As an IT professional, security is one of my primary responsibilities. Is it any surprise that there's a whole category of posts related to the subject?
Is authority and access to use advanced operating system utilities and commands that bypass system access controls monitored, logged, reviewed and restricted to those individuals or accounts that require access to perform the respective job function(s)? Welcome to the second post in my series on…
Continue reading...Are all required approvals documented for each access request or modification to a user's or account's access privileges? Summary Essentially what this requirement is asking for is a record of every addition or modification to an individual (or group's) access to a system or data…
Continue reading...This post is the introduction of a series I'm working on. I'm taking a list of security compliance questions that a client or an auditor might present to a company and expanding on what it means, how important it is, how one would introduce controls…
Continue reading...I get one help desk request more than almost any other: Spam and phishing email reports. At my current gig I probably get three or four a week. This is way less than my previous job where there'd probably more than that in a day. There's…
Continue reading...Here's the directions I give to my coworkers when they're hacked. I know it's not terribly original. It's been cobbled together from a variety of sources (as well as some hard lessions discovering malfeasance after the fact). For sure there's lots of these guides on…
Continue reading...