Tag: security metrics

Cybersecurity, Governance, Risk, and ComplianceLeave a comment

WorkPapers Software, Java, Google Web Toolkit, and DCMA

SysRisk

Hi All!! Still alive and kicking. Been a couple weeks since the last posting but have been hard at work putting together another platform iteration of WorkPapers software. So far, I have created the audit working papers management software solution in Cocoa and RealBasic, so this time around thought I would try one more iteration in Java and Ajax. For more information about WorkPapers, please see the projects page on this web site. This will give a cross-platform solution that will sync with a web-base Ajax interface… sexy! So now that I am in advanced stages of this programming iteration, … Continue reading WorkPapers Software, Java, Google Web Toolkit, and DCMA

Governance, Risk, and ComplianceLeave a comment

The Next Wave – Preventive Security and Statisticians

SysRisk

Over the past couple weeks I have concluded that enough (bad) breath has been spent ranting about how system and security auditors really are missing the mark. However, one cannot reasonably just point a finger in one direction – it takes two to tango, so it is now time to point out what CIOs and administrators of secure environments should start to consider in order to prevent incidents. And along the way add a rant or two about how the average CIO (too) is an administrative paper-pushing, policy guru that does not really have real systems administration experience – most … Continue reading The Next Wave – Preventive Security and Statisticians

Governance, Risk, and ComplianceLeave a comment

IT and Infosec Auditor Shortcomings – SANS Joins The Dialog

SysRisk

Actually, SANS has been in the dialog, but they put out an article that reinforces the issue of how IT and Infosec auditors – and many consultants alike – are not delivering the proper value to the market. I wrote this article last year that ranted on the issue, and many responded through email and comments to show support of the view. This was an issue that I noticed about five years ago as ISC2, ISACA, and other organizations really focused on increasing membership and increasing revenues. Also, from my experience in the Big Four over the years, I noticed … Continue reading IT and Infosec Auditor Shortcomings – SANS Joins The Dialog

Cybersecurity, Governance, Risk, and Compliance, hacking, SocialLeave a comment

Facebook As Biggest Security Threat

SysRisk

Yes, I know… ‘Another Network World article’, you say. Yes, because lately they have been hitting trends fairly accurately…. read on!This article outlines a Sophos survey of businesses that  ranks Facebook as the biggest threat simply (at 60% surveyed) because it has become the biggest social network, followed by MySpace (t 18%, then Twitter at17%. Well, I tend to agree with that reasoning, but think the threat is somewhat limited on a couple of levels. In more secure environments in the financial industry, we have seen much broader implementation of Websense that keeps employees out of such sites through filtering … Continue reading Facebook As Biggest Security Threat

Cybersecurity, Governance, Risk, and ComplianceLeave a comment

IT Auditors and Logging Systems

SysRisk

I’ve tackled this subject a couple of times in recent posts in a cursory manner, but feel that it is probably time to elaborate on the subject. An IT auditor’s challenge out in the field is not getting any less complex. Systems are evolving to become seamless, integrated cloud services to the end-user, while the internals of such systems are integrated in a complex computing architecture. The risks associated with this complexity are amplified when the professionals that are checking the integrity of these systems do not understand the technology, have no practical administration or configuration experience, and do not … Continue reading IT Auditors and Logging Systems