Cybersecurity, Development, Governance, Risk, and Compliance, SocialLeave a comment

Getting In The Groove

May 29, 2011December 27, 2023 SysRisk

As many of you know, I left Deloitte late last month and have moved onto a position within IT Audit at SMBC Nikko Securities. This new position puts me in the thick of a Japanese working environment, which is challenging on many levels – language being the least of which. I look forward to this career change since it pulls out of the rat race that Big Four job have turned into. Long gone are the days where Big Four managers could get regular work and charge exorbitant rates. The competition is stiff and the rates are falling through the … Continue reading Getting In The Groove

Governance, Risk, and Compliance, hackingLeave a comment

Accent Zip Password Recovery – A Career-Saver

July 5, 2010December 27, 2023 SysRisk

The fine folks over at passwordrecoverytools.com sent a request for an evaluation about four months ago, and as I was ensconced in a plethora of security work and programming, I never had a chance to test the tool for a good writeup. That was, until I decided to go on vacation last week and a client sent a password protected zip file without forwarding the password! That same client has decided that since I am on vacation, that my emails are not worth responding to! Hmmm…. Hahhhh! (small bellows of smoke roll out from the ears)Well, the password was recovered … Continue reading Accent Zip Password Recovery – A Career-Saver

Cybersecurity, Governance, Risk, and ComplianceLeave a comment

WorkPapers Software, Java, Google Web Toolkit, and DCMA

March 24, 2010December 27, 2023 SysRisk

Hi All!! Still alive and kicking. Been a couple weeks since the last posting but have been hard at work putting together another platform iteration of WorkPapers software. So far, I have created the audit working papers management software solution in Cocoa and RealBasic, so this time around thought I would try one more iteration in Java and Ajax. For more information about WorkPapers, please see the projects page on this web site. This will give a cross-platform solution that will sync with a web-base Ajax interface… sexy! So now that I am in advanced stages of this programming iteration, … Continue reading WorkPapers Software, Java, Google Web Toolkit, and DCMA

Governance, Risk, and ComplianceLeave a comment

The Next Wave – Preventive Security and Statisticians

March 7, 2010December 27, 2023 SysRisk

Over the past couple weeks I have concluded that enough (bad) breath has been spent ranting about how system and security auditors really are missing the mark. However, one cannot reasonably just point a finger in one direction – it takes two to tango, so it is now time to point out what CIOs and administrators of secure environments should start to consider in order to prevent incidents. And along the way add a rant or two about how the average CIO (too) is an administrative paper-pushing, policy guru that does not really have real systems administration experience – most … Continue reading The Next Wave – Preventive Security and Statisticians

Cybersecurity, Governance, Risk, and ComplianceLeave a comment

IT Auditors and Logging Systems

January 28, 2010December 26, 2023 SysRisk

I’ve tackled this subject a couple of times in recent posts in a cursory manner, but feel that it is probably time to elaborate on the subject. An IT auditor’s challenge out in the field is not getting any less complex. Systems are evolving to become seamless, integrated cloud services to the end-user, while the internals of such systems are integrated in a complex computing architecture. The risks associated with this complexity are amplified when the professionals that are checking the integrity of these systems do not understand the technology, have no practical administration or configuration experience, and do not … Continue reading IT Auditors and Logging Systems

Cybersecurity, hackingLeave a comment

Security Through Obscurity – Word Processor Redaction

December 26, 2009December 26, 2023 SysRisk

A couple weeks ago I had a small rant about the HSBC bankruptcy leak, where I found the bank’s reaction to the issue rather surprising. Then this morning as I go through my reading list (it’s Monday), this article from Network World shows that TSA fell into the same problem. However, this most recent article goes into the problem much deeper, especially on the second page of the article. The problem lies in developers, users, and security managers alike not knowing the process of document redaction, and what will and will not properly redact a document. Many people think that … Continue reading Security Through Obscurity – Word Processor Redaction

Blog

Five Hacking Tips

Tag: Consulting