News

10:58 AM
Connect Directly
RSS
E-Mail
50%
50%

3 Surefire Ways To Tick Off Compliance Auditors

Avoid these common mistakes to improve your chances for a smooth compliance audit.

Funny thing about auditors: They're not machines. They're people--people who are capable of pet peeves and whose emotions can color the way they approach their work. So wouldn't it make sense for an organization to do everything in its power to keep auditors happy since they hold your organization's compliance success in their hands?

We're not talking bribes or home-baked cookies. We mean engaging in common professional courtesy and a state of readiness that will smooth the way for an easier encounter. The following are three ways that organizations fail to do this on a regular basis.

1. Putting On Airs
Nothing steams an auditor like an IT staffer who tries to use jargon as a weapon, said Glenn Phillips, president of Forte, an audit firm that does IT security and HIPAA assessments.

"Many IT staff have learned that if they use big words or complicated technical language, management may leave them alone. It is also a means to show off how smart they are, and they may even learn to B.S. their way through things this way. After all, who will call them out?" Phillips said. "A good audit team won't fall for it and will know the language. But then management may be confused as to who to believe."

Not only does the baloney terminology and technical vagueness show the auditor there could be something the team is hiding, but it is also just plain insulting. Assuming the auditors don't have the technical mojo to keep up is a surefire way to hack them off.

"My biggest pet peeve as an IT auditor is when network administrators, developers, or any other positions that are more technical in nature attempt to undermine my technical knowledge. Because the developer assumes that I am technically inept, they think that they can give me a low-level answer [to] confuse me to believing that they know what they are talking about," said Andrew Weidenhamer, audit and compliance practice lead at SecureState. "Unfortunately for the developer, I used to be a penetration tester and used these types of vulnerabilities to break into organizations, which, in the end, simply makes the developer look silly."

Read the rest of this article on Dark Reading.

Role-based access control based on least user privilege is one of the most effective ways to prevent the compromise of corporate data. Our new report explains why proper provisioning is a growing challenge, due to the proliferation of "big data," NoSQL databases, and cloud-based data storage. Download the report now. (Free registration required.)

Comment  | 
Print  | 
More Insights
Cartoon
Slideshows
Audio Interviews
Archived Audio Interviews
Jeremy Schulman, founder of Schprockits, a network automation startup operating in stealth mode, joins us to explore whether networking professionals all need to learn programming in order to remain employed.
White Papers
Register for Network Computing Newsletters
Current Issue
Research: 2014 State of the Data Center
Research: 2014 State of the Data Center
Our latest survey shows growing demand, fixed budgets, and good reason why resellers and vendors must fight to remain relevant. One thing's for sure: The data center is poised for a wild ride, and no one wants to be left behind.
Video
Twitter Feed