|Subject:||Re: IT security audit providers|
|Posted by:||Steve Riley [MSFT] (steve.ril…@microsoft.com)|
|Date:||Thu, 12 Jul 2007|
Remember, the purpose of an audit is to measure how well (or not) you're
actually complying with your own policies. In other words, an audit answers
the question, "Are you doing the things that you say you should be doing?"
Without a security policy, there's very little that an audit can do for
you -- other than compare your (non-)performance against someone else's
"Sean Curry" <scurr…@comcast.net> wrote in message
> My company is preparing to do a first ever IT security audit and we are
> currently looking for potential providers to give us an unbiased "look in
> the mirror" does anyone here have any suggestions or recommendations for
> a good audit firm?
> --Sean Curry
IT security audit providers posted by Sean Curry on Mon, 9 Jul 2007