Even Jove nods. I'll never object to someone looking over my shoulder if they actually know what they're doing. We all see what we expect to see, and sometimes a second pair of eyes will spot something obvious that's been staring us in the face all along.
That said, I agree that an incompetent auditor is worse than no auditor; a bad one may demand something that actually weakens security. But should you stumble on a good auditor, keep him if you can. -- Shmuel (Seymour J.) Metz http://mason.gmu.edu/~smetz3 ________________________________________ From: IBM Mainframe Discussion List [[email protected]] on behalf of Carmen Vitullo [[email protected]] Sent: Tuesday, February 23, 2021 10:38 AM To: [email protected] Subject: Re: Are these auditors competent? was Re: Anyway to save ISRDDN output? I actually would rather have the IBM folks come in and perform their Health check. We had a team of IBM folks come onsite a couple of years ago to perform a checkup, I didn't like the fact our leadership had NO FAITH in me and my team to have the systems built and configured correctly . we passed with flying colors and we did get some good insight on some configuration changes we should review, I don't see any Auditor today knowing enough about my environment to help at all. Carmen Vitullo -----Original Message----- From: Seymour <[email protected]> To: IBM-MAIN <[email protected]> Date: Tuesday, 23 February 2021 9:26 AM CST Subject: Re: Are these auditors competent? was Re: Anyway to save ISRDDN output? Your faux auditors may be a RPITA, but a *qualified* auditor is a joy forever, should you be so fortunate as to be audited by one. They will find things that actually do need fixing, and will make it easier to get management buy-in for what needs to be done. -- Shmuel (Seymour J.) Metz http://mason.gmu.edu/~smetz3 ________________________________________ From: IBM Mainframe Discussion List [[email protected]] on behalf of Carmen Vitullo [[email protected]] Sent: Tuesday, February 23, 2021 8:39 AM To: [email protected] Subject: Re: Are these auditors competent? was Re: Anyway to save ISRDDN output? In my case that is true, the Auditor works for another Health care company, their parent company are HITRUST Cert Auditors, so these folks are not true auditors, they are hired to guarantee HITRUST certification. they do not know what an emulator is or have the need or desire to logon and gather the requirements they request, so anything can be spoofed ! I remember the auditors from the 70's and 80's when I worked for Sears, they came to the data center with their object deck and ran their programs to check and audit our systems, the knew the mainframe because most of these guys were SYSPROGS at one time Carmen Vitullo -----Original Message----- From: Radoslaw <[email protected]> To: IBM-MAIN <[email protected]> Date: Monday, 22 February 2021 5:45 PM CST Subject: Re: Are these auditors competent? was Re: Anyway to save ISRDDN output? W dniu 21.02.2021 o 19:55, Paul Gilmartin pisze: > On Sun, 21 Feb 2021 18:23:03 +0100, Radoslaw Skorupka wrote: >>> ... >>> When the only tool you've mastered is printscreen, everything >>> looks like a bitmap. >> That was the requirement: to make Windows printscreen - a bitmap. >> Did I forgot to mention it's plain stupid? >> > You mentioned that the volume requested was plain stupid. > > A possible justification for a bitmap beyond the requestor's ignorance > is that your setup involves an elaborate macro for an emulator not > supporting capture as text. > > And the emulator authors' justification for not supporting text capture > is that resources are better spent supporting that macro language > given that the OS supports graphic capture. > > But we were using Hummingbird Exceed which has text capture. > Simply, most users didn't care to learn the technique. No! No, and no! You assumed the auditor know the details and understand what emulator is. That's plain wrong. I learnt many years ago such auditors are uneducated, but they mask their ignorancy with some mask. This is complex topic, I cannot describe it clearly in English. -- Radoslaw Skorupka (looking for new job) Lodz, Poland ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
