Our company is preparing for a test audit in a week and a real audit by the end of the year. We have hired a consulatant, and to be as polite as I can: I’m not impressed.
I ask questions like “What specifically needs to be shown in the security log?” I get answers like “The report needs to show any problems that might have occured.”
I tried pinning him down and asking about specific event IDs for example, and got a deer in the headlights answer. The bottom line is that this person knows the very broad requirements, but none of the specific requirements of a Windows Server 2003 environment.
The auditor at the end of the year, unfortunately is not the some “consultant” we have helping us right now.
So, I am getting set up for failure at this point is my feeling.
I desperately need a specific list of what is audited in a Windows Server 2003 enviroment. I need to know where the auditors go and what they look at so I can pass this audit. I need to know what reports are needed and the best way to generate them.
So far all I seem to be able to find are generalities.
Any help anyone can offer would be great.
You must be logged in to reply to this topic.
Create a free account today to participate in forum conversations, comment on posts and more.