After a long delay we’re finally back on the air! I’ve been running all over the country for the last month or so teaching classes left and right. In the end, this has turned out to be a great thing, especially for the future of the blog. Some of the best news is that I’ve finally finished the revised PCI Self Assessment/QSA tools for evaluating technical controls, particularly the firewall analysis tool! We’re also resuming our one checklist per week plan and will complete the Web Application Checklist “How To” in the next few articles this week and next.
In other news, the DAD (Distributed Aggregation for Data analysis) Log Management and Aggregation SIM tool has been undergoing significant revisions over the past few weeks. We expect to release a VMWare based server within the next few weeks. We have a few kinks to work out in the alerting/reporting system. Some of our queries seem to have gotten twisted around somehow.
Lastly, next Monday we’ll be posting an outline for an Introduction to IT Audit course that we’re looking for feedback on. Any and all feedback you have would be appreciated! Our goal is to provide the security/audit foundations necessary for someone new to the audit field. We feel confident that the technology basics are covered under the umbrella of the SANS Security Essentials course and ISC(2)’s CISSP certification. We’re trying to close the gap for brand new auditors who are trying to figure out how to get started. We already give them a firehose source of technical How To with the Advanced System and Network Auditing course through SANS, which will also be undergoing revision over the next two months.
Thanks for your patience with us!