Đang chuẩn bị nút TẢI XUỐNG, xin hãy chờ
Tải xuống
To avoid delays, consider using a third party to provide interim internal audit resources as needed. Through an outsourcing relationship, management and the audit committee are able to focus on hiring the right people while simultaneously delivering results. As staff are recruited and hired, the outsourcing relationship can be scaled to a cosourcing relationship or eliminated. In considering your longer-term staffing needs, remember that internal auditing is a dynamic, changing field that is no longer defined by who does the work. In the past decade, leading companies have come to rely on cosourcing relationships to provide flexibility and skill sets that can be impractical to retain in-house | GUIDE r1 HOW TO PASS 4 AN IT AUDIT VF As told by an enterprise end-user who deployed QualysGuard Policy Compliance Table of Contents I. Objective II. Migration Process III. Fostering Buy-In from IT Owners IV. Results After We Deployed QualysGuard PC V. Lessons Learned from my Experience with Compliance Tools VI. Conclusion Q Qualys Guide How to Pass an IT Audit page 2 As a lead security analyst at a large Fortune 500 financial institution we re subject to many audits of our IT security. After trying several tools for Governance Risk and Compliance we recently switched to QualysGuard Policy Compliance as a practical way to automate management of IT controls verify compliance with policy and document everything for auditors. We were already a satisfied user of QualysGuard Vulnerability Management so it made sense to leverage those automated asset and vulnerability scanning capabilities that are integrated with the QualysGuard platform. We put QualysGuard PC straight to use on a pending audit of our UNIX environment which hadn t done so well in the previous examination. Deployment was painless and our security team loved the easy to use capabilities that freed their time to focus on policy creation and testing. Most important we passed the audit. The purpose of this document is to pass along tips we learned that may be useful as you consider adopting QualysGuard PC. Objective My goal was to get our systems into a steady state as quickly as possible to meet requirements of our compliance policies. Steady state is when systems are humming right along without major glitches. Systems management is eased by automatic discovery and remediation of anomalies during normal timeframes. And the computing environment will trend at about the 90 range of compliance. This may seem like nirvana to some of you who are using legacy GRCM tools but we have achieved this goal with QualysGuard PC. Migration Process I began the transition process to QualysGuard PC with the IT owners who .