Wow.... anyone who works in information security would feel a little bit peeved here if they have been on the recieving end of audits from organisations like Deloittes.

Okay - mistakes happen, etc, etc - but it makes you wonder whether auditors are more interested in ticking off items on audit sheets than addressing the core issues around Information Security and Risk Management.

Like I said - it is always possible for someone "who should know better" to make a big mistake and circumvent POlicy/Procedure/etc - and this isn't always indicative of the culture of the organisation they work for BUT it does leave a sour taste in the mouth and the quote "Physician heal thyself" seems to resonate in my head.

Peace out.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/newsbriefs/147/654#654