Tuesday, September 4, 2007

On IT Auditors...

Auditors are my biggest security problem.


You are all under the mistaken assumption that the purpose of an auditor is to improve your security and/or catch errors in accounting. Their purpose is to do neither. In fact, their purpose is to find nothing wrong, or at least nothing of substance that happened on current management's watch. They have to find the usual minor things, and it's OK, even salutary for them, if they find something huge that happened under prior management and dismissed auditors.

Interesting reading on the Dshield mailing list.

No comments:

Post a Comment

Please share your view and opinions on what I wrote. In order to maintain quality, all comments will be moderated for merit. Contributions that call me out on statements that appear unfounded, wrong, or simply with which you disagree are highly appreciated and are even encouraged. Spam and 'me too' answers will be ignored.