Comment Re:The Necessity of Auditors (Score 1) 120
I call BS. I am the administrator of two SOX controls for our Workstation environment. One is a "Workstation Hardening" control (what a joke), and the other is some cluster about having to hit Ctrl-Alt-Delete to see if a user that doesn't exist on the machine or domain can log onto the computer(yes, I'm serious).
I've tried to help the auditors understand that my two controls make absolutely no sense, which basically fell on deaf ears. From an IT persons perspective, auditors are there to try to tell us how we should do our job, and the procedures we should take to do our jobs. Most of the auditors I've met can be completely snowed when it comes to technology, so why do we allow them to audit our environement?
The comment from this poster about "IT workers often can't be trusted"... Well... I'm really disappointed that someone that claims to be an IT person would actually say that. We are hired, and should be trusted, since a majority of us have our own checks and balances to make sure that our environment is secure, and it is in our best interest to make sure that it is. The problem usually is from processes and procedures developed by people that have absolutely no business being in IT.
BTW: I'm sure that this wrought with grammatical/spelling errors. Well... Get over it.
I've tried to help the auditors understand that my two controls make absolutely no sense, which basically fell on deaf ears. From an IT persons perspective, auditors are there to try to tell us how we should do our job, and the procedures we should take to do our jobs. Most of the auditors I've met can be completely snowed when it comes to technology, so why do we allow them to audit our environement?
The comment from this poster about "IT workers often can't be trusted"... Well... I'm really disappointed that someone that claims to be an IT person would actually say that. We are hired, and should be trusted, since a majority of us have our own checks and balances to make sure that our environment is secure, and it is in our best interest to make sure that it is. The problem usually is from processes and procedures developed by people that have absolutely no business being in IT.
BTW: I'm sure that this wrought with grammatical/spelling errors. Well... Get over it.
