Kirt Cathey, NH2GX, JG1FXZ

The fine folks over at passwordrecoverytools.com sent a request for an evaluation about four months ago, and as I was ensconced in a plethora of security work and programming, I never had a chance to test the tool for a good writeup. That was, until I decided to go on vacation last week and a client sent a password protected zip file without forwarding the password!

Share on Facebook

Hi All!! Still alive and kicking. Been a couple weeks since the last posting but have been hard at work putting together another platform iteration of WorkPapers software. So far, I have created the audit working papers management software solution in Cocoa and RealBasic, so this time around thought I would try one more iteration [...]

Share on Facebook

Over the past couple of days I have concluded that enough (bad) breath has been spent ranting about how system and security auditors really are missing the mark. However, one cannot reasonably just point a finger in one direction – it takes two to tango, so it is now time to point out what CIOs and administrators of secure environments should start to consider in order to prevent incidents. And along the way add a rant or two about how the average CIO is (too) an administrative paper-pushing, policy guru that does not really have real systems administration experience – most come from a consulting background and have not had to own a system for more than a year.

Share on Facebook

I’ve tackled this subject a couple of times in recent posts in a cursory manner, but feel that it is probably time to elaborate on the subject. An IT auditor’s challenge out in the field is not getting any less complex. Systems are evolving to become seamless, integrated cloud services to the end-user, while the internals of such systems are integrated in a complex computing architecture. The risks associated with this complexity are amplified when the professionals that are checking the integrity of these systems do not understand the technology, have no practical administration or configuration experience, and do not have the necessary knowledge to understand how these systems interact.

Share on Facebook

A couple weeks ago I had a small rant about the HSBC bankruptcy leak, where I found the bank’s reaction to the issue rather surprising. Then this morning as I go through my reading list (it’s Monday), this article from Network World shows that TSA fell into the same problem. However, this most recent article goes into the problem much deeper, especially on the second page of the article.

Share on Facebook

This article is not an expression against the many IS and IT auditors out there that really know what they are doing and offer an added value to their clients. It is a voice thrown out into the airwaves that portrays the state of the profession as I have seen it develop within the Big Four over the past ten years. I have worked at all four of these companies and can safely state that I am an expert at how these organizations sell, plan, and deliver their services.
Also, this does not apply to myself and all other IT and IS auditors (Big Four or not) out there that are technical enough to look beyond the surrounding controls and paperwork thrown at them at the outset of an audit. But it does apply to the other 99% out there that have become IT or IS auditors after becoming a CPA or graduating from an MBA program, then getting a warm-over course, sitting for one of the certifications, then coaxing their manager(s) to sign-off on the experience they never achieved.

Share on Facebook