Overheard - Avoiding common audit pitfalls - Overheard in the tech blogosphere

IT Knowledge Exchange

Register

Forgot Password

Site FAQ

Advertisement

Home > IT Blogs > Overheard in the tech blogosphere > Overheard - Avoiding common audit pitfalls

» VIEW ALL POSTS Feb 6 2009 12:55PM GMT

Overheard - Avoiding common audit pitfalls

Posted by: Margaret Rouse

Compliance, change managment, risk management, IT Governance

“Make no mistake — auditors will find fault with your systems, your processes, and the people who operate them. They’re auditors. It’s their job.”

Kelly Jackson Higgins, Experts share tips on how to avoid the most common pitfalls in an audit

If you missed Kelly’s article when it first came out, take moment and read through it. I bet you’ll learn something.

Key points I want to remember:

Two of their most common reasons for failing an audit are poor documentation and poor training programs.
It’s all about proving that data isn’t tampered with — from inside or out.

- Manage change in a consistent manner.
- Clearly define roles and permissions.
- Know who (and where) users are, what role they play and what permissions they have.
- Align physical security with IT security.
- Be ready to demonstrate how you monitor security.
- Be ready to demonstrate how you are able to detect and act on anomalies.
- Map security processes to business processes. A checklist isn’t enough.

Comment

RSS Feed

Comment on this Post

You must be logged-in to post a comment. Log-in/Register

Visit Home | News | White Papers | Videos | Resources

Ask an IT Question

About the Blogger

Margaret Rouse

I’m a technical writer and published author. I speak fluent Geek, Biz-speak, SAPanese, VAR and most Vendor dialects. I spend of a lot of my time translating these highly specialized languages into plain English. READ MORE

>> READ MORE ABOUT THE BLOGGERS

Browse This Blog's Tags

Word of the Day

brought to you by Whatis.com

OpenBSD
OpenBSD is a free operating system based upon the Berkeley Software Distribution (BSD) of UNIX developed at the University of California-Berkeley.

mobile marketing
Mobile marketing is promotional activity designed for delivery to cell phones, smart phones and other handheld devices, usually as a component of a mu...READ MORE

micro-botnet
A micro-botnet, also called a mini-botnet or baby botnet, is a small network of Internet-connected computers that have been hijacked to attack specifi...READ MORE

WAN clustering
WAN clustering, also called geoclustering, high-availability clustering or remote clustering, is the use of multiple redundant computing resources loc...READ MORE

Shared Assessments Program
In compliance, the Shared Assessments Program provides organizations with a way to obtain a detailed report about a service provider's controls (peopl...READ MORE

Are you a Know-IT-All?

brought to you by Whatis.com

VoIP security quiz
“The major threats a company faces in using VoIP is that, when improperly implemented, eavesdropping is pretty easy.” Randy Abrams, Th...READ MORE

Nieman Marcus Cookie Recipe
Ingredients 1/2 cup (1 stick) butter, softened 1 cup light brown sugar 3 tablespoons granulated sugar 1 large egg 2 teaspoons vanilla extract 1-3/...READ MORE

Are you a Know-IT-All? phishing kit
Our WhatIs.com Tech Term is phishing kit A phishing kit is a do-it-yourself collection of tools that makes it easy for someone who lacks technica...READ MORE

Are you a Know-IT-All? Ping
Our WhatIs.com Tech Term is ping Ping is an Internet program that allows a user to verify that a particular IP address exists and can accept requ...READ MORE

Know-IT-All Quiz - Facebook
Our WhatIs.com Tech Term is Facebook Facebook is currently the most popular free social networking website. It allows registered users to create ...READ MORE

Blog Roll

Help

Subscribe to Alerts

RSS feed of Overheard in the tech blogosphere

Community Blog | About Us | Contact Us | FAQ | Terms of Use | DMCA Policy

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organization's IT projects - with its network of technology-specific Web sites, events and magazines.

All Rights Reserved, Copyright 1999-2009, TechTarget | Read our Privacy Policy | Site Map

Podcast Powered by podPress (v8.8)