by As a sys admin I hear a lot of funny stuff from users and other people that would probably be funny to other system administrators and others who are deep in IT business. So I decided to share the experience with you people here on LOPSA.
So Part 1 is: IT Audit
It’s funny how IT auditors here in my country (and probably everywhere in the world) are always asking the same questions, and by that I mean the questions that someone probably gave them as a guide to form their own questions, based on the environment they are auditing. That would make sense,
because environment is constantly changing and you can’t always ask the same questions… come on, not 4 years in a row! Yes this is the 4th year in the row that I’m listening to same questions. Now why is that strange? They always tell me that they have the answers from the last year audit, so I presume they are having a good insight in my environment. I’m expecting questions like “Based on a last year audit results, what are the changes you have made in this and that or there were no changes?”. But what I get is a list of a same questions they asked last year. I mean come on, you know what time loss is that for me and for every sys admin out there? Instead of spending 3-4 hours telling what changes we made, we need to reserve the whole week for IT audit. Here’s an example:
Auditor: How do you secure access to your system.
Me: Every user has an account in the domain environment of my company, and by having an account in domain environment, user is allowed to use core business applications.
3 or 4 questions after my answer auditor asks: How do you secure access to you core business applications?
Me:?????????? Could you PLEASE!!! stop blindly follow you question list and actually listen to my answers!
…till the next time, thanks for reading…