On Thu, Dec 4, 2014 at 10:49 AM, David Parter <[email protected]> wrote: > Great advice on working with the auditor and making security a team effort > for everyone. > > However: > > Your auditor should be someone you can depend on to help you improve state.. > not just point out problems. > > Unfortunately, from what I hear (we don't have these kinds of audits) too > many auditors don't even point our problems. Instead the give a list of > items that did not pass an arbitrary check-list that is not relevant to the > site, nor does it improve security.
\ I've done several rounds with auditors who had no idea how "cloud" (nay, even virtualization) or any services actually worked, and who had to be educated as the process went along. Is this common, or have I just been really unlucky across a number of years? [My bias would be to prefer someone with a relatively current picture of available technology and what is "normal-to-good" to someone who last touched a server in the NT4 days....] --e _______________________________________________ Discuss mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
