Unitrends Why are you still using flash?
- 
 @thecreativeone91 said: Chrome doesn't have protected mode, and can browser the internet freely. IE in protected mode can only go to Windows KB/Update downloads and Intranet. Chrome nor firefox never passes on gui based windows servers. Never passes what? I'd flag IE in an audit before Chrome. If you are using the browser itself for blocking rather than more stringent controls, that alone should be a fail. Firewalls and proxies are far more secure than letting software self-regulate. 
- 
 Auditing is not something official. It's just hiring people, generally the least competent people, to go look at something for you. I've had auditors flag things like 'patching' as a process that had to be justified! 
- 
 @scottalanmiller said: Auditing is not something official. Depends on the compliance. There are many of them that I've had to follow that audit. If you don't comply your systems have to be taken offline til fixed. 
- 
 @thecreativeone91 said: @scottalanmiller said: Auditing is not something official. Depends on the compliance. There are many of them that I've had to follow that audit. If you don't comply your systems have to be taken offline til fixed. Yes, but "auditing" is just a random term. Like saying that "no admin will do X". But there is generally not just an admin who will, but many that will swear by it. Official audits, often, are very insecure. You do them to pass a cert, not to be secure. So while yes, there are "official" audits for things like PCI compliance, you don't use them when you want to just be audited for security. If you are doing a security audit, Chrome might easily pass and IE not. Windows itself might not even pass, but normally would. If you have audit backed by a vendor trying to make a buck or an auditor that is just using checkboxes, any random thing might or might not be allowed. But it is very important to not connect the actions of one audit with another. Many audits are at odds with each other. I've certainly been through audits that require things that would fail a more common audit process. 
- 
 @scottalanmiller said: @thecreativeone91 said: @scottalanmiller said: Auditing is not something official. Depends on the compliance. There are many of them that I've had to follow that audit. If you don't comply your systems have to be taken offline til fixed. Yes, but "auditing" is just a random term. Like saying that "no admin will do X". But there is generally not just an admin who will, but many that will swear by it. Official audits, often, are very insecure. You do them to pass a cert, not to be secure. So while yes, there are "official" audits for things like PCI compliance, you don't use them when you want to just be audited for security. If you are doing a security audit, Chrome might easily pass and IE not. Windows itself might not even pass, but normally would. If you have audit backed by a vendor trying to make a buck or an auditor that is just using checkboxes, any random thing might or might not be allowed. But it is very important to not connect the actions of one audit with another. Many audits are at odds with each other. I've certainly been through audits that require things that would fail a more common audit process. This +10000! 
- 
 
- 
 We had to replace power strips a few years ago because the auditors as of that year only accepted strips with some new code stamped on them, but where otherwise identical to the ones we already had. 
- 
 @Dashrender said: We had to replace power strips a few years ago because the auditors as of that year only accepted strips with some new code stamped on them, but where otherwise identical to the ones we already had. I remember you saying about that! 
- 
 @scottalanmiller said: @Dashrender said: We had to replace power strips a few years ago because the auditors as of that year only accepted strips with some new code stamped on them, but where otherwise identical to the ones we already had. I remember you saying about that! The crazy thing auditors want just to keep somebody employed... don't get me wrong.. we need audits to keep people honest, but at the same time it should be OK to find nothing wrong with those you're auditing too. 
- 
 @Dashrender said: @scottalanmiller said: @Dashrender said: We had to replace power strips a few years ago because the auditors as of that year only accepted strips with some new code stamped on them, but where otherwise identical to the ones we already had. I remember you saying about that! The crazy thing auditors want just to keep somebody employed... don't get me wrong.. we need audits to keep people honest, but at the same time it should be OK to find nothing wrong with those you're auditing too. It's the auditors that we have the hardest time keeping honest, though! 
- 
 We have auditors. They aren't a scam. Sometimes a bit misguided as some of the auditors have very little tech experience but not a scam. 
 
 However, I will make a point of saying that it's a government requirement and we all work for the same clowns.
- 
 @nadnerB said: We have auditors. They aren't a scam. Sometimes a bit misguided as some of the auditors have very little tech experience but not a scam. 
 
 However, I will make a point of saying that it's a government requirement and we all work for the same clowns.Government ones are the worst. CJIS is very strict. 
- 
 @thecreativeone91 said: @nadnerB said: We have auditors. They aren't a scam. Sometimes a bit misguided as some of the auditors have very little tech experience but not a scam. 
 
 However, I will make a point of saying that it's a government requirement and we all work for the same clowns.Government ones are the worst. CJIS is very strict. CJIS? What is that? 
 
 I'll go ahead and make up some silly alternatives because that's the way my head works.
 Courtroom Justice In Space
 Counter Jargon Idiot Spectrum
 Charles Jest Intolerable Stabber
 Can Julie Investigate Satchels
 Cruise Joke In Ship
- 
 @nadnerB said: @thecreativeone91 said: @nadnerB said: We have auditors. They aren't a scam. Sometimes a bit misguided as some of the auditors have very little tech experience but not a scam. 
 
 However, I will make a point of saying that it's a government requirement and we all work for the same clowns.Government ones are the worst. CJIS is very strict. CJIS? What is that? 
 
 I'll go ahead and make up some silly alternatives because that's the way my head works.
 Courtroom Justice In Space
 Counter Jargon Idiot Spectrum
 Charles Jest Intolerable Stabber
 Can Julie Investigate Satchels
 Cruise Joke In ShipCJIS is Criminal Justice Information Systems It's from the FBI. 
- 
 @thecreativeone91 said: @nadnerB said: @thecreativeone91 said: @nadnerB said: We have auditors. They aren't a scam. Sometimes a bit misguided as some of the auditors have very little tech experience but not a scam. 
 
 However, I will make a point of saying that it's a government requirement and we all work for the same clowns.Government ones are the worst. CJIS is very strict. CJIS? What is that? 
 
 I'll go ahead and make up some silly alternatives because that's the way my head works.
 Courtroom Justice In Space
 Counter Jargon Idiot Spectrum
 Charles Jest Intolerable Stabber
 Can Julie Investigate Satchels
 Cruise Joke In ShipCJIS is Criminal Justice Information Systems It's from the FBI. Oh, I see. That just screams boatloads of red tape, bureaucracy and migraines 


