Tuesday, August 09, 2005

CIOs Learn Very Little From Security Audits

ExtremeNano: "Security audits�often conducted by the same firms that handle financial audits�are supposed to be an outsider's expert view of how safe and secure a company's systems are. But in reality, many security audits today are executed under such tight restrictions that they reveal little that the CIO didn't already know.
In the recent massive Visa data theft case, Visa and CardSystems officials tried hanging some of the blame on the company�Cable & Wireless Security�that conducted an audit for CardSystems long before the data loss, saying that they should have identified then some sloppy practices."

No comments: