The Daily Security Audit
I got into the office early on Monday. My office is a fairly typical ten by ten interior office. Perhaps it has a bit more baseball memorabilia than most workspaces. I have serveral miniature baseball bats from the Louisville Slugger museum sitting on top of my bookshelf. I also have a six foot tall cardboard cutout of Ken Griffey Jr that stands guard behind my office door.
The office is just down the hall from the main doors that lead into our area, and just past the conference room and the breakroom. The former is normally empty the latter often is too.
Monday as I headed for the elevator, I briefly noticed someone was sitting in the conference room with his back to the door. As I made my way toward the elevators my brain matched a face with a name. It was my boss sitting there. That might not have been so strange except my boss lives three thousand miiles away in North Carolina.
What are you doing here?
The client is doing an accounting audit. The local guys are new to it, so I came out to help them.
One of my responsibilities is to assist with client security audits. (Not accounting audits, fortunately.) We do security audits four times per year. A security audit takes most of the day. We go through physical security, PC security, clean desk policies, backup systems, camera systems.
Failing a security audit is a pretty big deal. It puts our entire operation in jeapordy. I’m not exactly sure what would happen if we failed one. So far we haven’t. We’ve come close, but so far we’ve passed. Occasionally, the auditor will find something that is an issue. Maybe a BIOS password hasn’t been changed within the required window? Maybe there was a stray piece of paper on floor. (Yes, we’re pretty strict about our clean desk policy.)
In every case, we’ve been able to immediately resolve the issue.
But, it’s not just our ability to quickly resolve audit issues. It’s the fact that we treat every day like we are going to be audited. We don’t get unannounced security audits, but if we did, we wouldn’t be worried. The state of our operations that the auditor sees on his yearly visit is the same state as the day before and the day after.
I have two kids living at hom. One of them keeps his room immaculate. The other only cleans his room when he’s asked to, and then it takes him hours. He isn’t prepared for a clean-room audit every day.
And that brings me back to my walk down the hallway this week.
Was I worried that my boss flew 3000 miles, showed up in our conference room and didn’t tell me?
Maybe a little. But, honestly, I didn’t need to be. In fact, I spent my day on an outage call and he did his own stuff.
Be prepared for that audit daily. You never know who might appear in your conference room.
Rodney M Bliss is an author, columnist and IT Consultant. His blog updates every weekday. He lives in Pleasant Grove, UT with his lovely wife, thirteen children and grandchildren.
Follow him on
Twitter (@rodneymbliss)
Facebook (www.facebook.com/rbliss)
LinkedIn (www.LinkedIn.com/in/rbliss)
or email him at rbliss at msn dot com(c) 2019 Rodney M Bliss, all rights reserved