A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:


Trash Talkin - IT Audit Guide to Dumpster Diving - John Liestman Louisville InfoSec 2014 (Hacking Illustrated Series InfoSec Tutorial Videos)

Trash Talkin - IT Audit Guide to Dumpster Diving
John Liestman
Louisville InfoSec 2014

One of the easiest and best value exercises in IT audit or security you can do is – the “Dumpster Dive”. Your company may be throwing out customer information or strategic secrets, mixed in with cheeseburger wrappers and old magazines in your regular, un-shredded trash. What if bad guys find it or, worse maybe, what if the media finds it? Improperly disposed documents cause significant data losses each year, yet we spend almost nothing testing these controls, especially compared with how much we spend preventing hackers. Learn the specific tips and tricks for performing value-added confirmation of your privacy controls through refuse research, while not getting attacked by varmints. Tips range from how to salt the trash, doing the ladder bump, timing the dive, building your team, keeping the process sanitary, and reporting the results to management with all the right caveats. A field exercise may be organized if sufficient interest is exhibited. John Liestman is the IT Audit Manager for Woodforest National Bank. Woodforest is a $3.7 billion bank based in The Woodlands, Texas, with 784 branches in 17 states. Woodforest is Walmart’s largest retail partner. After a 25 year career with Exxon in micropaleontology and computing, John joined the Bank 9 years ago as their first IT Auditor, where he enjoys expanding the boundaries of IT Audit, from implementing a password cracking audit process to creating the bank’s dumpster diving program to ensure proper destruction of sensitive information. He has presented frequently to groups such as the Houston ISACA chapter and bank auditing seminars on such topics as risk assessment, application auditing frameworks, and integrated auditing and firmly believes in using integrated risk-based audits, creating audit programs from scratch, and delivering value to auditees.. What little time is left after work and raising his 10-year old twins, John spends playing and teaching Irish traditional music on the uilleann pipes and various stringed instruments through such venues as the Houston School of Irish Music and the prestigious O’Flaherty Irish Music retreat.

Back to Louisville InfoSec 2013 video list

Printable version of this article

15 most recent posts on Irongeek.com:

If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast