[Gllug] Audit Season...

tid td at bloogaloo.co.uk
Sun Jun 28 20:24:10 UTC 2009


2009/6/27 Karanbir Singh <mail-lists at karan.org>:

> eg. I tend to middle finger most 'security auditors' who want to run
> intrusion detection stuff on the inside, using acl's put in place
> specifically for the audit.

You're lucky to be able to do that. Some of the sillier things I've seen
in Silly Season (AKA annual audit season) include

 "Please let us have your security audit and penetration audit
  results." - this from a US bank we were selling software to. I
  intially refused, and then in orders from higher up, ran a port
  scan on a test mail server on our test network. No further response.

 "Please list your internet-facing servers, showing OS and version and
  full patch history." Again I refused as it wasn't mandated by SOX. I
  replied that all internet-facing servers were patched to the latest level
  and were available for inspection upon arrival at our data center.

I guess the response will always be a political one, factoring in your
position in the company, who the auditor is, and what the information
is likely to be used for.

Tid
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug




More information about the GLLUG mailing list