Auditors and Security Policies

For years auditors have simply asked for something and they've received it. In today's corporate environment, Security plays a large role in determining whether the auditors' requests are compliant with security policies, standards, and guidelines. Each security manager has the responsibility to assist with audits as a means of protecting the organization as well as its employees, customers, and shareholders while not weakening system defenses. This requires patience as the auditors learn how to work within the new constraints we've imposed on them, and it's our job as security professionals to assist as much as possible in training our auditors on secure means to get the information they need.

Read Tom Olzak's weblog post.