How to Avoid a Compliance Nightmare...
An IT Security Leader’s Story
It’s getting to be that time. Audit season is just a few months away and you have over 3,000 assets about to be heavily scrutinized by the poker-faced external audit team, who might as well just show up wearing FBI jackets for the amount of tension they induce.
You’re in charge of an IT estate that’s failed to secure approval for the last two years and things are to the point now where if this shave gets any closer, it will be the sword of Damocles that provides it.
But it gets worse. The solution you currently have in house, the one that desperately needs addressing to correct the previously identified shortcomings, is performing terribly, and being poorly supported by the vendor. Now isn’t that convenient!
You need File Integrity Monitoring (FIM) that works, systems configured to an acceptable benchmark, and critically, you need them all to stay that way with auditable proof that you’re in control of all production changes made to your ‘in scope systems’.
It’s the stuff of nightmares….and likely a rabbit hole you’ve be en down before.
Fortunately for you dear reader, this particular nightmare, while all based on real events, is at least for the time being restricted to the words contained herein. However, if this scenario feels in any way familiar, then please read on…