Kirt Cathey, NH2GX, JG1FXZ

Hi All!! Still alive and kicking. Been a couple weeks since the last posting but have been hard at work putting together another platform iteration of WorkPapers software. So far, I have created the audit working papers management software solution in Cocoa and RealBasic, so this time around thought I would try one more iteration [...]

Share on Facebook

Over the past couple of days I have concluded that enough (bad) breath has been spent ranting about how system and security auditors really are missing the mark. However, one cannot reasonably just point a finger in one direction – it takes two to tango, so it is now time to point out what CIOs and administrators of secure environments should start to consider in order to prevent incidents. And along the way add a rant or two about how the average CIO is (too) an administrative paper-pushing, policy guru that does not really have real systems administration experience – most come from a consulting background and have not had to own a system for more than a year.

Share on Facebook

Actually, SANS has been in the dialog, but they put out an article that reinforces the issue of how IT and Infosec auditors – and many consultants alike – are not delivering the proper value to the market. I wrote this article last year that ranted on the issue, and many responded through email and comments to show support of the view. This was an issue that I noticed about five years ago as ISC2, ISACA, and other organizations really focused on increasing membership

Share on Facebook

Yes, I know… ‘Another Network World article’, you say. Yes, because lately they have been hitting trends fairly accurately…. read on!
This article outlines a Sophos survey of businesses that ranks Facebook as the biggest threat simply (at 60% surveyed) because it has become the biggest social network, followed by MySpace

Share on Facebook

I’ve tackled this subject a couple of times in recent posts in a cursory manner, but feel that it is probably time to elaborate on the subject. An IT auditor’s challenge out in the field is not getting any less complex. Systems are evolving to become seamless, integrated cloud services to the end-user, while the internals of such systems are integrated in a complex computing architecture. The risks associated with this complexity are amplified when the professionals that are checking the integrity of these systems do not understand the technology, have no practical administration or configuration experience, and do not have the necessary knowledge to understand how these systems interact.

Share on Facebook

It’s no secret that I have been focusing on wireless security issues over the past two years, and I have been very vocal about how ‘wireless’ is not limited to wireless LAN. We are approaching a turning point where securing organizations will require even more emphasis on ID management and access control to establish accountability [...]

Share on Facebook

Sincerest apologies for the recent lag in postings…. No! I haven’t given up on the security metrics movement. In starting with Deloitte recently have had to prioritize time a bit differently. Also, have been spending a lot of leisure time working on photography and hiking projects. Check out http://kirt.cathey.us.com for more information. Anyway, stay tuned [...]

Share on Facebook