Winning the Compliance Game

Why do companies fail audits? Inadequate access control for apps, app servers

September 7, 2006

2 Min Read
NetworkComputing logo in a gray background | NetworkComputing

Looking for tips on how to ace your next regulatory audit?

The Compliance Security Council, made up of the Institute of Internal Auditors, the Computer Security Institute, and Symantec, has been tracking what's working and what's not, says James Hurley, executive director of research for the Security Compliance Council and a director of research at Symantec.

The council, which will be renamed the IT Policy Compliance Group this fall, has gathered compliance benchmarks and anecdotal data from interviews over the past few months in a survey of over 1,000 organizations that have been through audits. Among its recent findings:

  • In the past year, about 85 percent of the organizations have been through one regulatory audit; 60 percent have been through two or more; and 80 percent, three or more.

  • 10 percent are having less than three IT compliance deficiencies (including security) a year; 20 percent, more than 15; and 70 percent, three- to 15 per year.

  • The biggest reasons for failing an audit: inadequate access control for applications and application servers, and inadequate documentation.

  • Organizations with the worst audit results only did internal audits once a year, and those with the best did them an average of every 21 days.

  • Whether their audit was successful or not, organizations didn't add any IT labor to their staffing.

Auditing woes mostly stem from improperly securing user machines and servers, according to the council's findings. "The problems being flagged in audits are in user and access controls on PCs and laptops, audit reporting and problems in configuration change management," Hurley says. "These are big areas where organizations are failing across the board, and most of these have to do with IT security."Get the full story at Dark Reading.

Kelly Jackson Higgins, Senior Editor, Dark Reading

Read more about:

2006
SUBSCRIBE TO OUR NEWSLETTER
Stay informed! Sign up to get expert advice and insight delivered direct to your inbox
Sign-Up

You May Also Like

More Insights
Webinars
More Webinars
Reports
More Reports

Editor's Choice

Enterprises investing in new infrastructure to support AI will have to choose between InfiniBand and Ethernet
Enterprise Connectivity
The Impact of AI on The Ethernet Switch MarketThe Impact of AI on The Ethernet Switch Market
byPam Baker, Contributing Writer
Sep 16, 2024
5 Min Read
Blue and purple digital cloud connecting apps and services with campus NaaS.
NaaS
Campus NaaS: Remaking the Campus NetworkCampus NaaS: Remaking the Campus Network
bySalvatore Salamone, Managing Editor, Network Computing
Jul 31, 2024
4 Min Read
DPUs are extensively used to accelerate AI and ML workloads by offloading tasks such as neural network inference and training from CPUs and GPUs.
Network Infrastructure
Harnessing DPUs & How DPUs are Changing Data CentersHarnessing DPUs & How DPUs are Changing Data Centers
byBob Wallace, Featured Writer
Jul 30, 2024
10 Min Read
Webinars
More Webinars
White Papers
More White Papers
Reports
More Reports
Live Events
More Live Events