+1
From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Monday, December 20, 2010 9:32 AM To: NT System Admin Issues Subject: RE: Experience with doing IT Audits Also, Auditors are not your enemy, which a lot of IT managers think they are, if utilized correctly you can get a lot accomplished that is getting squashed by the politics etc etc in your companies. I welcome the auditors, it gives you a chance to see what is broken and look forward to fixing it. Especially when you been saying it all along and it falls on deaf ears, because people want to play the ostrich defense ( head in the sand) Z Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:ezi...@lifespan.org Cell:401-639-3505 From: Jim Holmgren [mailto:jholmg...@xlhealth.com] Sent: Monday, December 20, 2010 9:28 AM To: NT System Admin Issues Subject: RE: Experience with doing IT Audits BTDT too many times to count. For what it is worth, my advice when dealing with Auditors: 1) Only give the auditors what they ask for - do not volunteer any additional information. Most of the time, they just want to check the boxes and move on to the next person. You aren't doing yourself any favors by asking for more work. 2) Have written, approved policies and some way to prove that you follow them. Most of the time the guidelines do not get into specifics about the contents of the policies. They only say "you must have a retention policy and abide by it" - they generally don't say "you must keep emails for X days". Jim Jim Holmgren Manager of Server Engineering XLHealth Corporation The Warehouse at Camden Yards 351 West Camden Street, Suite 100 Baltimore, MD 21201 410.625.2200 (main) 443.524.8573 (direct) 443-506.2400 (cell) www.xlhealth.com<http://www.xlhealth.com> From: Maglinger, Paul [mailto:pmaglin...@scvl.com] Sent: Monday, December 20, 2010 9:22 AM To: NT System Admin Issues Subject: RE: Experience with doing IT Audits +10,000,000,000,002 From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Friday, December 17, 2010 4:36 PM To: NT System Admin Issues Subject: RE: Experience with doing IT Audits Likewise for PCI and NIST-800. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Carl Webster [mailto:carlwebs...@gmail.com] Sent: Friday, December 17, 2010 4:39 PM To: NT System Admin Issues Subject: Re: Experience with doing IT Audits I have done IT Audits for SOX Compliance. What would you like to know other than I hate, despise and detest doing them? Webster On Fri, Dec 17, 2010 at 3:24 PM, Juma, Lumumba <lcj...@icipe.org<mailto:lcj...@icipe.org>> wrote: Hi All, I need help from somebody who has been involved in doing IT audits for companies/organizations. We can communicate directly off the list. Many thanks, Juma. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin CONFIDENTIALITY NOTICE: This email, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and/or protected health information. Under the Federal Law (HIPAA), the intended recipient is obligated to keep this information secure and confidential. Any disclosure to third parties without authorization from the member of as permitted by law is prohibited and punishable under Federal Law. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. NOTA DE CONFIDENCIALIDAD: Este mensaje incluyendo cualquier anejo es para uso exclusivo del (los) destinatario (s) y puede incluir información confidencial y/o información de salud protegida. La Ley Federal (HIPAA) establece que el destinatario está obligado a mantener la información confidencial y sequra. HIPAA prohíbe y castiga cualquier divulgación a terceras personas sin autorización del afiliado o permitido por ley. Si usted no es el destinatario, redirija esta mensaje al remitente, y destruye cualquier copia existente del mensaje original. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
