At least they are beginning to ask better questions. Now we have to get them a Volume 2, 'The Right Questions To Ask When Auditing a VM System'
Alan, would IBM be interested in promoting a better list of auditing questions/checklists? /Tom Kern Rich Greenberg wrote: > On: Thu, Sep 24, 2009 at 05:07:11PM -0400,Les Koehler Wrote: > >> An idle user isn't necessarily a security exposure. The security audit >> question to be asked is: Does the company have a policy for securing >> terminals when the user isn't there and how do they enforce it? > > I agree. Those questions look like they were taken from an "Auditing a > VM system for dummies" book. >
