A corollary to assume breach is to assume control failure. In the words of many a CIO, if you don’t check it then it wasn’t done. Anyone who has managed operations or service vendors knows that some IT workers have a different definition of done than you. Given time and exposure to the real world, things drift from their modeled description. Policies don’t match what people are doing. Project status updates are inflated. Network diagrams aren’t current or complete. Log data isn’t captured or if it is, the data slumbers unanalyzed somewhere. People leave the organization but their accounts ...
© Raymond Pompon 2016
Raymond Pompon, IT Security Risk Control Management, 10.1007/978-1-4842-2140-2_22
22. Internal Audit
Raymond Pompon1
(1)Seattle, Washington, USA
Get IT Security Risk Control Management: An Audit Preparation Plan now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
