SANS – Webcast coming June 1st

Coming June 01, 2012…

SEC575 Webcast Series:  A Taste of SANS Security 575 – Invasion of the Mobile Phone Snatchers.

From the SANS website:

“SANS is pleased to bring you an all new course designed specifically for helping organizations securely deploy, manage and test the security of mobile devices.   In this first installment of our Taste of SANS Security 575 series, course author Joshua Wright and SANS penetration testing track lead Ed Skoudis bring you Invasion of the Mobile Phone Snatchers. “

Direct URL: https://www.sans.org/webcasts/sec575-webcast-series-session-1-taste-security-575-invasion-mobile-phone-snatc-95264

eWorkshop event: Tips to Pass the CIA Exam from The IIA

Two-part eWorkshop: Powerful Tips to Pass the Certified Internal Auditor (CIA) Exam

May 30 and June 20, 2012
12:00 – 2:00 p.m. ET

For more information or to register:

https://na.theiia.org/training/eLearning/Pages/eWorkshop-Powerful-Tips-to-Pass-the-CIA-Exam.aspx

EU Cookie Law

Enforcement of the EU Cookie Law/Directive began on May 25, 2012. 

Guidance on the rules of the use of cookies, and similar technologies from the Information Commissioner’s Office (ICO) can be found by clicking here.   The guidance explains the proper usage of cookies for website operators.

Question of the day: What impact will this directive have on the ability of companies to capture data analytics for consumer purchases and behavior?

Current Headlines:
ICO (UK) Gives Amazon, Cabinet Office and Facebook Warning over Cookie Law.

References:

• http://www.nytimes.com/2012/02/19/magazine/shopping-habits.html?pagewanted=all
• http://www.computing.co.uk/ctg/news/2179992/eu-cookie-implementation-deadline
• http://www.computing.co.uk/ctg/news/2073432/eu-cookie-law-set-force
• http://www.ico.gov.uk/news/blog/2012/updated-ico-advice-guidance-e-privacy-directive-eu-cookie-law.aspx

Laptop Data Protection

ISACA Presents: Striking the Right Balance for Laptop Data Protection (Webinar)

ISACA Members Earn Free CPE
Date:  Thursday, 24 May 2012
Time:  12PM (EDT) / 11:00AM (CDT) / 9:00AM (PDT)  16:00 (UTC)

More information at: http://www.isaca.org/Education/Online-Learning/Pages/Striking-the-Right-Balance-for-Laptop-Data-Protection.aspx?utm_medium=email&utm_source=informz-16-may-2012-at-a-glance&utm_campaign=at-a-glance&utm_content=webinar-Enforcing-Laptop-Security

 

Board Meeting: new standard for Lease Accounting

When:  FASB/IASB Board Meeting, 8:00 a.m. EDT on Thursday, May 24, 2012.

For project updates and background information:

http://www.fasb.org/cs/ContentServer?site=FASB&c=FASBContent_C&pagename=FASB%2FFASBContent_C%2FProjectUpdatePage&cid=900000011123

Live Webcast: http://www.accountingfoundation.org/cs/ContentServer?site=Foundation&c=Page&pagename=Foundation%2FPage%2FFAFSectionPage&cid=1176157934001

Transcript – BlogTalkRadio Show – Using DumpSec

February 4, 2012  BlogTalk Radio Show Transcript

To listen:  http://www.blogtalkradio.com/vashtihorvat/2012/02/04/using-dumpsec
Good Morning and Good Afternoon.  This is Vashti Horvat and I want to welcome you to today’s Technology show on “Using DumpSec.”

The call-in number for today’s show is:  1-323-784-9715.

Today I will share with you a few tips on how and when to use
DumpSec.

DumpSec (spelled D-u-m-p-S-e-c) is a security auditing tool for Microsoft Windows® NT/XP/2000 series (such as 2003, 2005, 2007).  This tool is used by IT professionals and IT Auditors.

Basically, the tool dumps the permissions (a.k.a DACL) and audit settings (a.k.a. SACL) for the file system, registry, printers and shares in a concise, readable format, so that holes in system security are readily apparent.

DumpSec also captures user, group, and replication information.  The advantages of using DumpSec include receiving a current, full (or 100%) population that represents a point-in-time.  And, the tool is FREE!

As an auditor, I frequently request a DumpSec report from the company’s IT team, to provide Data for analysis.  Specifically, I focus on data related to user account parameters for all account types (human and non-human).

Analysis includes understanding the following:
# 1 – Which accounts have been enabled or disabled.  As soon as you identify accounts that are disabled, they should be removed or hidden from your population.  No further analysis is necessary.

# 2 – Which accounts have passwords that do not expire.  Based on the IT Security Policy, user account passwords should be set to expire every 60 to 90 days.  If you identify accounts with passwords that do not expire, consult with your IT contact to verify that each and every account is a non-human (system account).

#3 – The tool allows you to quickly identify duplicate accounts by user, guest accounts, and student accounts.

There are many more uses for this tool.  Would you like to learn more?  Then go to url http://www.systemtools.com/somarsoft

Note:  I am not a spokesperson or representative of Microsoft, and this radio segment is intended to educate IT and IT Audit professionals on a tool that I have found very useful.

Well that’s all for today and I would like to thank you for your time.

Please tune-in next week for my topic on Skillset of an Auditor – Staying Current in a Changing World

Until next time – Goodbye.

Blog Talk Radio – Scheduled Broadcasts for Mar 2012

03/18/2012 – What is your Risk AssessmentMethodology for IT?

For more details:   http://www.blogtalkradio.com/vashtihorvat