Educause Security Discussion mailing list archives
Re: auditing courses
From: Valdis Kletnieks <Valdis.Kletnieks () VT EDU>
Date: Thu, 28 May 2009 15:36:17 -0400
On Thu, 28 May 2009 12:35:12 CDT, Keith Schoenefeld said:
If possible in your organization, I'd recommend that you (as an Information Technology Security Engineer) stay as far away from auditing as possible. In my opinion, security engineers and officers should be not be auditors.
Amen to that. However, even if you're not actually performing the audit function, it can be useful to have taken a course or two on it, so that you know where the auditor is coming from, what they need, and why they need what they ask for. And if nothing else, having some audit background yourself will tend to get the auditor out of your office faster - because you'll know what they want and why they want it. Heck, you may even re-work some of your sysadmin practices and procedures with an eye to making audits easier. Anybody who's re-done their logging infrastructure because of a painful audit knows what I mean... ;)
Attachment:
_bin
Description:
Current thread:
- auditing courses Youngquist, Jason R. (May 28)
- <Possible follow-ups>
- Re: auditing courses Melissa Guenther (May 28)
- Re: auditing courses Lazarus, Carolann (May 28)
- Re: auditing courses Todd Kucker (May 28)
- Re: auditing courses Singleton, Naomi (May 28)
- Re: auditing courses Keith Schoenefeld (May 28)
- Re: auditing courses Theresa Semmens (May 28)
- Re: auditing courses Valdis Kletnieks (May 28)
- Re: auditing courses Mehmedovic, Jenny (May 28)
- Re: auditing courses Plesco, Todd (May 29)