Policy: September 2007 Archives

Auditors and Company Policy

Its always nice when your own auditors follow company policy. We have an external auditor in for the next 6 week in order to obtain FISMA certification. At the kickoff meeting, we told the auditors that they were not allowed to put their computers on our internal network, but they were more than welcome to use our guest wireless. This information was also on the account request form that they signed.

I had a feeling that they weren't going to follow our policy. We don't currently have a technical mechanism in place to enforce such a policy. I opened our DHCP management console and sure enough 5 computers had a DHCP lease with a computername and domain giving away that their owner was this auditing firm.

So I was able to bust them on that, and prove to them that we do review the logs and record anomalies in servicedesk.

By Roger on September 15, 2007 1:07 PM | | Comments (2) | TrackBacks (0)
« Policy: August 2004 | Main Index | Archives | Policy: June 2008 »

About this Archive

This page is a archive of entries in the Policy category from September 2007.

Policy: August 2004 is the previous archive.

Policy: June 2008 is the next archive.

Find recent content on the main index or look in the archives to find all content.

Policy: September 2007: Monthly Archives

Subscribe to feed Subscribe to this blog's feed
Add to Google
Please contact me by leaving a comment where appropriate. Otherwise, you can click here to reveal an email address for me.
Got Backups? Get Safe Online Remember Rick Rescorla Powered by Movable Type 4.2-en

Search