E-mail
Taking advantage of your IT Auditors
Dale Tuzewski
Abstract
You regularly have to deal with auditors in one way or another. This could be in a number of ways such as being directly responsible for providing evidence or by answering their questions. Why should you care about them? What can you do more easily to provide the required evidence and/or answers to their questions? More importantly, how can you use what they require/request/demand to satisfy their requirements and also increase the network and system security of your environment at the same time?
Audit time can be stressful. It can often cause you or your co-workers anxiety and stress. Auditors ask probing questions and request information and they need your responses quickly. Do your Auditors seem as though they are trying to catch you out? Does your business play the ìblame-gameî and use what the Auditors find to rake you and/or your team over the coals for each and every issue identified? Can you use what they require/request to go back to the organization and make an argument for an increase in budget or to argue to make changes that increase the network and system security and stability?
By discussing with the auditors what they are reviewing and what their focus is in regards to your information systems you can better understand how to more easily provide them with the data they require. By understanding what standards they are Auditing to (such as 27001, CobiT or Sarbanes-Oxley compliance), you can start to plan what you need to do and identify any changes that need to be made to help guarantee compliance.
Presenter Biography
Dale is an Information Security Specialist with CQR Consulting and has been in the information technology industry full time for 8 years. His main area of responsibility is to assess, recommend and implement business and technical solutions to mitigate IT and security risks Dale has spent the last 2 years helping a large mining company with their Sarbanes Oxley compliance and Information Security requirements. Before moving to CQR, Dale was employed to provide Information Systems support for small and large organizations in the areas of government and mining where auditors seem to thrive.
Auditors do not scare him as much as they used to.