@scottalanmiller said in What to ask for in a Cybersecurity Auditor ...:

@travisdh1 said in What to ask for in a Cybersecurity Auditor ...:

Let us know if you find a competent auditor. I've worked in IT for quite a few years and have yet to meet/find a decent auditor.

Do you want competence? Or do you want an auditor? You need to choose.

Exactly, lol!

@scottalanmiller
This may also help:
https://blogs.partner.microsoft.com/mpn/myth-busting-software-asset-management-and-compliance-audits/?ln=en-us
https://www.microsoft.com/en-us/licensing/learn-more/compliance-verification-faq

Things like:

Microsoft SAM programs are voluntary services... A compliance audit is a mandatory review of a company’s use of Microsoft’s products and services...
These compliance verifications are initiated across less than 5% of Microsoft’s licensing customers worldwide

But ignoring things like:

We believe that SAM can be a strategic advantage for all our customers

YOu can also do a free test from Qualys
https://www.qualys.com/free-services/
https://www.qualys.com/community-edition/

I just manually looked for events 7001 and 7002. got the job done.

@Dashrender said in O365 and encrypted mail to other email systems:

I don't look at it as bleakly as you do. You in no way told the receiver they couldn't receive it, you told them they have to use a different method to receive it. Is it a good experience - I'm not going to argue that point, frankly I don't care as long as it works.

But you did... you sent them an email and the email didn't include the payload, it told you to go look in another system for the payload that didn't arrive (the princess is in another castle.) Why did you need the email if email isn't delivering the message? It's obviously similar to failure... two systems are being used for a single thing. All they want is the payload, not a message telling them about a payload elsewhere.

@John-Nicholson said in Vmware Audit:

@thwr 7 days isn't actually that hard to meet with if your a Fortune 500 who properly tracks your licensing. If you don't then you need to ask for extra time (Which even Microsoft and Oracle will give you) and assistance (VMware has licensing optimization scripts that can be run even outside of audits to make sure your in compliance).

Do you just install Office on computers, and Windows and create Windows SQL servers without tracking your usage vs. licensing or do you just use BSD licensed software?

I'm in public EDU. We're running quite a bunch of MS products like SQL Server, SharePoint, Forefront UAG, System Center and others. I have a very exhaustive stack of paper about where we use what since when - and it's driving me nuts. It's very hard to keep track, especially in case of upgrades. Try to keep track of a machine upgraded since XP. Very funny.

That's why I am replacing quite a few things with FOSS alternatives wherever possible.

Not sure if this is helpful to you,

https://technet.microsoft.com/en-us/library/dd378867(v=ws.10).aspx

Import-Module ActiveDirectory function Get-ADUserLastLogon([string]$userName) { $dcs = Get-ADDomainController -Filter {Name -like "*"} $time = 0 foreach($dc in $dcs) { $hostname = $dc.HostName $user = Get-ADUser $userName | Get-ADObject -Properties lastLogon if($user.LastLogon -gt $time) { $time = $user.LastLogon } } $dt = [DateTime]::FromFileTime($time) Write-Host $username "last logged on at:" $dt } Get-ADUserLastLogon -UserName type-username-here

I was about to post a request. Has anyone prepared for ISO 27001:2005 audit? I've been asked to do an internal check to do a Gap assessment