I just saw an interesting video that I wanted to share with you. It’s about a phone scammer who called a principal security agent at sourcefire. Enjoy the show
A guideline is typically a collection of system specific or procedural specific “suggestions” for best practices. They are not required but are there to provide help with the specific topic of interest. For example a Guideline on how to install Windows XP? Each installation can be different but the best way to install Windows XP [...]
HIPAA stands for Health Insurance Portability and Accountability Act Summary of the HIPAA Privacy Rule Summary of the HIPAA Security Rule
Generator Audit Matrix. Risk Description Key control Test Results Generators will not start when they are called upon to perform their duty Stationary Generators are started at least once a month to ensure that the generator will function correctly. (The generator should be started at least once a month and it should be left [...]
Sample Database Audit Matrix Part 1. Risk Description Key controls in Place Testing Results The Database Server is not adequately protected against physical and logical threats. The current version of the database and the operating system is still supported by the vendor. Verify and obtain evidence that the current version of the database is still supported [...]
It still amazes me to see how many companies do not have a document retention policy. Here are a few links that can help in Canada and US. http://www.cra-arc.gc.ca/tx/bsnss/tpcs/kprc/menu-eng.html http://www.sans.org/reading_room/whitepapers/backup/electronic-data-retention-policy_514
Is basically a proposed law to allow US Government to access to Internet traffic information between the U.S. government and certain technology and manufacturing companies. Will Canada now have to adopt similar measures?
DLP Data Loss prevention or Data Leak Prevention is a process that is designed to protect potential data breach incidents. The protection of prevention of incidents are usually at three different stages. Data in-use (Endpoint actions) Data in-motion (Network Traffic) Data at-rest (Data Storage) ITAudit.ca is in the process of putting together an audit [...]
Here are some Risk Considerations for an IT Audit Mobile Phone Program. Insufficient knowledge of rules and regulations over the usage of mobile phones Inappropriate handling of passwords Carelessness in handling information Availability of the mobile network Failure of the mobile phone Manipulation of information or software Theft Hoax Mobile phone Card Fraud Bugging of [...]
From ISACA and others… Val IT is a governance framework that can be used to create business value from IT investments. It consists of guiding principle, processes and best practices that are further defined as a set of key management practices. The three major domains are: Value Governance (VG) Portfolio Management (PM) Investment Management (IM) [...]