Do security audits performed by internal auditors or external auditors assessing compliance for standards/regulators justify the time they take to collect the evidence to provide to the auditors?
Is it just "Security Theater" at the end of the day?
Am I the only one who feels this way? Audit/compliance evidence collection drudge work is awful.
How can I get auditors not to bother me or my people?
Examples of audits I'm talking about:
- PCI DSS
- SOC 2
- NIST
- SOX
- or any global regulations
NOTE: Moving post to #DataScience & Analytics to see if anyone has used data science to collect regulatory related data. Doesn't have to be security related data, would like to just know a few use-casea
#cybersecurity #security #audits #compliance #devops #devsecops #datascience #softwareengineer #operations
Want to see the real deal?
More inside scoop? View in App
More inside scoop? View in App
blind
SUPPORT
FOLLOW US
DOWNLOAD THE APP:
FOLLOWING
Industries
Job Groups
- Software Engineering
- Product Management
- Information Technology
- Data Science & Analytics
- Management Consulting
- Hardware Engineering
- Design
- Sales
- Security
- Investment Banking & Sell Side
- Marketing
- Private Equity & Buy Side
- Corporate Finance
- Supply Chain
- Business Development
- Human Resources
- Operations
- Legal
- Admin
- Customer Service
- Communications
Return to Office
Work From Home
COVID-19
Layoffs
Investments & Money
Work Visa
Housing
Referrals
Job Openings
Startups
Office Life
Mental Health
HR Issues
Blockchain & Crypto
Fitness & Nutrition
Travel
Health Care & Insurance
Tax
Hobbies & Entertainment
Working Parents
Food & Dining
IPO
Side Jobs
Show more
SUPPORT
FOLLOW US
DOWNLOAD THE APP:
comments
If you ever go to the cloud, AWS have brought out a pretty interesting service called AWS audit manager which automates and collects all evidence for you based on your security controls deployed. Pretty neat new feature which saves so much time.
Sounds like if they keep bothering you again and again then policies are not being followed to ensure compliance. Only way around this is to get to the root cause. Hope this helps.