I have had management sign off on the risk after I estimated the effort it
would take to remediate an issue. Being a security geek myself, sometimes I
disagree with the risk; other times I think they're being reasonable. But I'm
not the one entrusted with that decision, after all.
But yeah,
We have such requirements related to the necessary need to restore data for
clients who have legal controls, old active archives for decades…, and keep
tapes in vaults in case of.
Next week we receive a client who needs to restore tapes created 10 years ago,
never read since on I platform, we
Wouldn't you agree that ultimately, the CIO or CTO or highest Information
Technology is responsible for any and all mishaps, including mistakes made by
auditors? Hiring the correct auditor and giving them the correct scope of work
which is the hiring companies responsibility.
I also saw this
Bob,
OK, most auditors don't shoot the survivors directly, but in many instances,
the company's management simply takes the auditors at their words and shoot the
survivors on behalf of the same auditors. In my career, I've been in both
positions; that of having blind management and having