Tag Archives: management

Audit Management Sometimes Sucks

see no evilWhen internal auditors (or those pretending to be such) do poor work and don’t follow the appropriate audit and IT standards, they are unprofessional. However, I put the blame at the feed of audit management.

Continue reading

2 Comments

Filed under Audit, Employment

Careers After IT Auditing

life-after-it-auditRecently, a reader named Porak asked me what careers IT auditors can move to when they leave auditing (see the original question here).

I couldn’t find much on the Internet on this topic, but there’s a lot of options.

I’ve actually worked in quite a few of the areas mentioned below…

Continue reading

8 Comments

Filed under Audit, Employment, How to..., Technology

Data Center Failure: Conclusion

conclusion: sad faces

In previous posts, I described how I gained access to the data center area and then the data center proper.

I had bypassed door #1 and door #2.

My new colleagues were not happy.

Continue reading

Leave a comment

Filed under Case Files, Security, Security Scout

Biggest Problem in Computer Security

What’s the biggest problem in computer security, according to valsmith at carnal0wnage.attackresearch.com? Well, it’s…

Staffing.

As the author admits, the post leans toward self-promotion of the company, but it makes many good points and deserves a read and a good pondering.

Continue reading

Leave a comment

Filed under Audit, Security

More on Hating Auditors

Previously I’ve discussed why auditors are hated and how auditors can be lovable. But when I saw a Q & A in the ISACA journal about hating auditors, I had to dive in again.  Here’s the gist of the article, with my comments in italics. Although there’s some similarity to the posts I’ve mentioned above, they take a slightly different tack through the audit seas.

Auditors that do the following are “hated”…

Continue reading

4 Comments

Filed under Audit

Conclusion: Audit Server Disappeared

In Case File: Audit Server Disappeared, I noted that a friend of mine learned that  IT had, on its own prerogative, wiped a server belonging to Internal Audit because “it never appeared to be used.”

Some of you already commented on some of the issues involved in this incident and the normal IT activities that should have prevented this incident (or at least alerted IT that something was wrong). Let’s review those comments and I’ll add some other details and comments.

Continue reading

3 Comments

Filed under Audit, Case Files