PRO+ Premium Content/Information Security magazine

Thank you for joining!
Access your Pro+ Content below.
November 2008

Collaboration with auditors will benefit information security programs

So it's coming up on the end of the calendar year (and for many, the fiscal year), which means it's time for one of the least favorite activities for security professionals. No, not budgeting, but audits. Yet rather than dread audits, we should actively look forward to them. Why? Because, to be frank, auditors as a rule get a lot more respect from the C-suite than we do. This means that auditors can be, and often are, our best chance to show what a good job we are doing and to get security projects funded. SOX 404, PCI and other regulations have only made this truer. Why do auditors have this advantage? They are viewed as independent observers who are supposed to report to executives in an unbiased manner using their controls as a metric. Most companies have two sets of auditors: internal auditors who help prep the company for the external audit, and external auditors who report their findings to the SEC. An open secret, however, is that most auditors as a rule want to help make your company and your security program better. ...

Access this PRO+ Content for Free!

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Features in this issue

  • Product Review: Symark PowerADvantage 1.5

    Symark's Symark PowerADvantage allows Unix hosts to become member servers of an AD forest and leverage AD's centralized user management and authentication capabilities.

  • Product Review: Shavlik's NetChk Compliance

    Shavlik's NetChk Compliance automates compliance and provides control by actively managing system and security settings and allows the IT manager to identify and mitigate risks.

Columns in this issue