Subject: | |
From: | |
Reply To: | Johnson, Tracy |
Date: | Fri, 14 Sep 2001 10:11:53 -0400 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
I had an audit interview with Deloitte and Touche regarding
our security on our HP3000 in 1993. We were using Security/3000
and they were happy with our implementation. They wanted some
additional procedures in place so we stated that we' also
buy VEAudit/3000 before the next years audit. (So that
sandbagged them for another year.) I left before the next
audit but then I also left 3 months before they went belly up.
I learned after the audit that D&T wanted to recruit me, and
I turned them down.
Tracy Johnson
MSI Schaevitz Sensors
>-----Original Message-----
>From: Raymond Familar [mailto:[log in to unmask]]
>Sent: Thursday, September 13, 2001 5:26 PM
>To: [log in to unmask]
>Subject: Re: Help!! Auditors
>
>
>I have had similar problems with our internal auditors. They
>don't seem to
>understand that there are platforms other than NT and UNIX. Before I
>showed up to set up the systems, HP Security Monitor had been
>purchased.
>Audit had a number of issues with the product. One issue was that the
>security group had set up SecMon to log the use of NEWUSER and ALTUSER.
>That seems reasonable, but that also means that the password
>is recorded in
>the log in plain text. Yes, the user should change their password once
>they use that initial login, but there is no way to ensure
>that happens.
>HP wasn't much help with the SecMon. When we called to open
>an SR on that
>issue, the techs had no real knowledge of the product. I was told that
>they are using security/3000. Now we are moving to security/3000 after
>going PROD. Yes, lots of fun. My recommendation is to go with
>security/3000 and save yourself some headaches.
>
>* To join/leave the list, search archives, change list settings, *
>* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *
>
* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *
|
|
|