Tim Maloney

IT Governance, Risk Management & Assurance Professional

I write about Information Technology Management, IT Audit, Productivity, and other topics that I find interesting.

More About Me

I write about Information Technology Management, IT Audit, Productivity, and other topics that I find interesting.



Previous Next

Briefing #1 - Understanding Passwords


This week, I thought it would be interesting to share some content around one of the most relatable topics in information security: the password.

Password Hashing

First, a great video from Tom Scott explaining password hashing any why it works (well enough) to protect your security (LINK):

Are Complex Passwords More Secure?

Next, Wired had a great article discussing how it ‘Turns Out Your Complex Passwords Aren’t That Much Safer.’ (LINK)  The author brings up a number of excellent points about how companies are focused on how so much of the focus has been on end users creating strong passwords while system designers and administrators then store those same passwords in a way that ultimately makes them easy to compromise.  This is an article every system administrator should read.

Managing Passwords

Finally, Tony Bradley at PC World had a article (LINK) advocating that we should all use a tool to help us remember and use passwords securely.  I personally rely on a password manager (using two factor authentication) to keep track of the unique, complex passwords I’ve created for every site.  For added security, I also use two factor authentication on the site if it is available as well.

So what do you think about passwords?  Are their days numbered or will we still be dealing with them for years to come?

Protiviti Thought Leadership Roundup - August 25, 2014

Welcome to the first edition of my Thought Leadership Roundup.  As I noted earlier, this post will occur on Monday’s and capture recent thought leadership publications of interest as well as highlight relevant upcoming webinars.  I encourage you to click on the titles to view more information:

Link: The Protiviti View on IT Audit Coverage

Information technology is pervasive to today’s businesses.  Protiviti’s recent IT Audit Benchmark found that IT Audit coverage is lacking at many organizations because a comprehensive IT Audit risk assessment is not being completed or not comprehensive enough to understand IT risks.

Link: Internal Auditing Around the World: 10th anniversary edition

To celebrate the tenth anniversary of Internal Auditing Around the World, we asked internal audit executives from some of the world’s leading organizations to look back on the evolution of their function during the past decade, in addition to weighing in on what the future may hold for the internal audit profession.

At their core, these engaging accounts of internal audit’s evolution tend to cover a number of major transitions: from the shadows of Sarbanes-Oxley compliance to the frontiers of enterprise risk management (ERM), from tactical practitioners to strategic business partners, from internal controls and financial audits to risk management and governance, and from assurance-only to assurance and advisory.

Today’s leading internal audit functions are moving beyond relevance to the type of strategic leadership that brings about and sustains impactful improvements. The future auditor will conduct even greater levels of collaboration, wield more powerful technology, and assume an even sharper risk focus while taking on a greater leadership role, as well.

Link: Cybersecurity at the board level: Is your intellectual property and sensitive information leakproof?

Many companies have implemented mechanisms to prevent employees from sharing intellectual property outside of the organization, but these same organizations use insecure email and other tools to share information with it’s board of directors.  This article on The Protiviti View blog provides a perspective into how organizations can respond to these challenges.

Programming Note

A quick programming note.  Starting next week, I’m going to be changing how I post to this site.  I’ll still be posting my ‘Quote of the Week’ every Sunday, but I will now be creating two aggregated posts per week.  On Monday’s, I’ll be sharing thought leadership and webinar information from Protiviti that are relevant to Information Technology, Risk Management, and Internal Audit.  On Wednesday’s, I’ll post a collection of articles and my own thoughts around a central topic that I feel is relevant to today’s business environment.  
I’m also going to be changing how and what I post to Twitter.  You’ll still see posts linking back to this site for the updates I post here, but you’ll also start to see more tweets about things I’m doing and other content that I’m not likely to share in my weekly posts on this site.
Thanks again to all of you who stay connected with me through this site and other social media as well as to Mike Petrucci whose weekly “Dispatch” inspired this change.

Protiviti Board Perspectives: Strengthening Your Risk Culture

Risk management is only as strong as the culture that supports it. The latest edition of Protiviti’s Board Perspectives: Risk Oversight series explores how the board of directors can evaluate their organization’s risk culture.  Below is a summary of the whitepaper:

Risk culture is the glue that binds all elements of risk management infrastructure together because it reflects the shared values, goals, practices and reinforcement mechanisms that embed risk into an organization’s decision-making processes and risk management into its operations. In effect, it is a look into the soul of an organization to ascertain whether risk/reward tradeoffs really matter.

Issue 57 of Board Perspectives: Risk Oversight offers a definition of risk culture, discusses what to look for when assessing the current state of risk culture and recommends what to do when transitioning to the desired risk culture. Based on research Protiviti has done with outside organizations, it provides insights relevant to any industry or organization.

Read the whole piece at: http://bit.ly/1r2MAA5

Protiviti Webinar - Managing Security in a New Era of Retail


As recent events show, retailers are increasingly becoming the focus of cyberattacks and retailers are scrambling to address the risks that this poses to their organizations.  Join Protiviti this Friday for a complementary webinar discussing as we explore:

  • The current security issues facing retailers
  • The newest breach methods
  • How to tell if you have already been breached
  • Effective practices for keeping your system and data secure

Date: Friday, February 21
Time: 2PM EST, 1PM CT, 11AM PST
Duration: 1 hour


  • Rocco Grillo, CISSP
  • Scott Laliberte
  • Jeffrey Sanchez

It’s Not Too Late - Register today for Protiviti’s Business Continuity Management in 2014 Webinar

It’s not to late to register for next week’s Protiviti Webinar on Business Continuity Management in 2014.  Register today to get a view of current trends, regulatory changes, and new business considerations for your business continuity program.

Date:Thurs., February 20
Time: 2PM EST / 1PM CST / 11AM PST
Duration: 60 minutes


  • Jeffrey Weber - Managing Director, Protiviti
  • Michael Porier - Managing Director, Protiviti
  • Jonathan Bronson - Managing Director, Protiviti

Register for the Webinar today.

Back to Top


Previous Next
Back to Top

Ask me anything

Previous Next
Back to Top

Vanity by Pixel Union