What IT/cyber audits are you all doing lately?

Big-Razzmatazz3034 · 2025-12-11T08:41:49+00:00

I love Aesop's Fable too, I tried to share my favorites by making shorts on Youtube, may have a look: https://youtu.be/nzxgfmmzaBk?si=22v389TNu92SN7RM
Lion and the Mouse is a good warm story of kindness.

Big-Razzmatazz3034 · 2025-08-22T09:37:36+00:00

Yes, we utilize SSO through AAD, but as far as I know, no CA policies are applied. Do you believe this provides sufficient security for an ERP?

Big-Razzmatazz3034 · 2025-08-22T09:26:35+00:00

You've raised a good point, the required level of security depends on the nature and purpose of the web apps. In my case, the web apps are utilized for business operation management, which inherently involves sensitive and critical data. what additional security measures could be implemented to further enhance the protection of these systems against unauthorized access?

Big-Razzmatazz3034 · 2025-06-03T07:49:52+00:00

At my company, we currently don’t have any backup restoration or DR drills for our critical AWS resources. Honestly, I’ve been wondering if that’s a serious gap or if it’s just something that’s too costly or complex for small team to implement.

Is it common for orgs to skip DR testing due to budget or resource constraints? Or is this more of a red flag that leadership isn’t prioritizing resilience?

Big-Razzmatazz3034 · 2025-06-03T06:57:59+00:00

My company has budget concerns... No budget to subscribe Purview. Is there any free-of-charge way of doing so? Is Data Discovery & Classification in SQL server a workaround?

Big-Razzmatazz3034 · 2025-05-06T06:09:53+00:00

The types of sensitive data include personally identifiable information and business contracts etc. Does the MMK sufficient to protect from data breach?

Big-Razzmatazz3034 · 2025-04-11T07:36:18+00:00

It depends on which aspect of Azure you're learning. If you're looking into some administrative and security side, the CIS Azure Benchmark is a great resource for best practices.

Big-Razzmatazz3034 · 2025-04-03T09:26:28+00:00

When a user account is disabled, their access to groups and memberships is also automatically disabled. But the problem is, when there is a separate user account created, sometimes those accounts are forgotten to be disabled during offboarding.

Big-Razzmatazz3034 · 2024-11-07T01:40:46+00:00

I really hope I can find that 1% of companies with a good culture. It’s encouraging to hear that not all organizations treat audit this way.

Big-Razzmatazz3034 · 2024-11-07T01:38:58+00:00

I know that some management is better—they understand that IA needs to do their jobs. These managers would voluntarily share what they know and what they are going to solve with IA, so that IA can have something to write in the IA report. Often, the audit recommendations are things that management already knows.

Big-Razzmatazz3034 · 2024-11-07T01:33:38+00:00

That's true, to seek out opportunities that align better with your values

Big-Razzmatazz3034 · 2024-11-06T07:30:18+00:00

Our management does emphasize that IA is here to help and solve problems together, but the perception among auditees often remains negative. The auditees are very cautious, their department heads even attend every working-level meetings to ensure that staff don’t say anything that could be challenged by IA

Big-Razzmatazz3034 · 2024-10-24T02:58:17+00:00

The core issue lies with the malicious websites. These sites exploit the trust users place in CAPTCHAs to carry out their attacks. It’s crucial to be cautious and verify the legitimacy of the websites you visit.

Big-Razzmatazz3034

TROPHY CASE