My favorite audit was 9 months long, politically motivated and of my then small part of the environment at the time.
Most of the stuff that was finally approved as 'recommended' was stuff I wanted anyway and had put in the report. The one major 'smoking gun' the 'security group' at the time thought they had found on me was an AV log on a server. They thought it showed that AV wasn't running, fortunatly, it was the wrong log and showed no such thing. I let it slide until right up near the end when I pointed it out in the draft review meeting with management along with the documentation showing why it was the wrong log and had a copy of the right one indicating proper operation. 15 pages of the audit report disappeared and most of my recommendations surivived to be implemented. My favorite quote from a team member, "The user manager tool must be removed from windows nt workstations as it copies the SAM accounts database locally which someone can then crack." Nine months later, the 'security team' was thanked for their service and let go. We're on our fifth generation of 'security team' since I have been here. While the current one has it's quirks, at least it's communicating more effectively and trying to focus on actual security stuff. Steven On Fri, Jul 1, 2011 at 12:01 PM, <[email protected]> wrote: > > anyone who has experienced an audit will find "do do" appropriate! > -- > richard > > Joseph Heaton <[email protected]> wrote on 07/01/2011 01:16:05 PM: > > > > he said do do... > > > > >>> Steven Peck <[email protected]> 7/1/2011 10:30 AM >>> > > Not sure I buy that. That's more a corporate culture type thing and > > the > > lawyers giving advice that management wants to hear. Some to avoid > > taking > > action, some to justify it. > > > > While we don't routinely monitor people, we do do occasional audits > > and > > reviews which result in some sort of action. Sometimes that action is > > managers warning, other times it's paycheck and door time. > > > > On Fri, Jul 1, 2011 at 10:18 AM, <[email protected]> wrote: > > > > > > > > I wish those two suggestions were adequate for us. Unfortunately, > > there is > > > a population of suers. We all know that suers stink! > > > > > > In other words, we're handcuffed by the necessity for HR to request > > a > > > monitoring first (and have it documented). Then and only then can > > that upon > > > which we stumble upon be dealt with. > > > > > > I have a few litigation holds assigned to me, and some of these are > > for > > > folks I've never even heard of. Even with those documented HR > > requests, > > > each incident is likely to result in an immediate lit hold. > > > > > > Talk about laws to protect the guilty!!! > > > -- > > > richard > > > > > > David Lum <[email protected]> wrote on 07/01/2011 12:10:03 PM: > > > > > > > > > > We already have one, they get it before logging in: > > > > "This computer system is the property of Northwest Evaluation > > > > Association (“NWEA”). Access to this system is limited only to > > > > organization authorized activity as described in the NWEA Handbook > > > > and additional policies. Any attempted or actual unauthorized > > > > access, use, or modification to this system is prohibited and is > > > > subject to administrative disciplinary action and civil and > > criminal > > > > penalties., The use of this system may be monitored and recorded. > > If > > > > such monitoring reveals possible evidence of criminal activity, > > the > > > > organization can provide the records to law enforcement. Each time > > > > you use this system (from personal or NWEA owned equipment), you > > > > consent to such interception, auditing, and related activity. > > > > > > > > > > > > Dave > > > > > > > > -----Original Message----- > > > > From: Kurt Buff [mailto:[email protected]] > > > > Sent: Friday, July 01, 2011 9:46 AM > > > > To: NT System Admin Issues > > > > Subject: Re: It isn't worth it > > > > > > > > "Periodic hardware and software inventory of all computer by IT is > > > > necessary for both legal and performance reasons, such as to > > maintain > > > > licensing compliance, network security and workstation > > performance. > > > > Any software or other files not in compliance with organization > > policy > > > > that are found on workstations during inventory will be summarily > > > > removed, and appropriate contacts, to include supervisor and HR > > > > personnel, will be notified.: > > > > > > > > > > > > There's your policy - submit it to HR. > > > > > > > > On Fri, Jul 1, 2011 at 08:49, <[email protected]> wrote: > > > > > > > > > > The problem is, IT must justify the actions that found the > > files, > > > > > applications, etc in the first place. It's pretty much, unless > > HR > > > directs > > > > > one to go searching a drive, one must not go search a drive. > > @#&%!!!! > > > > > -- > > > > > richard > > > > > > > > > > John Cook <[email protected]> wrote on 07/01/2011 10:38:46 AM: > > > > > > > > > >> Our policy is no software allowed that isn't approved and > > installed > > > > >> by IT - actions may be as harsh as termination. > > > > >> John W. Cook > > > > >> Systems Administrator > > > > >> Partnership for Strong Families > > > > >> > > > > >> ----- Original Message ----- > > > > >> From: Terry Dickson <[email protected]> > > > > >> To: NT System Admin Issues > > <[email protected]> > > > > >> Sent: Fri Jul 01 11:15:16 2011 > > > > >> Subject: RE: It isn't worth it > > > > >> > > > > >> Our policy is that "I" have the right to remove any software I > > find > > > > >> on a PC that is questionable. I can do this without informing > > > > >> anyone in advance. However I do have to report it and then > > > > >> Management will review it and see if the software is appropriate > > for > > > > >> that persons Duties. If so it can then be reinstalled. I have > > > > >> removed several software packages in the past some that were > > > > >> purchased and installed while I was out of the office and had to > > be > > > > >> reinstalled. Most stay gone, and I can tell you in our office > > it if > > > > >> was for games it would be GONE and stay GONE! > > > > >> > > > > >> -----Original Message----- > > > > >> From: David Lum [mailto:[email protected]] > > > > >> Sent: Friday, July 01, 2011 10:06 AM > > > > >> To: NT System Admin Issues > > > > >> Subject: RE: It isn't worth it > > > > >> > > > > >> How do you guys feel about finding a user who has password > > cracking > > > > >> / key code generator tools (for games, not work software), on > > their > > > PC? > > > > >> > > > > >> > > > > >> > > > > >> Dave > > > > >> > > > > >> > > > > >> > > > > >> From: Maglinger, Paul [mailto:[email protected]] > > > > >> Sent: Thursday, June 30, 2011 10:06 AM > > > > >> To: NT System Admin Issues > > > > >> Subject: RE: It isn't worth it > > > > >> > > > > >> > > > > >> > > > > >> Along with that are people that get fired for stealing. I'm > > not > > > > >> talking about people who embezzle thousands. I'm talking > > things > > > > >> like office supplies and equipment. Most of the time the items > > > > >> taken are a fraction of their pay. I mean really, you can't go > > to > > > > >> Office Depot and pick up a $5 ream of paper or pair of > > scissors? > > > > >> That makes less sense to me than a drug addiction. > > > > >> > > > > >> > > > > >> > > > > >> > > > > >> > > > > >> From: [email protected] [mailto:[email protected]] > > > > >> Sent: Thursday, June 30, 2011 11:48 AM > > > > >> To: NT System Admin Issues > > > > >> Subject: OT: It isn't worth it > > > > >> > > > > >> > > > > >> > > > > >> A bit of a sad note. I got an phone call from the director > > early > > > > >> last night. He couldn't get a hold of the supervisor so he > > called > > > > >> me. He told me to log in and cancel all network access and > > disable > > > > >> AD account for an employee in our department. Said employee had > > > > >> failed his drug test. > > > > >> He had been on probation the last few months and it seemed he > > was > > > > >> getting his head straight. Then this week he came in late for a > > > > >> staff meeting and even I noticed something wrong. He didn't > > look > > > > >> good, wiping his forward a few times, hair mussed up. Anyway, > > he > > > > >> took a drug test later that day and failed. > > > > >> Young guy, married for about two years and hooked on pain > > pills. > > > > >> Now he's out of a job and, I hope, not a wife, too. > > > > >> It isn't worth it. > > > > >> > > > > >> ~ Finally, powerful endpoint security that ISN'T a resource hog! > > ~ ~ < > > > > >> http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > >> > > > > >> --- > > > > >> To manage subscriptions click here: > > http://lyris.sunbelt-software. > > > > >> com/read/my_forums/ > > > > >> or send an email to [email protected] > > > > >> with the body: unsubscribe ntsysadmin > > > > >> > > > > >> ~ Finally, powerful endpoint security that ISN'T a resource hog! > > ~ ~ < > > > > >> http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > >> > > > > >> --- > > > > >> To manage subscriptions click here: > > http://lyris.sunbelt-software. > > > > >> com/read/my_forums/ > > > > >> or send an email to [email protected] > > > > >> with the body: unsubscribe ntsysadmin > > > > >> > > > > >> ~ Finally, powerful endpoint security that ISN'T a resource hog! > > ~ ~ < > > > > >> http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > >> > > > > >> --- > > > > >> To manage subscriptions click here: > > http://lyris.sunbelt-software. > > > > >> com/read/my_forums/ > > > > >> or send an email to [email protected] > > > > >> with the body: unsubscribe ntsysadmin > > > > >> > > > > >> ________________________________ > > > > >> CONFIDENTIALITY NOTICE: This e-mail and any attachments are > > > > >> confidential. If you are not the intended recipient, you do not > > have > > > > >> permission to disclose, copy, distribute, or open any > > attachments. > > > > >> If you have received this e-mail in error, please notify us > > > > >> immediately by returning it to the sender and delete this copy > > from > > > > >> your system. > > > > >> > > > > >> ~ Finally, powerful endpoint security that ISN'T a resource hog! > > ~ > > > > >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> > > ~ > > > > >> > > > > >> --- > > > > >> To manage subscriptions click here: > > http://lyris.sunbelt-software. > > > > >> com/read/my_forums/ > > > > >> or send an email to [email protected] > > > > >> with the body: unsubscribe ntsysadmin > > > > >> > > > > >> > > > > >> CONFIDENTIALITY STATEMENT: The information transmitted, or > > contained > > > > >> or attached to or with this Notice is intended only for the > > person > > > > >> or entity to which it is addressed and may contain Protected > > Health > > > > >> Information (PHI), confidential and/or privileged material. Any > > > > >> review, transmission, dissemination, or other use of, and taking > > any > > > > >> action in reliance upon this information by persons or entities > > > > >> other than the intended recipient without the express written > > > > >> consent of the sender are prohibited. This information may be > > > > >> protected by the Health Insurance Portability and Accountability > > Act > > > > >> of 1996 (HIPAA), and other Federal and Florida laws. Improper > > or > > > > >> unauthorized use or disclosure of this information could result > > in > > > > >> civil and/or criminal penalties. > > > > >> Consider the environment. Please don't print this e-mail unless > > you > > > > >> really need to. > > > > >> > > > > >> ~ Finally, powerful endpoint security that ISN'T a resource hog! > > ~ > > > > >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> > > ~ > > > > >> > > > > >> --- > > > > >> To manage subscriptions click here: > > http://lyris.sunbelt-software. > > > > >> com/read/my_forums/ > > > > >> or send an email to [email protected] > > > > >> with the body: unsubscribe ntsysadmin > > > > >> > > > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! > > ~ > > > > > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > > > > > > > --- > > > > > To manage subscriptions click here: > > > > > http://lyris.sunbelt-software.com/read/my_forums/ > > > > > or send an email to [email protected] > > > > > with the body: unsubscribe ntsysadmin > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > > > > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > > > > > --- > > > > To manage subscriptions click here: http://lyris.sunbelt-software. > > > > com/read/my_forums/ > > > > or send an email to [email protected] > > > > with the body: unsubscribe ntsysadmin > > > > > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > > > > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > > > > > --- > > > > To manage subscriptions click here: http://lyris.sunbelt-software. > > > > com/read/my_forums/ > > > > or send an email to [email protected] > > > > with the body: unsubscribe ntsysadmin > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > > > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > > > --- > > > To manage subscriptions click here: > > > http://lyris.sunbelt-software.com/read/my_forums/ > > > or send an email to [email protected] > > > with the body: unsubscribe ntsysadmin > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > --- > > To manage subscriptions click here: > > http://lyris.sunbelt-software.com/read/my_forums/ > > or send an email to [email protected] > > with the body: unsubscribe ntsysadmin > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > --- > > To manage subscriptions click here: http://lyris.sunbelt-software. > > com/read/my_forums/ > > or send an email to [email protected] > > with the body: unsubscribe ntsysadmin > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
