Audit of Security Operations Activities- An Auditee Perception!
First reaction of any security operations manager, when it comes to audit, is 'oh it's so painful'. And it actually is. Some auditors with no knowledge of the product or appliance, will come to you with approval of your senior and start asking questions (however, he will be polite)
You will feel that he is learning from you, the very basics of whatever you are doing. After his learning is over, he will come up with RFI (request for evidence). Now, whatever you have told him, it's time to prove that you do all those without fail. And also, for things that you don't do, confirm to him that you don't do. Here you are 'auditee'. Your auditor will scrutinize the sample that you have given to him and come up with the 'gap' and 'failure'. For the failures, you have to justify, not only to him, but also to your boss and seniors. And this turns out to be painful! You have to reply to all WHYs! At the end, you will come to know that there is hardly any mistake from your side or your team. All failures are because of product limitation, environmental issues or business requirements.
Needless to say, many many hours of crucial production goes in audit which involves discussion, providing evidences, maintaining evidences and finally providing justification and closing. There is no appreciation for this work. Only thing that you can expect at last is reprimand from your management. Being an auditee is absolutely thankless job!
Audit can be very helpful and is integral part of a matured organization. But, we still need to learn to appraise an auditee. We need to define KPIs (key performance indicator) for auditees too. It shouldn't be always an additional task to him. We need to remember that being an auditee, takes substantial time and effort.
About Security Community Blog
The Security Community Blog is the perfect place to share short, timely insights including product tips, news and other information relevant to the Security community. Any authenticated Connect member can contribute to this blog.
Comments
Audit?? Very crucial one..
Audit?? Very crucial one..
Thanks & Regards,
Srikanth.S
"Defeat the Defeat before the Defeat Defeats you"
(Swami Vivekananda)
Hi Sharma, I can understand
Hi Sharma,
I can understand from your point of view sometimes it is very hard to justify but unless these evidence are not in black and white the enterprise wont be in position to know whether everyone are complaint to as it is defined.
The good part what I could see is that you have brought a reality from business unit point of view that is the truth.
Thanks,
-Syed Hussain
But, audit is imp
But, audit is imp in any org...
I agree with Syed and
I agree with Syed and Thumarmilan...audit is really important for any organization...and it prevents from any wrong doings.
Thanks & Regards,
AR Sharma,
IBM Certified System Admin- Lotus Domino V7
ITIL V2 Certified
Nice AV
Hi AV,
Very nice article, thanks for sharing , I think this might be based on your exp.
keep posting such article,Audit point of view what can be done on endpoint security.?
Would you like to reply?
Login or Register to post your comment.