This is the third of 3 posts; this post describes how I audited the auditors and my perspective on the whole thing.
Tag Archives: time
In this post, I want to expand on a problem I mentioned in an earlier post , 10 Signs Mgmt Doesn’t Really Support Analytics.
Audit management too often thinks that once a process or an audit is automated, ALL auditor/staff hours previously spent performing that process can be reassigned elsewhere.
That is not the case at all.
IT admins and IT auditors often don’t see eye-to-eye, and they don’t usually think their goals are similar.
The IT auditor just has to work a little harder to convince the IT admin of that. I’ve worn both hats, so I know it can be done.
CSO Simson Garfinkel notes that incorrect system time on your servers, clients, and devices (what I like to call “computer security clockwork”) can have the following effects:
- System logs are incorrect.
- Forensic investigations become more difficult.
- Scheduled jobs may occur too early, too late, or not at all.
- SSL certificate validity may be affected.
- Emails may be tagged as spam if they appear to have a future date.
- Electronic locks may open or lock inappropriately.