google earth, browser, browser security handbook, chad perrin, chrome, distro, Firefox, Gmail, google, keir thomas, maps, open source, phone home, pocket guide, privacy, rogue site, Security, security implications, slashdot, snoop, Technology, tom olzak, ubuntu, wars, wikipedia
Bruce Schneier’s Blowfish encryption algorithm was mangled again on the Fox show 24. According to Schneier’s Crypto-Gram blog, the show claims that Schneier put a backdoor in the algorithm. Based on reader comments on the Crypto-Gram blog, people will believe anything said on TV (or posted on the ‘net).
Continue reading →
Like this:
Like Loading...
Filed under Humor/Irony, Security
Tagged as 24, algorithm, backdoor, blowfish, crypto-gram, encryption, humor, irony, schneier, Security, Technology, twofish
Diann Daniel’s 15 pictures from Google Earth (GE) showcases the power of GE, and the images are indeed interesting. NOTE: Evidently these pics were removed – Mack
Seven images show the Firefox browser circle cut into a crop field (UFO style) and other large-scale animals and objects. The slide show includes commentary and the coordinates of each image. If you’re in a hurry, I recommend images 5 through 10.
Continue reading →
Like this:
Like Loading...
Filed under Humor/Irony, Security, Written by Skyyler
Tagged as 3D, API, Apollo landings, Apollo missions, cheese, EULAs, Facebook, Firefox, Gmail, Google Chrome, Google Earth, Google Moon, Google privacy, Google security, Google Updater, satellite imagery, security implications, Technology, UFO
New IT Auditor Needs Help!
A new IT auditor needs some help dealing with database patching issues and how far you need to dive into technology during an IT audit.
Take a moment to read his comment and add your thoughts. I’ve put in my 2 cents. Let’s get a good discussion going.
I think any auditor can chime in, as audit scope and audit limitations are not unique to IT audit.
Dinesh’s comment appears in What IT Auditors Ought to Know – and Don’t!
Share this:
Like this:
Leave a comment
Filed under Audit, How to..., Security, Technology
Tagged as Audit, comment, database, DBA, dinesh, downtime, grass root, IT, patch, patch management, supervision, Technology