Surviving a security audit

The main point of a security audit is not to try and strangle the auditor, he is just doing his job, although you might think he is there to make your life impossible.

I have put together a collection of posts, the configuration settings are all publicly available, mainly from VMware’s Hardening Guide, so there is nothing really new in the settings. I’ve included simple powerCLI commands that will help you quickly implement and provide evidence for multiple configuration items in seconds, unless that is, you prefer to wear your finger out making screen shots…

We need to understand how the technology relates to audit requirements, so I’ve included diagrams and tips on what you need to explain to the auditor, and include in your documented security policy.

 

Leave a Reply

Your email address will not be published. Required fields are marked *