How to Cheat at Managing Information Security

Chapter 5: Information Security Standards and Audits

Overview

The purpose of this chapter is to:

  • Provide a brief overview of information security standards

  • Provide a brief overview of various types of security audits

Anecdote

I don t dislike auditors, but as a profession it does seem to attract herds of the wrong kind of people all cufflinks and unsupported arrogance. I should know; I worked with them for long enough.

At the time I was well on the way to becoming a partner in one of these audit firms, mainly because I kept being engaged in very large security assignments. In Hong Kong, I was doing a job for a world-class bank. Everything was decidedly barely adequate in terms of firewalls, but I had yet to look at the routers and switches. In fact, the truth was, the firewalls were so bad that I was looking for good news on the routers to soften the blow. As a courtesy, I, the fledgling partner, was taken to meet the IT auditors (who had recently completed a review of the e-commerce firewalls and routers); the rest of the team had to stay and work. All the way up the stairs to the meeting, the senior partner told me how wonderful this team was, so when I arrived I was not surprised to see them perfectly dressed and well spoken.

Halfway through our meeting, I mentioned I had yet to do the routers and I immediately was reassured by the senior auditor, I checked the routers personally, no problems there. He even...

UNLIMITED FREE
ACCESS
TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Category: Network Firewalls
Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.