Re: IT security audit providers

Giganews Newsgroups
Subject: Re: IT security audit providers
Posted by:  Steve Riley [MSFT] (steve.ril…@microsoft.com)
Date: Thu, 12 Jul 2007

Remember, the purpose of an audit is to measure how well (or not) you're
actually complying with your own policies. In other words, an audit answers
the question, "Are you doing the things that you say you should be doing?"
Without a security policy, there's very little that an audit can do for
you -- other than compare your (non-)performance against someone else's
checklist.

Steve Riley
steve.ril…@microsoft.com
http://blogs.technet.com/steriley

"Sean Curry" <scurr…@comcast.net> wrote in message
news:OrF4NQowHHA.34…@TK2MSFTNGP05.phx.gbl...
> Greetings,
>
> My company is preparing to do a first ever IT security audit and we are
> currently looking for potential providers to give us an unbiased "look in
> the mirror"  does anyone here have any suggestions or recommendations for
> a good audit firm?
>
> Thanks,
>
> --Sean Curry

Replies

None

In response to

IT security audit providers posted by Sean Curry on Mon, 9 Jul 2007