On Mon, May 11, 2009 at 9:14 PM, Mark McCullough <[email protected]> wrote: > Nathan Hruby wrote: >> >> Screenshots are easier for auditors to embed in Word docs for >> reporting and generally is the same procedure that Windows admins use >> for documenting their controls. It sucks, but it's not without >> reason. > > Interestingly, in my experience, screenshots are not a primary means of > responding to an audit in Windows or Unix. That isn't to say that > screenshots aren't used, but I've only seen them quite rarely. Even web > page screen scrapes are generally done by other methods than a true > screen shot or image file. >
Depends on the technical level of the auditors, commitment to making audit easy of part of the IT group, and institutional culture -- Screenshots are still the lowest common denominator. Most of the places that I've been have asked for screenshots when a higher level tool wasn't available or wasn't understandable by the audit team. At one place the key phrase used by audit was "we don't read code so we can't trust yours." -n -- ------------------------------------------- nathan hruby <[email protected]> metaphysically wrinkle-free ------------------------------------------- _______________________________________________ Discuss mailing list [email protected] http://lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
