Audit Management Sometimes Sucks

When internal auditors (or those pretending to be such) do poor work and don’t follow the appropriate audit and IT standards, they are unprofessional. However, I put the blame at the feed of audit management.

Continue reading →

Careers After IT Auditing

Recently, a reader named Porak asked me what careers IT auditors can move to when they leave auditing (see the original question here).

I couldn’t find much on the Internet on this topic, but there’s a lot of options.

I’ve actually worked in quite a few of the areas mentioned below…

Continue reading →

Data Center Failure: Conclusion

In previous posts, I described how I gained access to the data center area and then the data center proper.

I had bypassed door #1 and door #2.

My new colleagues were not happy.

Continue reading →

Biggest Problem in Computer Security

What’s the biggest problem in computer security, according to valsmith at carnal0wnage.attackresearch.com? Well, it’s…

Staffing.

As the author admits, the post leans toward self-promotion of the company, but it makes many good points and deserves a read and a good pondering.

Continue reading →

Creating a Culture of Security

I read a blog post that quoted a security professional saying,  ‘culture is defined as the beliefs we accept without question.’ The blogger, also a security professional, went on to say that his goal is to generate a new security culture, a security culture that “everyone accepts and makes a natural part of their activities.”

That definitely got me going, so I left a comment that explained why I disagreed with that statement.

Continue reading →

More on Hating Auditors

Previously I’ve discussed why auditors are hated and how auditors can be lovable. But when I saw a Q & A in the ISACA journal about hating auditors, I had to dive in again.  Here’s the gist of the article, with my comments in italics. Although there’s some similarity to the posts I’ve mentioned above, they take a slightly different tack through the audit seas.

Auditors that do the following are “hated”…

Continue reading →

Conclusion: Audit Server Disappeared

In Case File: Audit Server Disappeared, I noted that a friend of mine learned that  IT had, on its own prerogative, wiped a server belonging to Internal Audit because “it never appeared to be used.”

Some of you already commented on some of the issues involved in this incident and the normal IT activities that should have prevented this incident (or at least alerted IT that something was wrong). Let’s review those comments and I’ll add some other details and comments.

Continue reading →