Mastodon Feed
Reblogged by jsonstein@masto.deoan.org ("Jeff Sonstein"):
julie@merida.hair ("Juliet Merida (she/they) 🚝🏳️⚧️🏹🎯") wrote:
I had a meeting this morning with my Risk team and some external auditors and after I asked some questions I got a Slack message from my CISO saying "You sound like you've done this before."
It's my first time doing audit stuff at this job but I got a crash course in audit shenanigans back in 2011 when I started in security.
My first security job was when I joined the security team at the hospital system I worked for back in 2011. I was the first technical member of the team which was, until then, two people with audit backgrounds. But one of them worked at Radio Shack in the 1980s so she was definitely a computer expert, I guess?
Anyhow, I learned a lot about the basics of responding to auditors as a technical person.
The first rule is: *Ask clarifying questions"
The second rule is: *Threaten to overwhelm them with data if the answers are still unclear."
You mean you *don't* actually want 5TB of auth logs? Screenshots of assorted times across the audit period will work instead? *Imagine that!* 🤣