Tag: Governance

Development, Governance, Risk, and ComplianceLeave a comment

WorkPapers Desktop Coming Soon

SysRisk

The upcoming release of WorkPapers desktop software will be the third major release version written in yet a third, different programming language. I started with the release of the original WorkPapers in late 2004, which was a Mac only version written in Objective-C/Cocoa. Soon after that release, I developed a RealBASIC version of the software, since there was an obvious demand for a multi-platform version of the software. This second version sold quite well, but with RealBASIC, was real difficult to maintain and customize as much as end users (and myself) wanted.To meet the multi-platform demand and the long range … Continue reading WorkPapers Desktop Coming Soon

Governance, Risk, and ComplianceLeave a comment

The Next Wave – Preventive Security and Statisticians

SysRisk

Over the past couple weeks I have concluded that enough (bad) breath has been spent ranting about how system and security auditors really are missing the mark. However, one cannot reasonably just point a finger in one direction – it takes two to tango, so it is now time to point out what CIOs and administrators of secure environments should start to consider in order to prevent incidents. And along the way add a rant or two about how the average CIO (too) is an administrative paper-pushing, policy guru that does not really have real systems administration experience – most … Continue reading The Next Wave – Preventive Security and Statisticians

Cybersecurity, Governance, Risk, and ComplianceLeave a comment

Saltzer and Schroeder

SysRisk

This is a great article about Saltzer & Schroeder, two 1970′s computer security researchers that published this paper. The principles in this paper are the most cited in computer security and many apply to secure coding. While many have heard of Saltzer and Schroeder or their basic computer security principles, few actually take the time to read their work. Enjoy! Continue reading Saltzer and Schroeder

Governance, Risk, and ComplianceLeave a comment

IT and Infosec Auditor Shortcomings – SANS Joins The Dialog

SysRisk

Actually, SANS has been in the dialog, but they put out an article that reinforces the issue of how IT and Infosec auditors – and many consultants alike – are not delivering the proper value to the market. I wrote this article last year that ranted on the issue, and many responded through email and comments to show support of the view. This was an issue that I noticed about five years ago as ISC2, ISACA, and other organizations really focused on increasing membership and increasing revenues. Also, from my experience in the Big Four over the years, I noticed … Continue reading IT and Infosec Auditor Shortcomings – SANS Joins The Dialog

Cybersecurity, Governance, Risk, and Compliance, Social, SocietyLeave a comment

This is big news on a cyberattack…. 75,000 Systems Breached!

SysRisk

This is big news on a cyberattack…. 75,000 Systems Breached! This Washington Post article just released details one of the biggest cyber attacks in history that has been recently revealed. The attack started in late 2008, but was just discovered last month. Again, highlighting the sophistication of hacker groups, demonstrating that they are gaining power equivalent or greater than nation states ability to protect themselves from such attacks.Read more at the link above. Continue reading This is big news on a cyberattack…. 75,000 Systems Breached!

Governance, Risk, and ComplianceLeave a comment

Anti-Piracy – First Internet Cafe Arrest In Japan

SysRisk

This Japanese news article reports the first “internet cafe” arrest in Japan since the anti-piracy download law went into effect on Jan. 1, 2010. However, I am fairly certain that this is the first such arrest altogether – somebody please comment if I am wrong. Toward the end of last year and the first days of the new year, many blogs and statistic sites were reporting on the number of shares on peer-to-peer software available on the internet. Remarkably, most of the numbers did not change a bit. I find this unusual since Japanese go to great lengths to stay … Continue reading Anti-Piracy – First Internet Cafe Arrest In Japan

Cybersecurity, Governance, Risk, and Compliance, hacking, SocialLeave a comment

Facebook As Biggest Security Threat

SysRisk

Yes, I know… ‘Another Network World article’, you say. Yes, because lately they have been hitting trends fairly accurately…. read on!This article outlines a Sophos survey of businesses that  ranks Facebook as the biggest threat simply (at 60% surveyed) because it has become the biggest social network, followed by MySpace (t 18%, then Twitter at17%. Well, I tend to agree with that reasoning, but think the threat is somewhat limited on a couple of levels. In more secure environments in the financial industry, we have seen much broader implementation of Websense that keeps employees out of such sites through filtering … Continue reading Facebook As Biggest Security Threat

Cybersecurity, Governance, Risk, and ComplianceLeave a comment

IT Auditors and Logging Systems

SysRisk

I’ve tackled this subject a couple of times in recent posts in a cursory manner, but feel that it is probably time to elaborate on the subject. An IT auditor’s challenge out in the field is not getting any less complex. Systems are evolving to become seamless, integrated cloud services to the end-user, while the internals of such systems are integrated in a complex computing architecture. The risks associated with this complexity are amplified when the professionals that are checking the integrity of these systems do not understand the technology, have no practical administration or configuration experience, and do not … Continue reading IT Auditors and Logging Systems