Re:Not as far fetched as it would seem
on
AI in Sci-Fi
·
· Score: 1
Maybe I can get that elevator to shut up about whatever it is so happy about.
Don't worry. The elevator is bi-polar... It'll be depressed in a few minutes.
Too often you'll get auditors that have a 'workplan' that is basically a checklist of questions they ask the sysadmins and other IT guys. That's a joke... what you want is a company that will send in real security practitioners that will really evaluate your security infrastructure.
KPMG used to be the first type of 'auditor'. They've changed their approach though and we recently had a KPMG team out for 2 weeks doing our annual security audit. (Only independant is annual, we constantly audit ourselves) They did a wonderful job and their deliverables come in two levels....one set for the managers and another set of deliverables for the IT / Security staff.
Another company that is very good and gets a lot of government contracts is SAIC. I would readily recommend either one.
One thing to look out for in other companies: Often the proposal they send you will list several bios of their technical staff. These usually sound great, but often these are not the people that actually perform your audit. Sometimes companies will even switch on you at the last minute. Make sure you insist that you see the bios and references of the people that will actually perform your audit.
Slashdot Mirror
Maybe I can get that elevator to shut up about whatever it is so happy about. Don't worry. The elevator is bi-polar... It'll be depressed in a few minutes.
Too often you'll get auditors that have a 'workplan' that is basically a checklist of questions they ask the sysadmins and other IT guys. That's a joke... what you want is a company that will send in real security practitioners that will really evaluate your security infrastructure.
KPMG used to be the first type of 'auditor'. They've changed their approach though and we recently had a KPMG team out for 2 weeks doing our annual security audit. (Only independant is annual, we constantly audit ourselves) They did a wonderful job and their deliverables come in two levels....one set for the managers and another set of deliverables for the IT / Security staff.
Another company that is very good and gets a lot of government contracts is SAIC. I would readily recommend either one.
One thing to look out for in other companies: Often the proposal they send you will list several bios of their technical staff. These usually sound great, but often these are not the people that actually perform your audit. Sometimes companies will even switch on you at the last minute. Make sure you insist that you see the bios and references of the people that will actually perform your audit.