Archive for June, 2007

Birthday Rememberance

Posted in Taz on June 26, 2007 by tazspaz

This week we celebrate a special birthday. Monica Lewinsky turned 31.  Can you believe it?It seems like only yesterday she was crawling around the White House on her hands and knees, and putting everything in her mouth.

They grow up so fast, don’t they?

 (Hmmm, thought that was in July?)


IT Training, Embrassing Moments…

Posted in Taz on June 19, 2007 by tazspaz

So today I was giving a training class, decided to use my laptop and hook the projector up … … …

So how do you react when your personal blog comes up and the first thing anyone sees is the last post I had up (the one below this)?  Especially when the entire group erupts in laughter?

Just casually wait until the end, then ask if anyone has seen your sippy cup recently!

Hmm…was my sippy cup replaced?

Posted in Taz on June 17, 2007 by tazspaz

Might answer a lot of questions, lmao….

Posted in Taz on June 17, 2007 by tazspaz

To all Dads out there today!

This is the Hallmark MC Hammer Card! I really liked it and thought it should be shared far and wide.

Happy Father’s Day to all Dads out there!

IT Auditing tips

Posted in Taz, Technical on June 8, 2007 by tazspaz

Wow!  Well okay then, it seems my last post has sparked some interest.  Next to my Motorola Q post it has seen a lot of activity.  From friends in the industry the main question is “how do we even go about preparing for an audit?” usually followed by a statement such as “it always seems we are running around not sure what is going to happen next in an audit” and other such questions and comments.

Here, let’s point you in a starting direction, Microsoft has created a basic document located here that you might be interested to add to your reading list.

Again, there are many resources out there, based on the audit you might be facing, that can help you.  I highly suggest that you employ a firm (have I mentioned I’m available for contract?) in at least double checking your findings before the actual audit.  Ensure that you have written policies in place that your organization will follow, and reprimands for those that do not follow due process.  For what is a policy without a consequence for breaking it?  Make sure that everything is clearly outlined for those that need be involved.  Right on down to the employee release forms.

Hopefully this will help those of you who are new to the process of an audit get a better understanding of some things to look at for the future.  Again, being in Information Technology myself, this is from an IT perspective.


Posted in Taz, Technical on June 5, 2007 by tazspaz

Huh, what?

NASD – National Association of Securities Dealers

Recently I was asked about audit requirements of the NASD and if I’d had any experience with writing corporate governance policies as they regard to NASD.  I specifically stated that I did not, however with SEC, SOX, GLB, PCI, HIPAA, COBIT, and DoD auditing experience I told them that I could definitely step up to the challenge.  In the process of my reading it came to my attention that many firms are offering various guidance for these services in helping companies figure out what they mean.

 Sorry, I’ve broken my train of thought.  Went to answer the door and the neighbor had brought over dinner.  Heh…being single is nice sometimes!

Anyhow, on with the saga of audits!

So as you can see, there are many acronyms out there and many many more I did not list.  However, in my experience if you understand the basics of why these different things were put into place everything else simply falls into line for your audit.  Here are some top 8 points to get you started:

1.  Ensure your passwords are “strong” passwords.

2.  Storing passwords need to be encrypted, password protected and access/modifications to the file tracked in some manner.
3.  Identify any and all IT equipment used to store/or that may contain SSN, account numbers, credit card numbers or other “covered” data. Ensure they are encrypt files/databases with access/modification tracking.
Note:  This includes CDs, DVDs, tapes, memory sticks, handheld devices and any other transportable media that may contain data covered by the specific audit you are going through.  Delete the data, destroy the media or secure the media in a locked location.

4. Review all servers to which you have access for covered data. Delete or encrypt any files with covered data.

5.  Ensure that Antivirus software is installed and up to date.

6.  Ensure systems have latest security patches.

7.  Lock up any paper documents with covered data. If they are no longer needed, destroy them in an approved manner (for instance, hire a document management company to shred CDs, Disks, and paper).

8.  Last, however by far least, document, Document, DOCUMENT EVERYTHING!  How does your network communicate, what happens with traffic (such as customer data on the network, credit card data, financial data, account data, health records, etc etc…), who has what access, DR planning, SIR planning for breached data, and so on and so on.

Then I encourage you to look up specifics.  Please keep in mind I am approaching this from an IT perspective an none other at this moment in time.  There are plenty of resources on the web for you to lookup.

heh.  :p  I’m always available on a contract basis to help you more in depth …

Note:  This is an as is document with no warranty implied or otherwise.  It by no means is meant to specifically state what will help you complete a specific audit.  As stated either contact a consultant or experienced IT audit firm for more specific help in preparing your organization for compliance with these laws/acts/guidelines.

Best Mugs!

Posted in Taz on June 4, 2007 by tazspaz

Well, next to anyhow.

 I need the “You Are Dumb” mug.  :p