On March 26 I received a reply from the ISACA media relations department, informing me that they will be making some changes to future surveys. Changes will include a few of the aspects addressed by my blog post, including the use of SSL and additional information in the body of the survey.
Their response is highly appreciated of course, and I look forward to future surveys from ISACA. Thanks Deb!
Wednesday, March 24, 2010
Per, the owner of this blog has fled the country for a few days, so I am seizing the opportunity to not have my little musings drowned in his figurative firehose of blog posts.
About six months ago, I reinstalled one of my Gentoo Linux servers and I left the SSH port open to the world. I did this deliberately, as I tend to access my servers from many different sites, not always knowing in advance what my source address will be. Usually, I'll install logrotate and a few other packages to keep things tidy, but for some reason this was neglected.
The other day, while doing some routine maintenance on the server, I discovered that the system log file /var/log/messages had grown to a whopping 12GB. What on earth was going on here?
Sunday, March 21, 2010
Do you have many passwords? How many of them are you able to remember? Do you have the same password across different systems and services? Do you use the same password at work as you do at home - and on Facebook? Write them down - and security will be improved.
Thursday, March 18, 2010
Wednesday, March 10, 2010
Tuesday, March 09, 2010
ASIS is definitely not a small organization in the global security landscape. As a member, I receive lots of useful information through my membership, and I'm studying for their CPP certification. And now they want to conduct a small survey. Right.
Tuesday, March 02, 2010
I'm disappointed. As a member of ISACA, I do expect them to be a role model for their members, in terms of security. "Do as we say, not as we do" a colleague once told me, before leaving the organisation we both worked for once upon a time. For years I have told family, friends, colleagues and others to follow some simple pieces of advice for securing their online activity. One advice is to always ensure that a website uses https (ssl) before you log in or answer questions that might do damage to you or others in any way. I expect ISACA to do the same thing.