nanog mailing list archives
Re: Network security: The auditors point of view
From: Richard Forno <rforno () infowarrior org>
Date: Mon, 10 Dec 2001 09:38:28 -0500
The problem is a clear-cut conflict of interest when you have a professional services firm doing both financial auditing and network security reviews for the same company. It's a known fact that auditing firms make more money off of financial audits than network services, and I believe there are a few public cases where security reviews have been skewed/glossed over/spun in a manner not to piss the customer off, particularly when they are paying BIG BUCKS for the financial audit part of the contract. With respects, I for one would not want the same Big Whatever Firm doing my network security reviews if they were also doing my finances. It comes down to the question of do you want the truth, or the illusion of the truth? rf
From: Sean Donelan <sean () donelan com> Date: Sun, 9 Dec 2001 23:38:04 -0500 (EST) To: Patrick Greenwell <patrick () cybernothing org> Cc: David Lesher <wb8foz () nrk com>, nanog list <nanog () merit edu> Subject: Network security: The auditors point of view On Sun, 9 Dec 2001, Patrick Greenwell wrote:I have no personal knowledge of the DOI's infrastructure, and unless you do, I think we're all left to speculate as to whether or not the "home page server" of the DOI had access to the Indian trust data. My speculation would be that it does if it's Internet connected...The great thing about our government is public oversight. It may be embarrassing to the managers involved, but Interior's computer security is detailed in several places. Information Security: Weak Controls Place Interior's Financial and Other Data at Risk. July 3 2001. http://www.gao.gov/new.items/d01615.pdf DoI responds: "While this audit, as well as previous audits, have identified areas where NBC-Denver can improve its management controls, none of these audits has ever shown that the integrity of the financial data has ever been compromised. Our on-going operations have provided our customers accurate financial information and timely delivery of services."
Current thread:
- Re: USGS returns to the Internet, (continued)
- Re: USGS returns to the Internet Sean Donelan (Dec 09)
- Re: USGS returns to the Internet Randy Bush (Dec 09)
- Re: USGS returns to the Internet Patrick Greenwell (Dec 09)
- Re: USGS returns to the Internet Sean Donelan (Dec 09)
- Re: USGS returns to the Internet Patrick Greenwell (Dec 09)
- Re: USGS returns to the Internet David Lesher (Dec 09)
- Re: USGS returns to the Internet Valdis . Kletnieks (Dec 10)
- Network security: The auditors point of view Sean Donelan (Dec 09)
- Re: Network security: The auditors point of view Patrick Greenwell (Dec 09)
- Re: Network security: The auditors point of view Richard Forno (Dec 10)