- My Forums
- Tiger Rant
- LSU Recruiting
- SEC Rant
- Saints Talk
- Pelicans Talk
- More Sports Board
- Fantasy Sports
- Golf Board
- Soccer Board
- O-T Lounge
- Tech Board
- Home/Garden Board
- Outdoor Board
- Health/Fitness Board
- Movie/TV Board
- Book Board
- Music Board
- Political Talk
- Money Talk
- Fark Board
- Gaming Board
- Travel Board
- Food/Drink Board
- Ticket Exchange
- TD Help Board
Customize My Forums- View All Forums
- Show Left Links
- Topic Sort Options
- Trending Topics
- Recent Topics
- Active Topics
Started By
Message
re: Job with Ernst and Young
Posted on 5/20/23 at 9:27 pm to LemmyLives
Posted on 5/20/23 at 9:27 pm to LemmyLives
quote:
31,000 unpatched vulnerabilities in production? So what?
That's why you tune your vuln scanners to accept risk based on business stakeholder input. That and compensating controls. It's all about the compensating controls.
The problem I run into is the audit checklist morons who say they are "infosec experts" that have no ability to comprehend or process compensating controls.
Posted on 5/20/23 at 9:33 pm to Centinel
quote:
The problem I run into is the audit checklist morons who say they are "infosec experts" that have no ability to comprehend or process compensating controls.
Preaching to the choir. People don't understand nearly all auditors (or ex-auditors that work in 3rd party risk management, etc.) have an accounting degree and learned all they need to know about Windows Server security at a three day training in Cincinnati. I watched one consider the on prem mainframe as "out of scope" for a PCI DSS audit, because it was a mainframe. The quickest way to fool them is to bring up subnets and watch them pretend that being in two different class C subnets alone provides some sort of protection.
Popular
Back to top
Follow TigerDroppings for LSU Football News