Cybersecurity, Development, Governance, Risk, and Compliance, SocialLeave a comment

Getting In The Groove

May 29, 2011December 27, 2023 SysRisk

As many of you know, I left Deloitte late last month and have moved onto a position within IT Audit at SMBC Nikko Securities. This new position puts me in the thick of a Japanese working environment, which is challenging on many levels – language being the least of which. I look forward to this career change since it pulls out of the rat race that Big Four job have turned into. Long gone are the days where Big Four managers could get regular work and charge exorbitant rates. The competition is stiff and the rates are falling through the … Continue reading Getting In The Groove

Development, Governance, Risk, and ComplianceLeave a comment

WorkPapers Desktop Coming Soon

October 11, 2010December 27, 2023 SysRisk

The upcoming release of WorkPapers desktop software will be the third major release version written in yet a third, different programming language. I started with the release of the original WorkPapers in late 2004, which was a Mac only version written in Objective-C/Cocoa. Soon after that release, I developed a RealBASIC version of the software, since there was an obvious demand for a multi-platform version of the software. This second version sold quite well, but with RealBASIC, was real difficult to maintain and customize as much as end users (and myself) wanted.To meet the multi-platform demand and the long range … Continue reading WorkPapers Desktop Coming Soon

Governance, Risk, and Compliance, hackingLeave a comment

Accent Zip Password Recovery – A Career-Saver

July 5, 2010December 27, 2023 SysRisk

The fine folks over at passwordrecoverytools.com sent a request for an evaluation about four months ago, and as I was ensconced in a plethora of security work and programming, I never had a chance to test the tool for a good writeup. That was, until I decided to go on vacation last week and a client sent a password protected zip file without forwarding the password! That same client has decided that since I am on vacation, that my emails are not worth responding to! Hmmm…. Hahhhh! (small bellows of smoke roll out from the ears)Well, the password was recovered … Continue reading Accent Zip Password Recovery – A Career-Saver

Cybersecurity, Governance, Risk, and ComplianceLeave a comment

WorkPapers Software, Java, Google Web Toolkit, and DCMA

March 24, 2010December 27, 2023 SysRisk

Hi All!! Still alive and kicking. Been a couple weeks since the last posting but have been hard at work putting together another platform iteration of WorkPapers software. So far, I have created the audit working papers management software solution in Cocoa and RealBasic, so this time around thought I would try one more iteration in Java and Ajax. For more information about WorkPapers, please see the projects page on this web site. This will give a cross-platform solution that will sync with a web-base Ajax interface… sexy! So now that I am in advanced stages of this programming iteration, … Continue reading WorkPapers Software, Java, Google Web Toolkit, and DCMA

Governance, Risk, and ComplianceLeave a comment

The Next Wave – Preventive Security and Statisticians

March 7, 2010December 27, 2023 SysRisk

Over the past couple weeks I have concluded that enough (bad) breath has been spent ranting about how system and security auditors really are missing the mark. However, one cannot reasonably just point a finger in one direction – it takes two to tango, so it is now time to point out what CIOs and administrators of secure environments should start to consider in order to prevent incidents. And along the way add a rant or two about how the average CIO (too) is an administrative paper-pushing, policy guru that does not really have real systems administration experience – most … Continue reading The Next Wave – Preventive Security and Statisticians

Cybersecurity, Governance, Risk, and ComplianceLeave a comment

Saltzer and Schroeder

February 24, 2010December 27, 2023 SysRisk

This is a great article about Saltzer & Schroeder, two 1970′s computer security researchers that published this paper. The principles in this paper are the most cited in computer security and many apply to secure coding. While many have heard of Saltzer and Schroeder or their basic computer security principles, few actually take the time to read their work. Enjoy! Continue reading Saltzer and Schroeder

Governance, Risk, and ComplianceLeave a comment

Too Many Generalists – Internal Auditor Magazine Example

January 13, 2010December 26, 2023 SysRisk

Forewarning – this is yet another rant. The views expressed herein are personal and do not reflect any viewpoint of my current employer. But I do feel bad because we have an advertisement right on the facing page of the article that I point out in this posting…. In my seven years as a member of the IIA and a Certified Internal Auditor, the IIA has not once responded to inquiry emails nor answered their phone when I have a question, so don’t feel so bad about what I am about to point out.A couple days ago I decided it … Continue reading Too Many Generalists – Internal Auditor Magazine Example

Cybersecurity, hackingLeave a comment

Active Directory Analysis

December 19, 2009December 26, 2023 SysRisk

A couple of weeks ago I wrote this post because I had just found out that a group of security ‘professionals’ and ‘consultants’ (not from our company) that were assigned to one of my projects did not have the technical ability to download user records, or any other records, from Active Directory (AD) and perform the appropriate ID management analysis. While I am senior management, I do take the pride of being able to do about anything required, including the technical work that is necessary to figure out via Google, MS Support sites, or any other resource – a skill … Continue reading Active Directory Analysis

Blog

Five Hacking Tips

Tag: Audit