Reply to post: auditing == waste of time

Premera healthcare: US govt security audit gave hacked biz thumbs up

Bob Dole (tm)

auditing == waste of time

Having been through several "audits" I can categorically state that they are a complete and total waste of time.

The things they have you do to "secure" systems usually boils down to disabling certain things like SSL 3.0 and making sure you have a virus scanner on every single piece of equipment. In no way do they perform actual pen testing or even perform intelligent analysis of what is going on with the actual data.

In other words, these audits are basically over priced people checking things off a list and usually do close to nothing to combat actual security threats that are seen.

The ONLY way this is going to get better is if people that actually know what the hell they are doing are the ones in charge of auditing. The problem is that costs more. If you really want to fix this then it needs to be a huge financial cost. So much so that insurance companies will demand it of their clients before underwriting the policies.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon