IT AUDITS ARE NOT THE ULTIMATE ANSWER

in STEMGeeks2 years ago (edited)

SUNDAY.png

So I had a question regarding audits making one secure. The question related to my article and post here Security Testing for Your SMB: What You Need to Know.

I will stick to my arena of experience in cyber with regard to ITSM and policy. Audits are good at pointing out flaws in your controls and compliance with regulations and standards.

However, in my experience, most audits are "gamed". Meaning organizations know they are coming, burn the midnight oil, and jump through the hoops to prepare for them, all because they weren't following policy and process, or don't have them in place at all.

What's your experience with audits of IT organizations?

Rhino_Logo_Clean.png

Joe "Rhino" Brochin is launching ITSM RHINO in the coming weeks, it is the pull-no-punches, casual-but-effective resource for renegade IT Pros who want to manage risk and add value through ITSM processes & IT Policy.
GET IN EARLY!

Note: All graphics within this post, including their images and elements, were sourced and generated from Canva.com, except when otherwise identified on the graphic.

Sort:  

Unrelated to It but I've got something analogous. While I was working in a private university, the management will go to any length to keep things in fine shapes once they know the the national University commission would be visiting. They even go as far as hiring fake staff to fill into different positions so as not appear understaffed. Who's bearing this brunt in a university settings? Maybe the staff and the student. Wondering who will be bearing the repercussions of not keeping to regulatory policies in It.

Wondering who will be bearing the repercussions of not keeping to regulatory policies in It.

Usually, the customer bears the ultimate repercussions, whether it be a patient, an investor, or a student, etc. It just depends on the country, the regulation, or standard and what it is meant to protect or regulate.

Congratulations @joerhino! You have completed the following achievement on the Hive blockchain and have been rewarded with new badge(s) :

You received more than 2500 upvotes.
Your next target is to reach 2750 upvotes.

You can view your badges on your board and compare yourself to others in the Ranking
If you no longer want to receive notifications, reply to this comment with the word STOP

Awesome, thanks a bunch!

You're welcome @joerhino 😊👍