March 8, 2005 at 10:40 pm
Comments posted to this topic are about the content posted at http://www.sqlservercentral.com/columnists/bkelley/securingsqlbackups.asp
K. Brian Kelley
@kbriankelley
March 21, 2005 at 2:03 am
Excellent article Brian, and one which applied equally to sysadmins and security managers. Highlights too the failings of auditors, who all too often seem to only be after ticks in boxes to obtain paper compliance, rather than really testing that the procedures that are in place actually work. Should be required reading for anyone who runs a business that relies on IT.
Jon
March 21, 2005 at 9:10 am
Exactly. Auditors seek evidence that you have valid procedures. Depending on the audit, they may not seek evidence you're actually following them. Also, even though you have it documented, that doesn't mean you're doing it. That's a key point. Sometimes a pair of eyeballs and a pen test is what is needed to verify everyone is keeping the organization safe. Independent auditors are an essential part of any organization's security posture. They aren't the only part, however.
K. Brian Kelley
@kbriankelley
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply