Unless you are part of a very large company, or have to pass something like a SOX audit, normal (accounting) auditors don't know squat about system security - even the I.T. auditors.
I get the most idiotic questions about the system during our annual audit, but nothing worth blowing smoke at. These guys are Windows savvy, but not IBM i savvy. Do they care (or even know) that I have *AllObj security on production and development? "We're running at security level 40," I say; blank stares.
That said, I have been audited in the past by highly competent and thorough auditors. But those were D/P specific audits ("Financials? I don't need to see no steenking financials."). And I've learned a lot from those guys and gals; most notably not to volunteer something unless you want it to show up in the audit letter.
Jerry C. Adams
IBM System i Programmer/Analyst
--
B&W Wholesale
office: 615-995-7024
email: jerry@xxxxxxxxxxxxxxx
-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Bentley Pearson
Sent: Wednesday, May 20, 2009 3:16 PM
To: Midrange Systems Technical Discussion
Subject: RE: Is someone trying to hack my system?
Hey Rob, I know a couple of security consultants who would like to know
about that company! LOL.
SHOCKING.
Auditors would lock my doors over something like that. WOW.
Maybe I'm just paranoid.
Bentley Pearson
Vice President - Information Services
Southland National Insurance Corporation
1812 University Blvd
Tuscaloosa, Al
35403
205 345 7410
bpearson@xxxxxxxxxxxxxxxxxxxxx
-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of rob@xxxxxxxxx
Sent: Wednesday, May 20, 2009 3:08 PM
To: Midrange Systems Technical Discussion
Subject: RE: Is someone trying to hack my system?
And I've heard of a local company with telnet open to the net and
QSECOFR/QSECOFR. Stunning.
Rob Berendt
Date Prev
Date Next
Thread Prev
Thread Next
Indexes
Thread Index
Author Index
Date Index
Search
Home
List Info