Category: Governance, Risk, and Compliance

Governance, Risk, and Compliance, hackingLeave a comment

Accent Zip Password Recovery – A Career-Saver

SysRisk

The fine folks over at passwordrecoverytools.com sent a request for an evaluation about four months ago, and as I was ensconced in a plethora of security work and programming, I never had a chance to test the tool for a good writeup. That was, until I decided to go on vacation last week and a client sent a password protected zip file without forwarding the password! That same client has decided that since I am on vacation, that my emails are not worth responding to! Hmmm…. Hahhhh! (small bellows of smoke roll out from the ears)Well, the password was recovered … Continue reading Accent Zip Password Recovery – A Career-Saver

Development, Governance, Risk, and ComplianceLeave a comment

WorkPapers Release Around The Corner

SysRisk

After much anticipation from the WorkPapers user community, I am proud to announce that invitations for WorkPapers trials and testing will go out throughout the following week. After watching some fireworks tonight (from Honolulu Hawaii), I will setup the first pre-production release that will be setup as invitationware. Those who actively participate in this phase over the next couple weeks will receive a free one year subscription to the service. Please notice the ‘actively participate’ qualifier. That means posting to the user forum with bugs since there will still be a few, suggesting improvements, commenting on your own work application … Continue reading WorkPapers Release Around The Corner

Development, Governance, Risk, and ComplianceLeave a comment

Whew!! Coming Up For Air

SysRisk

Hi All. Crawled out of the dark coding dungeon for some fresh air over the next couple days. Then back into web site touch-ups, alotta photoshop, and some rounding out the rough edges, then deployment. Last night uploaded a milestone version of the web version of WorkPapers to the repository. This version pretty much does all of the base functions – tying together workstep and results editors to the tree view, attachments, project tracking, and the first step of Google Apps integration.Okay, okay, I know you all have no idea on what I am describing… thinking out loud. But when … Continue reading Whew!! Coming Up For Air

Development, Governance, Risk, and ComplianceLeave a comment

New WorkPapers Release Coming

SysRisk

Hi All! It’s been a while, but since then have been hard at work programming on a couple of projects with a couple of languages. Over the past couple weeks, since mentioning WorkPapers in a blog posting, several users have replied via email calling, requesting, and some demanding a new release. Well, it’ll be out in a few weeks. This next release will enhance the previous version synchronize, file exchange, and export – with a few long-awaited reporting upgrades. A subsequent release will include WorkPapers Web Edition with client software synchronization and/or pure filthy rich online experience. This mix of … Continue reading New WorkPapers Release Coming

Cybersecurity, Governance, Risk, and ComplianceLeave a comment

WorkPapers Software, Java, Google Web Toolkit, and DCMA

SysRisk

Hi All!! Still alive and kicking. Been a couple weeks since the last posting but have been hard at work putting together another platform iteration of WorkPapers software. So far, I have created the audit working papers management software solution in Cocoa and RealBasic, so this time around thought I would try one more iteration in Java and Ajax. For more information about WorkPapers, please see the projects page on this web site. This will give a cross-platform solution that will sync with a web-base Ajax interface… sexy! So now that I am in advanced stages of this programming iteration, … Continue reading WorkPapers Software, Java, Google Web Toolkit, and DCMA

Governance, Risk, and ComplianceLeave a comment

The Next Wave – Preventive Security and Statisticians

SysRisk

Over the past couple weeks I have concluded that enough (bad) breath has been spent ranting about how system and security auditors really are missing the mark. However, one cannot reasonably just point a finger in one direction – it takes two to tango, so it is now time to point out what CIOs and administrators of secure environments should start to consider in order to prevent incidents. And along the way add a rant or two about how the average CIO (too) is an administrative paper-pushing, policy guru that does not really have real systems administration experience – most … Continue reading The Next Wave – Preventive Security and Statisticians

Cybersecurity, Governance, Risk, and ComplianceLeave a comment

Increasing Attacks Against Grid Systems

SysRisk

This article over in the Dark Reading brings up an issue that power companies apparently have been denying for a long time. However, for those of you who get the weekly SANS newsletter may have seen the sideline from Alan Paller: “The data that will be discussed at the SCADA Security Summit (http://www.sans.org/scada-security-summit-2010/) will make it much harder for EEI to claim it isn’t happening.” The power companies spokespersons seem to be in complete denial, but reports are showing over 120 attacks have been carried out against such systems. Continue reading Increasing Attacks Against Grid Systems

Cybersecurity, Governance, Risk, and ComplianceLeave a comment

Saltzer and Schroeder

SysRisk

This is a great article about Saltzer & Schroeder, two 1970′s computer security researchers that published this paper. The principles in this paper are the most cited in computer security and many apply to secure coding. While many have heard of Saltzer and Schroeder or their basic computer security principles, few actually take the time to read their work. Enjoy! Continue reading Saltzer and Schroeder

Governance, Risk, and ComplianceLeave a comment

IT and Infosec Auditor Shortcomings – SANS Joins The Dialog

SysRisk

Actually, SANS has been in the dialog, but they put out an article that reinforces the issue of how IT and Infosec auditors – and many consultants alike – are not delivering the proper value to the market. I wrote this article last year that ranted on the issue, and many responded through email and comments to show support of the view. This was an issue that I noticed about five years ago as ISC2, ISACA, and other organizations really focused on increasing membership and increasing revenues. Also, from my experience in the Big Four over the years, I noticed … Continue reading IT and Infosec Auditor Shortcomings – SANS Joins The Dialog

Cybersecurity, Governance, Risk, and Compliance, Social, SocietyLeave a comment

This is big news on a cyberattack…. 75,000 Systems Breached!

SysRisk

This is big news on a cyberattack…. 75,000 Systems Breached! This Washington Post article just released details one of the biggest cyber attacks in history that has been recently revealed. The attack started in late 2008, but was just discovered last month. Again, highlighting the sophistication of hacker groups, demonstrating that they are gaining power equivalent or greater than nation states ability to protect themselves from such attacks.Read more at the link above. Continue reading This is big news on a cyberattack…. 75,000 Systems Breached!