Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Thursday, May 07, 2009

Expert Names Top 10 Audit Issues of 2009

As IT environments become more complex, enterprises rely on them more than ever before, said Michael Juergens, principle at Deliotte & Touche, speaking at the ISACA CACS audit and compliance conference.  Top challenges include cloud computing, virtualization, and a company’s own employees. There may be a greater or lesser risk depending on your industry, technology, business processes, and other factors,” he added.  He said that auditors should make a careful risk assessment at any enterprise that uses external cloud computing solutions.  Juergens added that virtualization, often a key component of private clouds, carries the same risks as public clouds.

During this economic downturn, many companies will face disgruntled employees and will need to be able to control their access.

“Specific attention items should be: timely removal of access, periphery security, internal security architecture, physical security and badge location, help desk procedures, workstation security and IDS management,” Juergens said.

Many help desks and incident response teams will be understaffed, and Juergens advised that now is a good time to re-examine security procedures.

Enterprise search tools are more powerful than before, but auditors must “review data classification schema, access management, index design and maintenance, and user training,” said Juergens.

IT organizations must have contingency plans in place in case a partner fails and must be able to monitor the status of the entire supply chain, including that part of it that is outside the company.

For those organizations pursuing green IT initiatives, auditors must monitor their effectiveness and their compliance with local and federal law.

Posted on 05/07