So I had a question regarding audits making one secure. The question related to my article and post here Security Testing for Your SMB: What You Need to Know.
I will stick to my arena of experience in cyber with regard to ITSM and policy. Audits are good at pointing out flaws in your controls and compliance with regulations and standards.
However, in my experience, most audits are "gamed". Meaning organizations know they are coming, burn the midnight oil, and jump through the hoops to prepare for them, all because they weren't following policy and process, or don't have them in place at all.
What's your experience with audits of IT organizations?
GET IN EARLY!
Unrelated to It but I've got something analogous. While I was working in a private university, the management will go to any length to keep things in fine shapes once they know the the national University commission would be visiting. They even go as far as hiring fake staff to fill into different positions so as not appear understaffed. Who's bearing this brunt in a university settings? Maybe the staff and the student. Wondering who will be bearing the repercussions of not keeping to regulatory policies in It.
Usually, the customer bears the ultimate repercussions, whether it be a patient, an investor, or a student, etc. It just depends on the country, the regulation, or standard and what it is meant to protect or regulate.
Congratulations @joerhino! You have completed the following achievement on the Hive blockchain and have been rewarded with new badge(s) :
Your next target is to reach 2750 upvotes.
You can view your badges on your board and compare yourself to others in the Ranking
If you no longer want to receive notifications, reply to this comment with the word
STOP
Awesome, thanks a bunch!
You're welcome @joerhino 😊👍