Tag Archives: wastebasket

Some of my Favorites

Since some of you are newer to the blog, I thought I’d bring a couple of my favorite posts to your attention.

Continue reading

Advertisements

Leave a comment

Filed under ACL, Audit, How to..., Security, Technology, Top 10

Behind Locked Doors: Conclusion

office doorMost of the team deployed to the 2 departments and started emptying wastebaskets in the ‘wastebasket audit‘ exercise, collecting all the trash in large carts on wheels.

Two others were posted as look-outs in the main hallways outside the target department.

I carried my black bag of tools and approached THE door.

I pulled out my favorite flat-head screwdriver. Originally, I was going to remove the closing arm at the top of the door and then pry the hinge pins out of the hinges.

This is the fifth and final post in a series. See the previous post, Behind Locked Doors: Part 4. Start with Behind Locked Doors: Part 1.

Continue reading

4 Comments

Filed under Audit, Case Files, fraud, Security, Technology

Behind Locked Doors: Part 4

office doorI had to get that database fast.

After a long security team meeting, garnished with lots of pepperoni and green olive pizza, we divided the staff into 2 teams.  Team A started scanning and probing the target department’s servers in search of vulnerabilities that would provide us with admin access over the network.

Team B started planning a physical intrusion in case Team A failed.

After a couple hours, I was notified that the vulnerability team came up short. None of the identified vulnerabilities could be used to escalate our permissions.

A member of the physical intrusion team called maintenance and requested help from a specific maintenance guy: Zeke. The security team member said that we “needed Zeke’s help locating an electrical breaker panel” in a certain department.

This is the fourth post in a series. See Behind Locked Doors: Part 3. The next post will be the conclusion.

Continue reading

Leave a comment

Filed under Audit, Case Files, fraud, Security, Technology

What Everybody Ought to Know About Auditor Secrets

Auditors use the following secrets and tricks to ensure that control owners can’t run and hide. If you do audits of any type and don’t use these tricks, you might want to consider adding them to your toolbox. If you are the one getting audited, beware!

Here’s some of my favorite sneaky tricks:

Continue reading

5 Comments

Filed under Audit, How to..., Security

Wastebasket Audit Findings

Over the years, I’ve performed many wastebasket audits (see my previous post, Why a WasteBasket Audit? for more details). One reader said this was a waste of time, but you be the judge. Here are some of my findings:

Continue reading

Leave a comment

Filed under Audit, Security