Cynthia, don't go for one company to do the whole IT Audit. E.g an example E and Y are good in Management Security, but they aren't good on Security Assessments. SRS could be good in Financial Security Assessment, but they cant do a good job on vulnerability assessment or even in a Penetration Assessments, and story continues. So the question, is what you really need done? Whether your doing it for orientation or for concern issues. Personally i do security assessments, so i cant touch on Management security, financial security, etc. ./Chuks On 10/18/09, Areba Collins <arebacollins@gmail.com> wrote:
Yes. The idea behind an IT Audit is basically to ascertain that the IT infrastructure performs the way it was designed to. To do this, you need someone who is conversant with all elements of the system and that cant be a finance auditor. At best, you need a team of IT consultants with a project manager, security guy, network guy, etc.
On 10/18/09, Cynthia Wahome <cwahome@jambo.co.ke> wrote:
Jonia Chucks Thanx for the info.Then who in your view should do an IT audit. eg if chucks wants to audit his system.who does chucks go to? a fellow skunker :-)
This is an issue which has been there for a long time, that used by such big firms like KPMG etc. There is no way Finance Department can do an IT Audit unless they are doing a Financial Audit. This is a prank these firms are using, but looks like people are starting to learn, and soon they will be off business if they don't change.
Please read this post here, http://lists.my.co.ke/pipermail/security/2009-August/000566.html
Pretty interesting may i say.
On 10/18/09, Cynthia Wahome <cwahome@jambo.co.ke> wrote:
Dear All Let me get your thoughts on this.
Is it right for a Finance guy to come and do an audit to an IT department yet the Finance guy has no clue about IT. I wont name the audit firm here but i wonder,when they go to the net and download a form then they come and ask you silly questions makes me question them
People my question is this Who should do an IT audit? Finance People? or IT People I stand to be corrected
---------------------------------------------- This message has been scanned for viruses and dangerous content by Jambo MailScanner, and is believed to be clean. --------------------------------------------- "easy access to the world"
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke Other lists ------------- Announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science: http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi: http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester infosigmer@inbox.com
{FORUM}http://lists.my.co.ke/pipermail/security/ http://nspkenya.blogspot.com/ http://chuksjonia.blogspot.com/ _______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke Other lists ------------- Announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science: http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi: http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
---------------------------------------------- This message has been scanned for viruses and dangerous content by Jambo MailScanner, and is believed to be clean. --------------------------------------------- "easy access to the world"
---------------------------------------------- This message has been scanned for viruses and dangerous content by Jambo MailScanner, and is believed to be clean. --------------------------------------------- "easy access to the world"
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke Other lists ------------- Announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science: http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi: http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke Other lists ------------- Announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science: http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi: http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester infosigmer@inbox.com {FORUM}http://lists.my.co.ke/pipermail/security/ http://nspkenya.blogspot.com/ http://chuksjonia.blogspot.com/