Tag Archives: test

How to Review Your ACL Log

Review ACL logWhether you script your projects or use menu commands, you need to review your ACL log carefully.

Good analysts review their results and the log as they work in ACL, after they think they are done, and have others review their log before the ACL project is relied upon.

(You can’t imagine the dumb mistakes my team and I found that saved us a lot of embarrassment later.)

Continue reading

Advertisements

2 Comments

Filed under ACL, Data Analytics, How to..., Scripting (ACL), Written by Skyyler

Free CISSP Review Material, Practice Exams

I just found some more FREE CISSP review material and practice exams. One exam is 100 questions, the other 250.

Continue reading

6 Comments

Filed under Certification, Free, Free Download, Security

ACL Tip: Beware of ORs and ANDs

AND ORWhenever you use OR and AND operators in ACL (or other software, for that matter), be careful to ensure that you receive the results that you are looking for.

Assume you have Table1, which contains 100 loan transactions. 10 of those transactions have a loan rate of 5% and 10 transactions have a rate of 6%. The remaining transactions have rates above 10%.

Continue reading

Leave a comment

Filed under ACL, Audit, Data Analytics, How to..., Scripting (ACL), Written by Skyyler

Plan to Test the Test Plan

Always test the test plan and make sure it actually tests the control or risk being assessed. And make sure the tester (especially when you are observing the tester rather than performing the test yourself) actually follows the test plan.

During a segregation of duties (SOD) test for an expense report approval system, an auditor was observing a client perform a test.  The client was supposed to enter his user ID into the Approver field to demonstrate that he could not approve his own expense report.

Continue reading

2 Comments

Filed under Audit

Risk: Look Both Ways

On my walk to work, I cross a lot of 1-way streets. I always look both ways. Sometimes, when a friend or colleague is walking with me, I get teased me about this. I always reply with this question: Have you ever driven down a 1-way street the wrong way? For some reason, I never get a reply and another subject surfaces.

When I crossed one of those streets the other day, I realized that some people look at audit/security/risk the same way. They only look one way because of the people or rules or controls or norms that govern the activity. They fail to think outside of the cubicle and look the other way–the path seldom traveled.

Continue reading

1 Comment

Filed under Audit

How to Pass Certification Exams

Getting ready to take the CISA, CISM, CISSP, CIA, PMP, MCSE, or other certification exams? Here’s what you need to do to pass those tests:

Continue reading

12 Comments

Filed under Audit, Certification, How to..., Security, Technology