In my last 2 posts, here and here, I described how 2 security teams not only failed to review access to a major security app for 2 years but then made administrative-level security access changes on the fly with no ticket required.
Then I described how the IT Audit Manager in our company was NOT concerned about what happened. Here’s what happened next.
ITauditSecurity 