I recently came across a control in a client’s processes that threw up a red flag and will definitely get a bit more attention from me during our audit. The control mentioned Clustering and Mirroring as part of their Backup and Recovery solution:
The most vulnerable asset in any company isn’t the network or the application – it is the people. People, being the imperfect beings we are, may forget passwords, forget to lock computers, or fall victim to social engineering hacks. Studies repeatedly show that adults willingly open malicious emails, give away personal information over the […]
This past December I took the ISACA CISA exam and I’m pleased to announce that last week, I got my confirmation letter stating that I passed in the top 10 percentile of fellow test takers!
With the test passed and the experience still very fresh on my mind, I felt I should take the opportunity share my experience and any advice to […]
“I.T. Auditors don’t know anything about I.T.” – Anonymous Client
On the first day of almost every project I have ever been involved with I have had to overcome the perception that as an “Auditor” (I prefer Consultant because I’m usually there to do a lot more than just audit) I lack any understanding of technology. From a client’s […]
One of the most common questions I am asked by my less-than-tech-savvy friends and colleagues is “How do you keep your computer from getting viruses?”
In reality, there are a lot of things you can do to avoid getting computer viruses. Perhaps the most effective is educating yourself about how viruses are actually spread and changing your browsing habits. Then there is the plethora of […]
My previous posts on physical and environmental security controls covered a gamut of security measures to protect data and facilities. Then I ran across this video from Google’s data center and it looks like they have more than a few of those controls in place.
What is a Malicious File Execution Vulnerability?
Malicious file execution vulnerabilities (also called File Inclusion Vulnerabilities) is a vulnerability that occurs due to user input or uploads to websites not being properly handled or poor data validation by the website/web application.
Web applications that are poorly designed or coded may automatically run or parse input that is inputted from a user. If […]
Environmental Security audits are designed to ensure that data and information technology infrastructure are protected from environmental dangers that might cause harm to critical data or I.T. infrastructure. That […]