IT Security Audit Resource Group

IT Security Audit Resource Group

About the IT Security Audit Resource Group Group

The IT Security Audit group provides an open forum for Audit and Security professionals to interface in addition to providing a single common location for SANS Audit alums... more »
The IT Security Audit group provides an open forum for Audit and Security professionals to interface in addition to providing a single common location for SANS Audit alums to share information and resources. « less

Have something to say?

Join LinkedIn for free to participate in the conversation. When you join, you can comment and post your own discussions.

Join LinkedIn

Most Popular Discussions

Erich B.

Erich

When auditing a business for compliance, is it best to do it while the users are working or after hours? And why?

posted 1 month ago

Rashawd S. 1 month ago • Edit While they are working. Also I would ask people OTHER than the person they put in front of you to interview. You can observe daily ops and ... »
See all 3 comments »
C. David S. Stephan L. Rashawd S.
Marc V.

Marc

COBIT5 standard launch date announced

ISACA has just announced the official global launch date for COBIT5 standard: Tuesday 10/04/2012. COBIT5 contains many updates on IT ...

COBIT 5 is the only business framework for the governance and management of enterprise IT. This evolutionary version incorporates the latest thinking in enterprise governance and management techniques and provides globally...

posted 2 months ago

Stephan L. 1 month ago • Edit Stephan likes this. »
See more »
Jacqueline W.

Jacqueline

Where can I find configuration standard/hardening guide documentation for UNIX systems?

I am trying to find documentation of industry standards/benchmarks for configuring and hardening UNIX systems. Doe such documentation ...

posted 2 months ago

David H. 1 month ago • Edit Have you looked at any of the DISA or DIACAP materials? They're pretty thorough. SANS also has a couple of hardening guides depending on the ... »
See more »
David H.
Abigail L.

Abigail

Sexual abuse of children as defined by international law is a challenge many humanitarian organizations unfortunately face in war- and...

Understandably, the topic is perceived highly sensitive - nevertheless it is important to enhance the understanding of risks children ...

Box. Simple, secure sharing from anywhere

posted 1 month ago

David H. 1 month ago • Edit I'm honestly puzzled as to whether or not this is a marketing piece or not. What, exactly, is the fit with IT Auditing, especially since the ... »
See more »
David H.
Jay T.

Jay

“GooDork is for the few people who enjoy being creative about hacking/information gathering!” Some of you may have heard about Google Dorking/Hacking and even fewer have heard about GooDork.py a new designed to super charge...

posted 2 months ago

Amanda B. 2 months ago • Edit Amanda likes this. »
See more »
David H.

David

Hacking Windows account credentials fast and easy

I've been talking about this in classes for years and decided to finally post an example: How to hack Windows account credentials using ...

Of course, your email address and your username are quite likely one and the same. What good is your username if I don't have your password? Well, there's not much that can be done with a single username in terms of hacking....

posted 8 months ago

KM L. 2 months ago • Edit KM likes this. »
See more »
Jay T.

Jay

Acunetix WVS or Web Vulnerability Scanner is a pentesting tool for Windows users so that they may be able to check for SQL Injection, Cross Site Scripting (XSS), CRLF injection, Code execution, Directory Traversal, File...

posted 2 months ago

Matthew L. 2 months ago • Edit Matthew likes this. »
See more »
David H.

David

Finding Inactive Accounts/Computers: http://auditcasts.com/screencasts/24-extracting-last-logon-times-from-active-directory-using-powershell

# 24 : Extracting Last Logon Times from Active Directory using Powershell A common question in an audit of information resources is whether or not accounts for users are being properly managed. One aspect of that is determining...

posted 2 months ago

Andres S. 2 months ago • Edit Love these David. Keep them coming. Thanks »
See more »
Andres S.
Herbert G.

Herbert

What do you think of this article regarding our "Trusted" Certificate Authority??" If we can't trust our Certificate Authority...

How should we police our Certificate Authorities that now hold the "keys to the Kingdom"??
What good is encryption if our certificate ...

Certificate authority Trustwave issued a CA certificate to a company allowing it to issue certificates for any server, thereby enabling it to listen in on encrypted data sent and received by its...

posted 3 months ago

Gustavo P. 3 months ago • Edit Gustavo likes this. »
See more »
William T.
Saurabh J.

Saurabh

IT risk in media and entertainment industry

In entertainment industry , IT is seen as a support function and the risks associated with them are often ignored.
Having said that ...

posted 3 months ago

Prashant M. 3 months ago • Edit Prashant likes this. »
See more »
Gabriel D.

Gabriel

Audit and policy compliance of MSSQL Databases

I am wondering what everyone's thoughts are on a good MSSQL audit and policy compliance tool.
A barrier I am running into is the lack of ...

posted 8 months ago

Aidan S. 3 months ago • Edit Not sure if it's entirely relevant but my company offer a SQL Server Change Auditing tool... it will certainly show you the "who, what, where ... »
See all 3 comments »
Darren A. Gabriel D. Aidan S.
Jacqueline W.

Jacqueline

Active Directory Group Policy Question

Should the audit policies (Audit Account Logon Events, Audit Account Management, Audit Directory Service Access, Audit Logon Events, ...

posted 6 months ago

David H. 6 months ago • Edit Hey Jacqueline - Did I send those two replies to you directly? I thought I posted them here on the thread but I don't see them. »
See more »
David P. David H.
David H.

David

IBM Mainframe Auditor needed

Anyone here have experience auditing IBM Mainframes? TSO and.. I forget which other OS.. are the targets

posted 7 months ago

Stu H. 6 months ago • Edit David, I do mainframe security audits. Let me know if I can help. Best regards, Stu »
See more »
Kaïs B. Stu H.
David H.

David

Newest Auditcast: http://bit.ly/kQzK7n - Windows 7 God Mode & Local Denial of Service on Server 2008

posted 9 months ago

David H. 8 months ago • Edit David likes this. »
See more »
Johnathan V.
David H.

David

Auditors & Scripting

Anyone who's sat through any of my classes (especially my audit classes) in the last four or five years knows that I believe that ...

posted 10 months ago

David H. 9 months ago • Edit I've posted a new Auditcasts episode that demonstrates how to use Powershell to assist in the process of checking for valid users within a ... »
See all 4 comments »
Dmytro P. Harry N. David H.

About this Group

  • Created: June 22, 2011
  • Type: Professional Group
  • Members: 589
Ad

Group Statistics

CHECK OUT INSIGHTFUL STATISTICS ON THIS GROUP

  1. Director
  2. Manager
  3. Entry
MEMBERS
3,759
View Group Statistics »