Tag: internal audit

  • Debugging security

    There is an interesting analogy between between debugging software and debugging the security of your systems. As Brian W. Kernighan and Rob Pike wrote in “The Practice of Programming” As personal choice, we tend not to use debuggers beyond getting a stack trace or the value of a variable or two. One reason is that it is […]

  • 10 guidelines for a security audit

    What exactly is the role of an information security auditor?  In some cases, such as compliance  by Level 1 and 2 merchants with PCI DSS 2.0,  external audit is a condition to PCI DSS 2.0 compliance.   In the case of ISO 27001, the audit process is a key to achieving ISO 27001 certification (unlike […]

  • Getting managers out of denial

    Maybe you have a manager in denial? I know the feeling -the absence of effective risk controls for data security often start with denial of vulnerabilities. Here is a true story: …I’m not concerned about data theft. We’ve outsourced our entire IT operation to a big bank’s data center and they’re up to speed on […]