RSS Alerts

Share

More services

Bob Tarzey

Job title:
Analyst and Director, Quocirca Ltd

Biography:
Bob joined Quocirca in 2002, his main area of coverage is route to market for ITC vendors, but he also has a specific focus on IT security, network computing, systems management and managed services. Bob writes regular analytical columns and blogs for Computing, Computer Weekly, silicon.com, Computer Reseller News (CRN), Infosecurity Magazine and IT Director. He has has written for The Times, Financial Times and The Daily Telegraph and provides general comment for the European IT and business press. Bob has extensive knowledge of the IT industry. Prior to joining Quocirca in he spent 16 years working for US technology vendors including DEC (now HP), Sybase (now SAP), Gupta, Merant (now Serena), eGain and webMethods (now Software AG). Bob has a BSc in Geology from Manchester University and PhD in Geochemistry from Leicester University.

Tag Cloud

ComplianceSecurityhackingMalwarecloud securityWiFiDavid Harleycloud

Bloggers

Blog

Avoiding (awful) bad practice at audit time

Quocirca saw an estimate recently that IT security managers can spend as much as 30% of their time preparing for and delivering audits. This is mundane and uninteresting work and if it can be automated – all the better. However, recent Quocirca research, sponsored by sys-admin tools vendor Osirium, shows that less than 20% of organisations fully automate the gathering of data for audits and less than 10% automate the remediation of audit gaps.

What’s more, over 70% admitted that in some cases system administrators (sys-admins) made informal, uncontrolled changes to sys-admin procedures immediately prior to audits in order to meet the audit requirements, which then lapse following the audit, with 8% saying this was a regular practice. Obviously, this is extremely bad practice; if auditors uncovered the fact the procedures had been temporarily changed to satisfy them, then the audit would surely be failed anyway?

Osirium has published the research and some suggestions for achieving better practices as the first of its Alpha Files, a series of short reports on sys-admin, privileged user management and auditing practices. Quocirca will be publishing a new free report later in 2011 that will detail and analyse in detail all the new research.

Posted 18/10/2011 by Bob Tarzey

Tagged under:audit,compliance

Comment on this blog

You must be registered and logged in to leave a comment about this blog.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012