Category: Governance, Risk, and Compliance

Cybersecurity, Governance, Risk, and ComplianceLeave a comment

GMail/Picasa Identity Leakage

SysRisk

Be careful when using Picasa and other Google applications with default nickname and web address settings, since the number that Google assigns to your ID in those cases is easily decipherable. The number is just a replacement for your ID and is consistent, not random. This is not a new issue, and rather old, but I still see a lot of Picasa links that have those numbers in them. Without changing the defaults, an attacker can replace the URL in a page with javascript:alert(_user.name) to obtain the relevant ID. Read more in this Lifehacker article. Continue reading GMail/Picasa Identity Leakage

Governance, Risk, and ComplianceLeave a comment

Anti-Piracy – First Internet Cafe Arrest In Japan

SysRisk

This Japanese news article reports the first “internet cafe” arrest in Japan since the anti-piracy download law went into effect on Jan. 1, 2010. However, I am fairly certain that this is the first such arrest altogether – somebody please comment if I am wrong. Toward the end of last year and the first days of the new year, many blogs and statistic sites were reporting on the number of shares on peer-to-peer software available on the internet. Remarkably, most of the numbers did not change a bit. I find this unusual since Japanese go to great lengths to stay … Continue reading Anti-Piracy – First Internet Cafe Arrest In Japan

Cybersecurity, Governance, Risk, and Compliance, hacking, SocialLeave a comment

Facebook As Biggest Security Threat

SysRisk

Yes, I know… ‘Another Network World article’, you say. Yes, because lately they have been hitting trends fairly accurately…. read on!This article outlines a Sophos survey of businesses that  ranks Facebook as the biggest threat simply (at 60% surveyed) because it has become the biggest social network, followed by MySpace (t 18%, then Twitter at17%. Well, I tend to agree with that reasoning, but think the threat is somewhat limited on a couple of levels. In more secure environments in the financial industry, we have seen much broader implementation of Websense that keeps employees out of such sites through filtering … Continue reading Facebook As Biggest Security Threat

Cybersecurity, Governance, Risk, and Compliance, SocietyLeave a comment

Suck Your Guts In – Full Body Scanner Coming To An Airport Near You!

SysRisk

Well, from looking at the news and some of the evaluation discussions coming through here in Japan, it appears that at least Japan and the US will be implementing body scanners for boarding processing in the next year. Bruce Schneier touches on this subject a couple times throughout his blog, but in Japan’s case, I have some very reliable insight to some of the considerations by local officials. Of course, Japanese throw the latest, greatest technical solution at something as a CYA move all the time. Nobody wants to be responsible for a bad decision, so little thought goes into … Continue reading Suck Your Guts In – Full Body Scanner Coming To An Airport Near You!

Cybersecurity, Governance, Risk, and ComplianceLeave a comment

IT Auditors and Logging Systems

SysRisk

I’ve tackled this subject a couple of times in recent posts in a cursory manner, but feel that it is probably time to elaborate on the subject. An IT auditor’s challenge out in the field is not getting any less complex. Systems are evolving to become seamless, integrated cloud services to the end-user, while the internals of such systems are integrated in a complex computing architecture. The risks associated with this complexity are amplified when the professionals that are checking the integrity of these systems do not understand the technology, have no practical administration or configuration experience, and do not … Continue reading IT Auditors and Logging Systems

Governance, Risk, and ComplianceLeave a comment

Too Many Generalists – Internal Auditor Magazine Example

SysRisk

Forewarning – this is yet another rant. The views expressed herein are personal and do not reflect any viewpoint of my current employer. But I do feel bad because we have an advertisement right on the facing page of the article that I point out in this posting…. In my seven years as a member of the IIA and a Certified Internal Auditor, the IIA has not once responded to inquiry emails nor answered their phone when I have a question, so don’t feel so bad about what I am about to point out.A couple days ago I decided it … Continue reading Too Many Generalists – Internal Auditor Magazine Example

Governance, Risk, and ComplianceLeave a comment

Dissecting Japanese IT Organizations

SysRisk

This posting is a culmination of information about IT organizations in Japanese corporations gathered over the past nine years that I have been working in IT audit, security, and consulting in Japan. Before we start a project at a Japanese company, I always remind myself of the challenges, then we engage the work and I remind myself to write such a blog posting. The details outlined here do not apply to certain globalized Japan firms, but they generally apply to most; including many that are globalized. The only exception are those globalized firms that have recruited foreign talent at the … Continue reading Dissecting Japanese IT Organizations

Governance, Risk, and Compliance, Social, Trading and MoneyLeave a comment

Been A While

SysRisk

It’s been a couple weeks since I have had time (or taken time) to sit down and update my blog. Over the past month, have managed to add a couple dollars to the forex portfolio, but nothing spectacular. A little nervous right at this moment because all the signals were calling a sell-off after EUR/USD hit 1.4900. Have not seen a sell-off start yet, but after passing through 1.4900, this pair is still floating between 1.4800 and 1.4900. So late this week, I decided to trade only lightly and bail quick on any losses. Here’s a couple of pics that … Continue reading Been A While