Hi David~ Any place I’ve ever worked as CTO/CIO we have been required to do an IT security audit. In my experience, it’s mostly CYA, but it can be a really good exercise in discovery for the IT person in charge. For example, they usually require passwords be changed every X days, which has ZERO security value, as well as pissing off users ;) (personal soapbox- sorry!) Anyhow, usually the auditor hands a form to the IT person to fill out, so I’d contact the auditor to get their requirements. Good luck! Lili > On Nov 7, 2016, at 10:29 PM, David Korpiewski <davidk at cs.umass.edu> wrote: > > A company that I work for in the Valley has a yearly audit done and the auditor has recently told the CEO that its now required to have a computer security audit. First I've heard of this, has anyone else heard of a required security audit when you get your books checked?? As the CEO wrote me: " This isn’t something they’ve made up; it’s a legal requirement that they give an opinion on the status of ours – specifically, if there are gaps, they are required to bring these to the attention of our board." > > Secondly, can anyone recommend a security auditor. I'm not talking someone who thinks they know what they are doing, but actually someone who has done security auditing and is certified to do so. > Thank you very much > > David > > > > -- > -- > > ============================================ > David Korpiewski > Software Specialist II > Department of Computer Information > and Computer Science > 413-545-4319 > ============================================ > _______________________________________________ > Hidden-discuss mailing list - home page: http://www.hidden-tech.net > Hidden-discuss at lists.hidden-tech.net > > You are receiving this because you are on the Hidden-Tech Discussion list. > If you would like to change your list preferences, Go to the Members > page on the Hidden Tech Web site. > http://www.hidden-tech.net/members -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.hidden-tech.net/pipermail/hidden-discuss/attachments/20161108/0808cf85/attachment.html