2011 ALGA Annual Conference Handouts! Kenneth J. Mory CPA, CIA, CISA City Auditor - City of Austin List AuditNet Audits KennethJ.MoryCIA,CPA,CISA CityAuditorCityofAustin
List ISACA Audits SocialEngineering Hacker Cracker Spoofing Botnet Zombie KillDisk SnowFlakeTheory CloudComputing CrosssiteScriptingVulnerability DOS(DenialofService)Attack Dictionary
ShadowSystem Malwaremalicioussoftware) RogueSoftware Scareware ZeroDayAttack PacketSniffer KeyboardCapture JudasThreat MIM(meninthemiddle)Attack STANDARDS Script Babies are inexperienced hackers who find the scripts on the internet and using those to hack in the system. IIAGlobalTechnologyAuditGuides(GTAG) ISO/IEC27001 ISO/IEC17799 CapabilityMaturityModelIntegration(CMMI) ControlObjectivesforInformationandrelatedTechnology(COBIT) FederalInformationSystemControlsAuditManual(FISCAM) SANSInstitute TheNationalInstituteofStandardsandTechnology(NIST) InformationSystemAuditandControlAssociation(ISACA)
InformationTechnologyInfrastructureLibrary(ITIL) THE TOP 500 WORST PASSWORDS OF ALL TIMES November 30th, 2008 by admin in News, Password Info THISHANDOUTINCLUDESOFFENSIVEWORDSthatwereleftonthislistasreportedto giveyouanaccuratelistingofwhatpeopleareactuallyusingaspasswordssoyoucan betterusetheinformationtoimprovethesecurityofyourentity.ifyoufeelthatyouwill beoffendedpleasestopreadingthishandoutnow. Ifyouseeyourpasswordonthislist,pleasechangeitimmediately. Everypasswordlistedherehasbeenusedbyhundredsifnot thousandsofotherpeople. ncc1701- thx1138 qazwsx 666666 7777777 ou812 8675309 Approximatelyoneoutofeveryninepeopleusesatleastonepasswordon thelistshownintable9.1!andoneoutofevery50peopleusesoneofthe top20worstpasswords... top500
Cain&Abel SystemRecovery JohntheRipper ProactivePasswordAuditor ProactiveSystemPasswordRecovery pwdump3 PASSWORD CRACKING SOFTWARE Cain&Abel chknull ElcomsoftDistributedPasswordRecovery ElcomsoftSystemRecovery JohntheRipper ophcrack Pandora ProactivePasswordAuditor ProactiveSystemPasswordRecovery pwdump3 RainbowCrack eblaster SpectorPro Keylogger KeyGhost DictionaryAttackSoftware BlackKnightList
REQUEST FOR CHANGE DOCUMENT SEGREGATION OF DUTIES CONTROL MATRIX
LIST OF TECHNICAL EXPOSURES
TOOLS TO ASSESS IT SECURITY VULNERABILITY Superscan Essentialnettoolis a set of network scanning, security, and administrator tools useful in diagnosing networks and monitoring the computer's network connections. NetScanToolPro Cain&Abel GFILanguard Nessus QualysGuard WebInspect Metasploit NetStumbler AirSnort FlukeWiFiAnalyzer
BASELINE SECURITY EVALUATION CHECKLIST WildPacketsOmni ElcomsoftWirelessSecurityAuditor Aircrack Kismet KisMAC
REVIEW OF BUSINESS CONTINUITY PROCESS IT Risk Framework ITGovernance Mission ITandBusinessAlignment PortfolioManagement ITRiskManagement Policy ITStrategy&Planning ITPlanning StrategicSourcing ITOrganization HumanResources AssetManagement ITProcesses PerformanceMeasuresandControls C u s t o m e r Technology ProjectManagement Change& Configuration Management ChangeManagement (Applications,Databases& Infrastructure) DataIntegrity EnterpriseSecurity DataCenter Operations DataSWRetention/Backup Cover User&Vendor Support V e n d o r DisasterRecovery&BusinessContinuity BusinessImpactAssessment Planning Communications/CrisisManagementPlans DisasterRecovery OngoingMaintenance/Updates Testing 2010 Western Regional Conference Infrastructure&Tools September 19-22, 2010 / Anaheim, CA, USA OperatingSystems DatabaseStructures Networks Hardware Locations Tools(Email,EDI,Messaging,etc.)