![]() ![]() Process and documentation are important because they help ensure repeatability of results and keep everyone on the same page while doing a job. Auditors evaluate how something is done rather than what is accomplished. The conflict is an old one and has implications for IT security. The case is a good example of the conflict between the requirements of auditors who evaluate regulatory compliance and the demands on frontline administrators who must deal with real-world threats while keeping systems running. The Government Accountability Office said that the security of the commission’s Enhanced Secured Network was compromised because the FCC did not implement appropriate security controls and follow proper procedures in project development and deployment.īut FCC countered that the ESN was an emergency response, “designed to avoid an increase in security risks posed by delays in implementation,” and that even with cutting corners, “the FCC’s network is stronger, better, and more secure than it was before the commission started these upgrade efforts.” The Federal Communications Commission was dinged in a recent audit for cutting corners while upgrading network security in response to a breach.
0 Comments
Leave a Reply. |