Auditing & Logging
Active Ambassadors in This Topic
Community Posts
Is a comprehensive IT audit permanently on your checklist when stepping into a new CIO position? If not, what on your checklist is etched in stone?
26 views1 Comment
Executive Director, Strategic Sourcing & Site Services in Healthcare and Biotech6 days ago
Our Internal Aduit function is co-located within both our Finance & IT departments. As we are setting up specifications & process mapping for major CI projects, IA is invited to the table early to drive compliance and standardization. ...read more2 Replies
823 views4 Comments
Do you have any recommendations for an audit firm to evaluate general controls for retail POS? Why are they your choices?
Chief Supply Chain Officer3 months ago
I would recommend mid tier accounting firms like Crowe and Grant Thornton. They have deep expertise in various verticals.
1.2k views1 Comment
If you had to upgrade to Windows 11 manually, how long do you estimate it would take your team to complete the following capability check for: TPM (trusted platform module)
0 - 15 mins20%
15 - 30 mins71%
30 - 45 mins24%
+45 mins6%
2.5k views
The internal audit department of the Port of Antwerp-Bruges uses Caseware Idea as a audit analytics solution. We are searching for peer insights about usability, pro and cons, evaluation against other audit analytics tooling. Can anyone share some insights about this specific tool or about audit analytics tooling in general?
Director of Information Security6 months ago
CaseWare IDEA is a widely used audit analytics tool designed for internal auditors to perform data analysis and testing in various industries, including ports, logistics, and large organizations like the Port of Antwerp-Bruges. ...read more1
1.6k views1 Comment
The Cyber Resilience Act is here. How is your company currently affected by the launch of the Cyber Resilience Act?
We’ve made already significant changes to comply.36%
We’re in the process of assessing the impact.45%
We’re not affected.18%
242 views
What call detail record (CDR) reporting solution is your organization using?
Imagicle Call Analytics10%
ISI Infortel Select40%
Variphy Call Analytics and Reporting24%
Self-developed Solution14%
Other6%
We do not need/use CDR reporting6%
808 views
Group Director of Information Security in Banking7 months ago
In the cloud and digitalized world where more and more cloud shared responsibility models are taking away the management and maintenance aspects of hardware and software assets upto the layer of operating system (as in WebApps, ...read more1
Are you facing the same cost increase / risk on the timeline for the PCI DSS 2024 Audits?
CISO in Healthcare and Biotech7 months ago
The update to PCI DSS has introduced new validation and documentation requirements, increasing the cost and timeline of audits. These changes require more detailed evidence of compliance, affecting internal processes and ...read more2k views1 Comment
What is a ballpark annual price per endpoint for managed security services?
Senior Director Of Technology in Software2 years ago
Price will be in a range. For smaller ors, around 50$ per end point and for enterprises, can go upto 1500$ per annum due to data depth
3.7k views1 Comment
I'm seeking advice regarding a strategy for handling inactive accounts within directories. An auditor has requested a report on enabled accounts that haven't been logged in for over 90 days. While there are various approaches to solve this, I'm uncertain about the appropriate platform. Should this fall under the realm of a log/reporting, making it suitable for a SIEM solution (consolidating logs to generate a report)? Or does it delve deeper into an IAM concern (analyzing user accounts for inactivity and taking action)? Has anyone encountered a similar reporting or compliance scenario? I'm in search of guidance to make an informed decision on whether to approach this from a reporting angle or a more comprehensive IAM perspective. Your insights could serve as a deciding factor/tiebreaker to help me choose the most strategic path to address this scenario.
Chief Technology Officer in Media2 years ago
Handling inactive accounts for compliance can be tackled through a combination of SIEM for log/reporting and IAM for user account analysis and action, providing a comprehensive solution that meets both reporting and security ...read more4k views1 Upvote1 Comment
We are carrying out a migration implementation from Sap R3 to HANA, the process that is carried out by SAP requires extensive permits (sap*) for several Sap consultants and for an extended period of time (10 days), our compliance and audit department are objecting to these broad permissions, have you had this experience? What alternative controls have you implemented in these cases? We are analyzing several alternatives but some real experience would be useful if someone has solved it.
Executive Vice President, Chief Digital Officer & Head of Cybersecurity in IT Services2 years ago
Implement PAM before starting the project, so that all access and activities being done are recorded. In this way, you would know what has been done by these consultants on your environment. Additionally, you can deploy a ...read more914 views1 Upvote1 Comment
Sr Community Manager in Travel and Hospitality3 years ago
Todd Dekkinga Ryan Cushing Ryan Cook Rick Eastman Clay ...read moreWhat log management tool do you use and would you recommend it?
CIO in Education3 years ago
Splunk and yes
793 views1 Comment
CISO in Software3 years ago
1 year is standard in most cases
Incident reports, whether ...read more