Rothke and Mundhenk: "We are all in favor of throwing incompetent auditors to the dogs. Conversely, any organization that refuses to remediate security gap findings should be given an injunction"
Well, sue the authors, then. They are the incompetent, when they don't know the limitations of their (?) audit work.
Auditors are NOT hired to ensure findings are fixed.
Auditors are ONLY hired to deliver the findings.
Management is accountable to resolve any issues.
On the contrary, if auditors would chase findigs resolution, they would be culpable of attempt to take control of (part of) the auditee, a.k.a. robbery.
I only wish this would come to fruition, where the insecure companies would have their internet connections suspended. If that would happen, data breaches would drop significantly.
Sue the Auditor and Shut Down the Firm
Rothke and Mundhenk: "We are all in favor of throwing incompetent auditors to the dogs. Conversely, any organization that refuses to remediate security gap findings should be given an injunction"
» View Article
Well, sue the authors, then.
They are the incompetent, when they don't know the limitations of their (?) audit work.
Auditors are NOT hired to ensure findings are fixed.
Auditors are ONLY hired to deliver the findings.
Management is accountable to resolve any issues.
On the contrary, if auditors would chase findigs resolution, they would be culpable of attempt to take control of (part of) the auditee, a.k.a. robbery.
Very well put!!!
I only wish this would come to fruition, where the insecure companies would have their internet connections suspended. If that would happen, data breaches would drop significantly.
charlie
Dirty Tricks: Social Engineers' Favorite Pickup Lines
Tabletop Exercises: 3 Sample Scenarios
19 Ways to Build Physical Security Into Your Data Center
Get instant notifications when whitepapers, webcasts and case studies are added to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
» More blogs
CSO Perspectives
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
Trend Micro ranked #1 against real-world malware. Read more.
64-page prescriptive guide to security, compliance, and IT operations.
Removing Barriers To Better Server Virtualization Efficiency
Mining for Gold: Cybercrime Prevention and the Role of Log Management
The Executive Guide to Data Loss Prevention
Organizations can spend up to 50% more on compliance efforts than necessary.
White Paper: A Security Blueprint Delivered From within the Network
Read the RSA report: Security for Business Innovation
Upgrading to VMware vSphere with vWire
Explore the increasing importance of log management as cybercrime threats grow.
The Tripwire HIPAA Solution: Meeting the Security Standards Set Forth in Section 164
Implementing Best Practices for Web 2.0 Security
Five Ways to Reduce Your IT Audit Burden
THE IDG NETWORK