Particularly for common problems ignored by a lot of companies, such as having separate admin and regular accounts for your IT staff, and taking administrative rights away from the user base.
On 20 December 2010 14:32, Ziots, Edward <[email protected]> wrote: > Also, > > > > Auditors are not your enemy, which a lot of IT managers think they are, if > utilized correctly you can get a lot accomplished that is getting squashed > by the politics etc etc in your companies. > > > > I welcome the auditors, it gives you a chance to see what is broken and > look forward to fixing it. Especially when you been saying it all along and > it falls on deaf ears, because people want to play the ostrich defense ( > head in the sand) > > > > Z > > > > Edward E. Ziots > > CISSP, Network +, Security + > > Network Engineer > > Lifespan Organization > > Email:[email protected] <email%[email protected]> > > Cell:401-639-3505 > > > > *From:* Jim Holmgren [mailto:[email protected]] > *Sent:* Monday, December 20, 2010 9:28 AM > > *To:* NT System Admin Issues > *Subject:* RE: Experience with doing IT Audits > > > > BTDT too many times to count. For what it is worth, my advice when dealing > with Auditors: > > 1) Only give the auditors what they ask for – do not volunteer any > additional information. Most of the time, they just want to check the boxes > and move on to the next person. You aren’t doing yourself any favors by > asking for more work. > > 2) Have written, approved policies and some way to prove that you > follow them. Most of the time the guidelines do not get into specifics > about the contents of the policies. They only say “you must have a > retention policy and abide by it” – they generally don’t say “you must keep > emails for X days”. > > > > Jim > > > > > > Jim Holmgren > > Manager of Server Engineering > > XLHealth Corporation > > The Warehouse at Camden Yards > > 351 West Camden Street, Suite 100 > > Baltimore, MD 21201 > > 410.625.2200 (main) > > 443.524.8573 (direct) > > 443-506.2400 (cell) > > www.xlhealth.com > > > > > > > > *From:* Maglinger, Paul [mailto:[email protected]] > *Sent:* Monday, December 20, 2010 9:22 AM > *To:* NT System Admin Issues > *Subject:* RE: Experience with doing IT Audits > > > > +10,000,000,000,002 > > > > *From:* Michael B. Smith [mailto:[email protected]] > *Sent:* Friday, December 17, 2010 4:36 PM > *To:* NT System Admin Issues > *Subject:* RE: Experience with doing IT Audits > > > > Likewise for PCI and NIST-800. > > > > Regards, > > > > Michael B. Smith > > Consultant and Exchange MVP > > http://TheEssentialExchange.com > > > > *From:* Carl Webster [mailto:[email protected]] > *Sent:* Friday, December 17, 2010 4:39 PM > *To:* NT System Admin Issues > *Subject:* Re: Experience with doing IT Audits > > > > I have done IT Audits for SOX Compliance. What would you like to know > other than I hate, despise and detest doing them? > > > > > > Webster > > On Fri, Dec 17, 2010 at 3:24 PM, Juma, Lumumba <[email protected]> wrote: > > Hi All, > > > > I need help from somebody who has been involved in doing IT audits for > companies/organizations. We can communicate directly off the list. > > > > Many thanks, > > > > Juma. > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > > CONFIDENTIALITY NOTICE: This email, including attachments, is for the sole > use of the intended recipient(s) and may contain confidential and/or > protected health information. Under the Federal Law (HIPAA), the intended > recipient is obligated to keep this information secure and confidential. Any > disclosure to third parties without authorization from the member of as > permitted by law is prohibited and punishable under Federal Law. If you are > not the intended recipient, please contact the sender by reply e-mail and > destroy all copies of the original message. > > NOTA DE CONFIDENCIALIDAD: Este mensaje incluyendo cualquier anejo es para > uso exclusivo del (los) destinatario (s) y puede incluir información > confidencial y/o información de salud protegida. La Ley Federal (HIPAA) > establece que el destinatario está obligado a mantener la información > confidencial y sequra. HIPAA prohíbe y castiga cualquier divulgación a > terceras personas sin autorización del afiliado o permitido por ley. Si > usted no es el destinatario, redirija esta mensaje al remitente, y destruye > cualquier copia existente del mensaje original. > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > -- "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question." *IMPORTANT: This email is intended for the use of the individual addressee(s) named above and may contain information that is confidential, privileged or unsuitable for overly sensitive persons with low self-esteem, no sense of humour or irrational religious beliefs. If you are not the intended recipient, any dissemination, distribution or copying of this email is not authorised (either explicitly or implicitly) and constitutes an irritating social faux pas. Unless the word absquatulation has been used in its correct context somewhere other than in this warning, it does not have any legal or no grammatical use and may be ignored. No animals were harmed in the transmission of this email, although the kelpie next door is living on borrowed time, let me tell you. Those of you with an overwhelming fear of the unknown will be gratified to learn that there is no hidden message revealed by reading this warning backwards, so just ignore that Alert Notice from Microsoft. However, by pouring a complete circle of salt around yourself and your computer you can ensure that no harm befalls you and your pets. If you have received this email in error, please add some nutmeg and egg whites, whisk and place in a warm oven for 40 minutes.* ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
