This article offers eight tips by auditors, consultants, and others who have been through IT security audits on what to look for in a compliance audit and how to beat these problems before the audit.
http://www.darkreading.com/document.asp?doc_id=128368
[Editor's Note (Valle): Since nobody passes security audits on the first try, it is good to learn from the wisdom of people who have been through it before.]
July 30, 2007 at 3:58 pm
i love #5 in this list – create a process to identify security anomolies and where they come from. common sense? perhaps, but i see tons of organizations that don’t have any tools to assist with this “no-brainer” process. …probably why the SIM/SEM market is still pretty slow.