• Home
• News
  • Business Continuity News
  • Regional news
  • Sector news
  • Events Diary
  • Newsfeed
• Jobs
• Topics
  • BC: Facilities & Buildings
  • BC: General
  • BC: Markets & Companies
  • BC: Plan Development
  • BC: Software
  • BC: Statistics
  • BC: Testing & Exercising
  • Crisis Comms & Management
  • Critical Infrastructure Protection
  • Disaster Recovery
  • Emergency Management
  • Enterprise Risk Management
  • Operational Risk Management
  • Pandemic Planning
  • PS Prep
  • Standards
  • Terrorism
• Technology
  • Cloud Computing
  • Data Center / Centre Issues
  • ICT Continuity
  • Information Security
  • Recovery Facilities
• Newsletters
  • Subscribe
  • Manage Your Subscription
• Journal
  • About the BC & Resiliency Journal
  • Latest papers
  • Subscribe
• Resources
  • MyContinuity Central
  • BC software directory
  • Newsfeed
  • Twitter
  • Advanced BC information
  • Advanced ICT information
  • Basic BC information
  • Basic ICT information
  • Training
  • How to advertise
  • About us
  • Contact us
  • Privacy
• Training
  • General BC training
  • e-learning
  • BIA training

Sign up for Continuity Briefing
Never miss a news story: signup for our free weekly email newsletter.

REGIONAL PORTALS
Continuity Central currently offers three regional business continuity portals:
North America
United Kingdom
Asia Pacific / Australasia

Use Google? Click the button to add Continuity Central news to your Google home page.
Get immediate news and information updates via our Twitter feed.

Pre-audit ‘clean-ups’ create risks

Osirium has released findings from a new, independent, security focused research report. The study was commissioned by Osirium to highlight IT practices with hidden and potentially serious consequences that would have a major impact on businesses.

The most significant and worrying finding, according to David Guyatt, CEO at Osirium, was that “over 70 percent of those surveyed admitted that system administrators often make uncontrolled IT changes immediately prior to audits in order to meet compliance, after which they then let these changes lapse. If the auditors knew this was the case, they would surely fail the audit in the first place.”

These findings appear to suggest that organizations are willing to accept the risks associated with making such informal and uncontrolled changes rather than dealing directly with the costs of repeating failed audits which would also impact on resources and performance & analysis reports presented to senior management.

The report also highlights that IT staff typically spend as much as 30 percent of their time preparing for, and delivering, audits while less than 20 percent of the organizations polled fully automate the gathering of data for such audits. Fewer than 10 percent of those questioned said that they automate the remediation of audit gaps.

About the research
The research was completed by QuoCirca in August 2011 and 100 interviews were collected. At the time of answering the questions, those surveyed were not aware that the research was being conducted on behalf of Osirium. Respondents were qualified in as follows:
– Must be involved in IT management with one of the following job functions: IT manager, IT security manager, IT infrastructure manager
– Must answer yes to: “are you involved with, or knowledgeable in how your organisation views and manages issues relating to privileged users (that is how the granting of the extra privileges that IT administrators require to do their jobs is controlled), the automation of IT admin tasks and how these issues relate to your organisation’s ability to meet the regulatory requirements that govern it?”

www.osirium.com

•Date: 29th September 2011 • Region: World •Type: Article • Topic: ICT continuity